The industry built authentication, authorization, and settlement for AI agents. What it still has not built is the layer that decides when a transaction should actually become binding. A year of coverage led us here.

Part 1 of a three-part series.

An AI agent initiates a payment on behalf of a consumer. The payment authorizes. The merchant begins fulfillment. Three days later the consumer disputes the charge because the agent bought the wrong product, exceeded its spending authority, or chose a merchant the consumer never approved.

The payment was valid. The commitment was not.

That distinction is not clearly governed by any protocol being deployed today because existing protocols were designed to answer different questions.

We have been covering this gap for close to a year now. Every article we write about agentic commerce eventually hits the same wall. Not a technology failure. Not a regulation failure. A category failure. The industry built an entire stack for AI agents to move money. Nobody built the layer that decides whether the money should move.

This article names the wall. It draws on our coverage of the agentic AI security reckoning, the dispute crisis, the delegation problem, and half a dozen other pieces that all circle the same absence. It also introduces one of the clearest formal frameworks we have seen for filling it.

The infrastructure is real. Give the industry credit for that.

Visa launched its Trusted Agent Protocol to authenticate AI agents acting on behalf of cardholders. It answers the identity question: is this agent who it claims to be, and does it have a credential linking it to a real consumer? Mastercard followed with Agentic Tokens and Payment Passkeys, tokenizing credentials so agents carry delegated authority without exposing raw card numbers.

Both work. Both solve authentication.

Then come the authorization and execution layers. Card network rails process the transaction. Stripe's Agent Toolkit gives developers programmatic payment triggers. The x402 protocol from Coinbase enables machine-to-machine payment at the HTTP layer. Each provides a mechanism for an agent to execute a payment when instructed.

Settlement is covered too. Stablecoins offer near-instant finality. Real-time payment rails, FedNow in the US and Faster Payments in the UK, clear funds in seconds. The old complaint that settlement takes days is becoming obsolete for an increasing share of transactions.

Stack them up. Authentication confirms the agent's identity. Authorization confirms the agent can pay. Settlement moves the money. Three layers, all functional, all shipping to production. These systems solve adjacent but important control questions, and each does its job well.

The question they were not designed to answer is different: should this transaction become binding at this moment, under these conditions, given the consumer's actual intent? That is not a failure of existing protocols. Authentication was built to verify identity. Authorization was built to check spending limits. Settlement was built to move funds. Each does exactly what it was designed to do.

The commitment decision, the question of whether all preconditions for binding consequence have been met, sits between these layers. It is a distinct control question that none of these layers were actually built to govern. Until the advent of agentic commerce, it did not need its own protocol.

We did not set out to write a series about commitment governance. We arrived here because the same emerging failure pattern kept surfacing across our coverage, article after article, quarter after quarter. In each case, the core issue is the same: authorization is treated as binding when it should not be.

These are illustrative emerging failure patterns, not settled conclusions. But they point consistently in one direction.

Start with the agentic commerce dispute crisis. An agent exceeded its scope. The merchant had already fulfilled. The consumer had no recourse through existing chargeback flows because the payment itself was authorized correctly. The commitment gap: authorization succeeded, but nobody evaluated whether the transaction should have become binding given the agent's actual scope. The dispute layer we examined in a follow-up piece does not exist either.

Then Walmart. We covered their instant checkout pilot and the commitment gap was obvious. The agent could authorize a purchase, but whether that purchase should trigger warehouse picking, shipping logistics, and an irreversible delivery chain was never evaluated. Authorization was treated as the green light for fulfillment. It should not have been. Payment-ready is not fulfillment-ready, and treating authorization as commitment collapsed the two.

The instant payments fraud paradox sharpens the problem further. PYMNTS research found that 85 percent of banks expect fraud to rise with instant payment adoption. The commitment gap here: authorization succeeds and is treated as final before anyone evaluates whether the transaction should bind. The speed that makes instant payments valuable is the same speed that strips away the window where a commitment decision could intervene.

The delegation problem adds another dimension. A consumer authorizes grocery shopping. The agent buys premium wine. The payment processes. Authorization confirmed the agent could pay. It did not confirm this specific purchase fell within delegated scope. The commitment gap: there is no decision point between authorization and binding consequence where delegation boundaries are checked.

Who authorized the agent? Authentication answers identity. It confirms the agent is linked to a real consumer with a real credential. But identity is not intent. Authentication does not confirm that this particular transaction, at this price, from this merchant, at this moment, falls within what the consumer actually intended to authorize. The commitment gap sits between verified identity and binding action.

The trust gap in agentic commerce quantifies the result. A Visa survey reported by Finextra found 53 percent of businesses ready to embrace AI-to-AI commerce. Only 36 percent of consumers trust bank-backed AI agents. Part of that trust gap is a commitment governance gap. Consumers sense, correctly, that nobody is evaluating whether an agent's transaction should become binding before it does.

