Claude can now run persistent, multi-step tasks without human oversight. Notion and Rakuten are early adopters. For payments, this is the compute layer that makes agentic commerce operationally viable.

Until last week, deploying an autonomous AI agent that could transact on behalf of a business required months of custom engineering. Hosting, sandboxing, state management, error recovery, retry logic, monitoring. Every company that wanted agents operating in production had to build or stitch together its own runtime stack. Most never got past the proof of concept.

Anthropic just collapsed that timeline. Claude Managed Agents, now in public beta, lets any API customer define an agent's tasks, tools, and guardrails, then hand the rest to Anthropic's infrastructure. Sessions can run autonomously for hours. Results persist even if the connection drops. Pricing is usage-based: standard token rates plus $0.08 per session hour.

The pitch is straightforward. Instead of building your own agent runtime, you describe what the agent should do and Anthropic runs it on managed infrastructure. The service handles sandboxed code execution, authentication, checkpointing, scoped permissions, and persistent long-running sessions. Built-in tools include bash commands, file operations, web search, and connections to external services via Model Context Protocol (MCP) servers.

Developers define agents through natural language or YAML configuration. Environments are containerized with configurable network access, pre-installed packages, and mounted files. The New Stack reported that in internal testing, Managed Agents improved structured file generation success rates by up to 10 points over standard prompting methods.

The early adopters tell you where this is heading. Notion lets teams delegate tasks to Claude inside their workspace. Rakuten built enterprise agents for sales, marketing, and finance that plug into Slack and Teams, each reportedly operational within a week. Sentry paired its debugging agent with a Claude agent that writes patches and opens pull requests. Asana is also in the initial cohort.

These are not research prototypes. They are production deployments inside large companies, handling real workflows.

We have been tracking the agentic commerce stack as it assembles, layer by layer. Shopify wired storefronts into ChatGPT. Santander ran live agentic payments through Visa. Plaid connected financial data to Perplexity. Each of those moves assumed something that did not yet exist at scale: a reliable runtime layer where agents could persist, recover from failures, and execute multi-step tasks without human babysitting.

Managed Agents is that layer. Or at least, it is the first serious managed offering of it.

When we reviewed the Claude agent platform earlier this year, the core technology was already strong but the deployment story was incomplete. Companies still needed their own hosting, their own error handling, their own persistence layer. Managed Agents fills that gap in one move.

As we explored in our analysis of the agentic commerce stack going live, the commercial viability of agent-initiated transactions depends on infrastructure that most companies cannot build themselves. The discovery layer exists. The payment rails exist. What was missing was the compute layer, the persistent agent runtime that turns a clever prompt into an autonomous worker capable of completing a purchase order, reconciling an invoice, or routing a dispute through a multi-step resolution flow.

That shift has direct payments implications. If any company with an API account can now deploy persistent agents via a single integration, the volume of agent-initiated transactions will grow faster than anyone's current projections assume. Every enterprise that was waiting for the infrastructure to mature before experimenting with agentic commerce now has less reason to wait.

The $0.08 per session hour price point matters too. A procurement agent running around the clock costs roughly $58 per month in compute, before token costs. That is less than the salary of an intern. For large enterprises processing thousands of invoices monthly, the math is obvious. For payment processors and acquirers, the question shifts from "will enterprises use agents?" to "how fast do we need to be ready for agent-originated volume?"

More agents, running longer, with less human oversight. That is the product. And it accelerates a tension we have covered extensively: the gap between agent capability and agent governance.

As we reported in our examination of agentic AI security risks, the industry has not solved fundamental questions about liability, authorization, and dispute resolution for autonomous agent actions. Anthropic has built scoped permissions and sandboxing into Managed Agents. Those are necessary technical controls. They are not a governance framework.

Consider a Managed Agent running a procurement workflow. It identifies a supplier, negotiates terms, and initiates payment. The session runs for three hours. Somewhere in that chain, the agent misinterprets a contract clause and commits the company to unfavorable terms. Who bears liability? The company that deployed the agent? Anthropic, which hosted and ran the session? The MCP server that provided the contract data?

Anthropic's documentation describes centralized observability and policy enforcement. That is a monitoring layer, not a legal framework. The speed at which enterprises can now deploy autonomous agents has outpaced the speed at which regulators, insurers, and payment networks are building rules for those agents.

The timing deserves attention. In the same week that Anthropic launched Managed Agents, it also unveiled Project Glasswing, a cybersecurity initiative built around Claude Mythos Preview, a model so capable at finding software vulnerabilities that Anthropic chose not to release it publicly. We covered the Glasswing story in detail. The short version: Anthropic built something dangerous and locked it down.

Now compare. On one side, Anthropic restricts its most powerful model to a vetted coalition of defenders. On the other, it makes its commercial model dramatically easier for any company to deploy at scale, with less friction and less oversight.

These are not contradictory moves. They are two expressions of the same strategic calculation. Anthropic is positioning itself as the company that takes safety seriously on the frontier while aggressively commercializing the models one step behind the frontier. The safety credentials earned by Glasswing make the commercial expansion of Managed Agents easier to defend.

Whether that framing holds depends on what happens when Managed Agents are running at scale, handling real money, and making mistakes that no one anticipated.

Anthropic just made it trivially easy to deploy agents that can transact autonomously. The payments industry has not made it trivially easy to govern them. Which side closes its gap first?