Imagine your AI assistant not just finding products for you, but actually securely purchasing them. Google’s new Agent Payments Protocol (AP2) is built with that future in mind. AP2 creates cryptographic contracts that link AI-driven purchases directly back to the human who authorized them: providing safety, accountability, and a verifiable audit trail.
That's a big step forward. But it also changes the risk and fraud model for payments. If machines can transact on our behalf, fraud, compliance, and accountability all must evolve too.
What is Google's Agent Payments Protocol (AP2)?
Today’s payment systems assume a human clicks "buy." AP2 redefines that assumption with digital mandates:
Intent Mandate: The user authorizes what the AI agent can do (e.g., “buy shoes under $100”).
Cart Mandate: The specific item and price are locked in once found.
Both mandates are cryptographically signed. Together, they form a secure, replayable audit trail linking a human's delegation to an agent's action. Merchants and payment providers can verify this trail before approving transactions.
The result? Clear proof of who authorized what and less ambiguity when agents act on behalf of people.
Why AP2 payments matters for the payments and risk industry
The implications for e-commerce and fintech are massive.
Agents as first-class actors: AI systems need identity, attestation, and reputation, just like merchants and issuers.
Composite transactions: Each payment blends agent context, merchant data, and payment rail information. Risk models must account for all three.
Delegation and liability: Mandates define what an agent can do. Liability flows from the chain of delegation: person → agent → merchant → payments.
Item-level risk analysis: Because agents transact at SKU level, risk analysis must go deeper than "card + merchant."
Auditability — Replayable evidence is essential for disputes, regulatory compliance, and consumer trust.
Industry analysts estimate that over 50% of e-commerce spend could be agent-assisted in the coming years. That's more than $1 trillion in transactions shifting to a new model, one that won't scale unless the risk layer evolves in lockstep.
How we're thinking about AP2 and risk at Oscilar
At Oscilar, we see AP2 as a forcing function to reimagine risk management. Most fraud controls today — such as velocity checks, step-up authentication, and manual reviews — sit at the point of transaction and won't scale in an AI agent-driven payments world.
Instead, trust must be embedded upstream in the mandate (cryptographic contract) itself. Once that delegation from the user is secured, execution between agent, merchant, and payment rail can flow with minimal friction.
Here’s how Oscilar is adapting our platform:
1. Agent Digital Identity
We create an alternate Agent ID the way device fingerprinting works today: by combining IP, headers, request structures, and usage patterns. This forms a statistical digital DNA that lets us recognize and track agents across sessions.
2. Behavioral Profiling & Trust Scoring
Each agent earns a behavioral trust score based on mandate handling, transaction success rates, and dispute frequency. This becomes an agent reputation system, which parallels how merchants and issuers are scored today.
3. Composite Data Streams for Machine Learning
AP2 introduces rich transaction context: Agent + Mandate + Merchant + Payment Rail. Oscilar’s streaming architecture ingests this data in real time, feeding ML models that detect anomalies.
4. Real-Time Risk Orchestration
Oscilar becomes the decision layer where signals converge to:
Validate mandates (intact, unrevoked, within limits).
Assess agent trustworthiness.
Score merchant and payment channel risk.
Deliver allow / step-up / deny decisions in milliseconds.
This isn't a retrofit of old fraud tooling. Oscilar is a natively AP2-ready system designed for agents, mandates, and humans as co-equal actors in the risk graph.
Our goal: Make agent-driven commerce as trustworthy and auditable as if the user clicked "buy" themselves without slowing anything down.
Looking ahead: E-commerce with AI agents
AP2 is an ambitious start. It creates a common language for secure agent-driven payments. But the real challenge for the industry lies in building trust and accountability on top of it.