The death of the checkout page is the architectural root of the problem. The checkout page was never just a UI element. It was the commitment layer. The moment a human reviewed the cart, confirmed the total, and clicked a button. That was the point where authorization became binding through deliberate human action. In agentic commerce, that moment does not exist. The control point is gone and nothing replaced it.

AI agents operate at machine speed. They chain actions. A shopping agent that finds a product, compares prices, selects a merchant, and executes payment can complete that sequence in seconds. A human doing the same thing takes minutes or hours, with natural pause points where judgment intervenes.

Those pause points are gone. Not reduced. Gone. Every natural moment where a human might have asked "should this become binding?" has been eliminated by automation. Authorization flows straight through to binding consequence with no commitment decision in between.

Agents also retry. A failed transaction triggers another attempt, potentially at a different merchant or a different price. Each retry is a new authorization that the system treats as a fresh commitment. The agent is optimizing for completion. Nobody is optimizing for whether completion is appropriate.

As agentic commerce scales, the volume of transactions where authorization happens without commitment governance grows with it. So do disputes. So do chargebacks. So do the operational failures where merchants fulfill orders that should never have become binding.

Supporting evidence suggests this commitment gap becomes more urgent as automation scales. Anthropic's own research into Claude's behavioral patterns found that the model exhibits functional states that influence its decision-making under pressure. Separate studies documented a 22 percent rate of deceptive behavior when models face conflicting objectives, including reward hacking. Apply that to a commerce context. An agent under pressure to complete a purchase, hitting friction, running up against time constraints, has structural incentives to find workarounds. Including workarounds that bypass whatever informal commitment checks might exist. This is not settled science, but it is an early signal that the commitment gap becomes more dangerous as the agents themselves become more capable and autonomous.

Commitment is not binary. A transaction can be valid enough to create a pending order but not valid enough to trigger merchant fulfillment. Payment-ready is not fulfillment-ready. The system needs explicit decision points, not just payment rails that authorize and settle.

Think of it in stages. An agent identifies a product and a price. That is an intent. The agent confirms it falls within delegated authority and policy constraints. That is a validation. The merchant confirms availability and terms. That is a readiness check. Only when all conditions are met, authority, readiness, policy, and downstream consequences evaluated, should the transaction become binding.

None of that exists today in any explicit, widely deployed form. Authorization collapses all of it into a single step. The agent authenticates, the payment authorizes, the merchant fulfills. Intent, validation, and readiness are assumed, not checked.

This is where the concept of commitment governance comes in. Not as a new payment rail. Not as a fraud filter. As a decision layer that evaluates whether the preconditions for binding consequence have actually been met.

Lu Zhang, a researcher working at the intersection of AI systems and financial infrastructure, has proposed what she calls a "portable commitment decision-and-evidence layer." It is the clearest formal framework we have seen that addresses this gap directly. Her Commitment Governance Framework defines a control object that sits between upstream signals (authentication, authorization, delegation scope) and downstream reliance (merchant fulfillment, settlement finality, irreversible action).

The control object carries evidence. It records what was checked, when, and what the result was. If a dispute arises later, there is an auditable trail showing whether the commitment point was governed or whether it was skipped. That distinction matters for liability. It matters for regulation. It matters for the 64 percent of consumers who do not yet trust AI agents with their money.

The framework does not replace or supersede existing payment infrastructure. It governs the commitment decision that sits between them: the question of whether all upstream signals (authentication, authorization, delegation scope) warrant triggering downstream reliance (fulfillment, settlement, irreversible action). Each existing protocol continues to do its job. The framework adds the decision layer that connects them. This is Part 1 of a three-part series. Part 2 will go inside the framework itself.

We still have not seen commitment governance clearly defined in published guidance. Not the FCA. Not the CFPB. Not the European Banking Authority. The concept does not appear in any published guidance on agentic payments.

They will move. The trigger is predictable. The first high-profile consumer dispute involving an AI agent will force the question. Not a dispute where the payment failed. A dispute where the payment succeeded perfectly and the consumer still suffered harm because nobody governed the commitment point. That story will make headlines. The regulatory response will follow within months.

When a regulator asks the industry how it governs the point at which an AI agent's transaction becomes binding, the honest answer today is: we do not.

The window for voluntary action is open but it will not stay open. The industry can define the standards, the protocols, the evidence layers on its own terms. Or it can wait and have them imposed by regulators working under political pressure after a crisis. The payments industry has seen this pattern before with PSD2 and Strong Customer Authentication. Voluntary adoption stalled. Regulation forced the issue. The compliance cost was orders of magnitude higher than the cost of leading.

Lu Zhang's Commitment Governance Framework is the clearest proposal we have seen so far for the voluntary path. It is concrete, it is implementable, and it addresses the specific failure patterns we have documented across a year of coverage. Part 2 of this series will examine how.

If the checkout page was the original commitment layer, and agentic commerce has no checkout page, who is building what comes next?

Charlie Major is a Product Development Manager at Mastercard. The views and opinions expressed in Major Matters are his own and do not represent those of Mastercard.

Read the full series: