Autonomous issue No. 2 - The Protocol wars
Imagine a procurement AI agent at a mid-sized enterprise receives instructions to reorder raw materials from an approved supplier, up to $50,000. The agent moves quickly. It checks inventory, confirms pricing, generates a purchase order and then stops cold!
The payment rail it needs to reach requires Mastercard’s Verifiable Intent credential. But the enterprise’s payment processor is integrated with Visa’s Intelligent Payments framework. The agent’s orchestration platform was built against Google’s Universal Commerce Protocol.
The technology works. The authorization is legitimate. The transaction is valid. But the protocols don’t agree, and the agent cannot complete the payment.
This is not a hypothetical. It is the operational reality facing developers, merchants, and finance teams building for agentic commerce right now.
Why standards happen – And why this one is different
Every transformational technology goes through a protocol war. TCP/IP vs. OSI. VHS vs. Betamax. USB-C vs. everything that came before it. The pattern is consistent: multiple well-funded players race to establish their standard as the default, knowing that whoever wins the standard wins the market. And in many cases, wins the liability framework that governs it.
What makes the agentic commerce protocol war different from its predecessors is not the number of players or the speed of the race. It is the stakes.
These protocols are not merely technical specifications. They are governance frameworks. They determine what counts as valid authorization when an AI agent initiates a transaction. They define who is liable when something goes wrong. They establish the audit trail that regulators will eventually demand as evidence that agentic payments were properly governed.
In previous protocol wars, the losers walked away with bruised revenue projections. In this one, the losers may walk away with regulatory exposure.
The protocols & the contenders
Six players have established meaningful positions in the race. Each solving a slightly different piece of the same problem, and each having a different answer to the question of who should ultimately control the agentic payment standards.
Mastercard — Agent Pay + Verifiable Intent
Mastercard’s Verifiable Intent, announced in March 2026 and immediately open-sourced on GitHub, links a consumer’s identity, their specific instructions, and the transaction outcome into a single tamper-resistant cryptographic record. The record travels with the payment, creating a portable audit trail that any party can consult in a dispute.
The open-source move seems deliberate. Mastercard is betting that broad developer participation is what makes a trust standard stick. And that no single company’s proprietary framework can achieve the adoption needed to govern an industry.
Visa — Trusted Agent Protocol
Visa has the first-mover advantage in live transactions. By December 2025, hundreds of secure agent-initiated transactions had already been completed with ecosystem partners, making Visa the first to demonstrate that this is not theoretical. Visa is predicting mainstream consumer adoption by the 2026 holiday season.
Visa’s framework treats AI agents as extensions of the cardholder rather than independent entities. A framing that has important liability implications. It is building agent identity verification mechanisms, granular spending permissions, and AI-specific fraud protections.
Google — Universal Commerce Protocol (UCP) + Agents Payments Protocol (AP2) + Agent2Agent Protocol (A2A)
Google is the wildcard, and possibly the most dangerous player in the room. Chrome has majority of global browser market share. In January 2026, Google announced that Chrome now has built-in support for agentic payments through its Universal Commerce Protocol, co-developed with industry partners. Google’s Gemini agent can pause at checkout and ask for confirmation, or in future iterations, complete transactions autonomously.
With Google’s position in the browser space, if they bake agentic commerce standards natively into Chrome and Android, the protocol war may be over before it formally begins. Every other player would be negotiating from a position of playing on Google’s infrastructure. That is an uncomfortable reality for Mastercard, Visa, and every merchant that values distribution independence.
Anthropic — Model Context Protocol (MCP)
MCP is one of two main infrastructure-layer protocols. Developed by Anthropic, it enables AI agents to access product data and integrate with merchant systems. It functions as part of the underlying operating system for agentic commerce alongside A2A protocol, an infrastructure-layer protocol developed by Google.
Open AI & Stripe — Agentic Commerce Protocol (ACP)
ACP defines the interaction model between buyers, their AI agents, and businesses to complete purchases. First implemented as Instant Checkout in ChatGPT.
Protocol Comparison at a Glance
The fragmentation tax
While the giants negotiate dominance, someone else is paying the bill. Merchants, developers, and enterprise IT teams are currently being asked to support multiple competing protocols simultaneously - each with its own SDK, compliance requirements, integration architecture, and maintenance burden.
This fragmentation tax is not a theoretical future problem. It is a present operational cost landing on development teams right now. Every protocol a merchant needs to support is an engineering sprint, a security review, a vendor relationship, and an ongoing maintenance commitment.
The fragmentation tax has a second-order effect that nobody is speaking loudly enough about: it slows enterprise adoption, which slows the market growth that all the protocol players are racing to capture. There is a collective action problem here that the industry has not yet solved.
Who wins? A point of view
The honest answer is I don’t know who wins the protocol wars eventually, but I can speculate based on the current market structure and the moves being made by key players: The more likely near-term outcome is a two-tier market: a dominant consumer-facing standard anchored by Google’s browser distribution, and a separate enterprise-grade standard built on Mastercard’s Verifiable Intent framework, which has the technical depth and partner credibility that regulated industries require.
The core reasoning here is that Google wins the consumer layer almost by default: When almost 70% of web browsing already happens inside Chrome, and agentic checkout is built natively into the browser, the path of least resistance for consumer merchants is to support Google’s UCP/AP2. They may not love it, but they will implement it because their customers are already there.
Mastercard wins the enterprise layer, that is, if the open-source bet pays off. The Verifiable Intent framework is the only proposal that somewhat addresses the full problem: not just who the agent is, but what it was instructed to do, whether it did that specific thing, and whether anyone tampered with the record. That completeness matters enormously to compliance officers and regulators. The partnership with Google, which explicitly endorsed Verifiable Intent as compatible infrastructure is the most important signal in the entire landscape right now.
That neutral interoperability layer does not exist yet. The enterprise that needs to support multiple protocols today has no clean abstraction above them. That gap is where the most interesting infrastructure opportunity in this space currently lives.
Final Word
The protocol war looks like a technology competition. It is not. It is a competition over who controls the rules of agentic commerce: who defines what counts as valid authorization, who bears liability when an agent acts outside its permitted scope, and who holds the audit trail that regulators will eventually demand.
That is not a technical question. It is a governance question. And governance, as we will explore in the next issue, is the part that nobody has fully solved yet. The protocols establish the rails. What travels on those rails, and who is accountable for it, remains the most consequential open question in the entire space.
The protocol wars will produce winners and losers. The governance gap will produce something more consequential: the infrastructure category that ultimately makes agentic commerce safe enough for the consumers and enterprises to trust.
Until next week - Autonomous.