At Oscilar, we’re focused on:
Strengthening digital identity
Using behavioral profiling to create agent reputation systems
Leveraging real-time orchestration to make every agent-initiated purchase is within the boundaries of what the user approved and nothing more
Because the future of payments isn't just people paying people, it's people delegating payments to machines. And that only scales if trust is built in from the beginning.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 48 48" xmlns="http://www.w3.org/2000/svg"><g d="M 0 48 L 0 0 L 48 0 L 48 48 Z M 44.457 0 L 3.543 0 C 2.604 0 1.702 0.373 1.038 1.038 C 0.373 1.702 0 2.604 0 3.543 L 0 44.457 C 0 45.396 0.373 46.298 1.038 46.962 C 1.702 47.627 2.604 48 3.543 48 L 44.457 48 C 45.396 48 46.298 47.627 46.962 46.962 C 47.627 46.298 48 45.396 48 44.457 L 48 3.543 C 48 2.604 47.627 1.702 46.962 1.038 C 46.298 0.373 45.396 0 44.457 0 Z M 14.307 40.89 L 7.09 40.89 L 7.09 17.967 L 14.307 17.967 Z M 10.693 14.79 C 9.875 14.785 9.076 14.538 8.397 14.08 C 7.719 13.622 7.192 12.973 6.882 12.215 C 6.572 11.458 6.493 10.625 6.656 9.823 C 6.819 9.021 7.216 8.285 7.796 7.708 C 8.377 7.131 9.116 6.739 9.919 6.581 C 10.722 6.423 11.554 6.507 12.31 6.822 C 13.066 7.137 13.711 7.668 14.165 8.35 C 14.619 9.031 14.861 9.831 14.86 10.65 C 14.868 11.198 14.765 11.742 14.558 12.25 C 14.351 12.757 14.044 13.218 13.655 13.604 C 13.266 13.99 12.804 14.295 12.295 14.498 C 11.786 14.702 11.241 14.801 10.693 14.79 Z M 40.907 40.91 L 33.693 40.91 L 33.693 28.387 C 33.693 24.693 32.123 23.553 30.097 23.553 C 27.957 23.553 25.857 25.167 25.857 28.48 L 25.857 40.91 L 18.64 40.91 L 18.64 17.983 L 25.58 17.983 L 25.58 21.16 L 25.673 21.16 C 26.37 19.75 28.81 17.34 32.533 17.34 C 36.56 17.34 40.91 19.73 40.91 26.73 Z" fill="transparent" height="48px" id="A5T6uKfK_" width="48px"><path d="M 0 48 L 0 0 L 48 0 L 48 48 Z" fill="transparent" height="48px" id="r3GTWfzZo" width="48px"/><path d="M 44.457 0 L 3.543 0 C 2.604 0 1.702 0.373 1.038 1.038 C 0.373 1.702 0 2.604 0 3.543 L 0 44.457 C 0 45.396 0.373 46.298 1.038 46.962 C 1.702 47.627 2.604 48 3.543 48 L 44.457 48 C 45.396 48 46.298 47.627 46.962 46.962 C 47.627 46.298 48 45.396 48 44.457 L 48 3.543 C 48 2.604 47.627 1.702 46.962 1.038 C 46.298 0.373 45.396 0 44.457 0 Z M 14.307 40.89 L 7.09 40.89 L 7.09 17.967 L 14.307 17.967 Z M 10.693 14.79 C 9.875 14.785 9.076 14.538 8.397 14.08 C 7.719 13.622 7.192 12.973 6.882 12.215 C 6.572 11.458 6.493 10.625 6.656 9.823 C 6.819 9.021 7.216 8.285 7.796 7.708 C 8.377 7.131 9.116 6.739 9.919 6.581 C 10.722 6.423 11.554 6.507 12.31 6.822 C 13.066 7.137 13.711 7.668 14.165 8.35 C 14.619 9.031 14.861 9.831 14.86 10.65 C 14.868 11.198 14.765 11.742 14.558 12.25 C 14.351 12.757 14.044 13.218 13.655 13.604 C 13.266 13.99 12.804 14.295 12.295 14.498 C 11.786 14.702 11.241 14.801 10.693 14.79 Z M 40.907 40.91 L 33.693 40.91 L 33.693 28.387 C 33.693 24.693 32.123 23.553 30.097 23.553 C 27.957 23.553 25.857 25.167 25.857 28.48 L 25.857 40.91 L 18.64 40.91 L 18.64 17.983 L 25.58 17.983 L 25.58 21.16 L 25.673 21.16 C 26.37 19.75 28.81 17.34 32.533 17.34 C 36.56 17.34 40.91 19.73 40.91 26.73 Z" fill="rgb(255, 255, 255)" height="48px" id="E2cfsU1h0" width="48px"/></g></svg>)
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 48 48" xmlns="http://www.w3.org/2000/svg"><path d="M 34.653 0 L 41.4 0 L 26.659 16.847 L 44 39.772 L 30.422 39.772 L 19.788 25.868 L 7.62 39.772 L 0.869 39.772 L 16.635 21.752 L 0 0 L 13.922 0 L 23.535 12.709 Z M 32.285 35.734 L 36.023 35.734 L 11.891 3.826 L 7.879 3.826 Z" fill="rgb(255, 255, 255)" height="39.7719px" id="qviy7C94G" transform="translate(2 3.808)" width="44px"/></svg>)
