
•
5 min read time
View Transcript
Overview
AI agents can already search, compare, coordinate, and execute tasks across software environments. They are also increasingly being used in the financial context. However, for agentic payments to become fully autonomous, certain operational and infrastructure problems need to be solved first: once an agent can move money, every action needs clear authority, spending limits, counterparty controls, auditability, and a path for handling mistakes or disputes.
That problem is the core focus of Episode 10 of the Stablecoin Builder Series. Shahar Friedman, Utila’s Head of Payments, is joined by Catherine Peng of Rain, James Lawton of Polygon Labs, and Brendan Ryan of Tempo to discuss how agentic payments are moving from concept to real life use cases, why stablecoins are emerging as a machine-native settlement rail, and what builders need across wallets, identity, policy controls, security, and scalable payment infrastructure before AI agents can transact safely on their own.
Key Takeaways
Agentic payments start with delegated execution
Agentic payments shift the control model from approval at the moment of payment to rules set before execution. Once an AI agent can initiate and complete a transaction, the infrastructure has to enforce delegated authority through spend limits, approved counterparties, permitted use cases, and escalation rules.
Stablecoins fit the way agents interact with software
Stablecoins are well suited for agentic payments because they are programmable, API-native, instantly settleable, and easier for software systems to integrate than many traditional payment rails. But that does not mean cards and existing payment methods disappear, especially for familiar consumer purchases where merchant acceptance already exists. The likely result is a market with multiple payment interfaces and settlement rails, with stablecoins becoming especially useful where speed, programmability, low cost, and machine-native settlement matter.
The first use cases will be well-defined workflows
Agentic payments are most likely to appear first where the purchase criteria are clear and the risk of interpretation is lower. Consumer examples include booking travel or buying defined goods. Commercial examples include vendor payments, software services, data access, compute, API calls, treasury workflows, and agent-to-agent payments where the transaction can be handled through a structured interface.
Agents need identity, authorization, and execution
James Lawton broke the agentic payment flow into three requirements. First, the system needs a way to identify the agent, whether through a wallet, an on-chain identity standard, or an owner that has gone through KYC. Second, it needs machine-readable authorization rules that define what the agent is allowed to do, especially to reduce the risk of prompt injection sending funds outside the intended policy. Third, it needs an execution layer that carries out the payment while enforcing those rules.
Delegated authority needs traceability
If an agent can spend money, that authority needs to connect back to an accountable person, business, or owner of funds. The panel compared this to corporate card programs, where employees can spend within defined limits but remain subject to policy, review, and dispute processes. In agentic payments, the same logic applies, but with richer traces showing what the agent was instructed to do, what it evaluated, and why it executed a transaction.
A different place for a human in the loop
Agentic payments do not remove humans from the system. They move human involvement higher in the workflow. People define policies, spend limits, approved categories, counterparty rules, refund logic, and escalation paths. Agents execute inside those boundaries, while humans review exceptions, disputes, and cases where the agent needs to be pulled back into a human decision process.
Security has to account for prompt injection and automated exploitation
The panel highlighted prompt injection as one of the clearest risks. If an agent can be manipulated into changing instructions or sending funds outside approved logic, payment infrastructure needs policy enforcement that does not rely only on the model’s judgment. The broader security challenge is that agents can also become very good at finding and exploiting weaknesses, which makes guardrails, testing, monitoring, and open infrastructure hardening essential.
B2B payments may move faster than consumer checkout
The panel pushed back on retail ecommerce as the only or largest opportunity. B2B flows may adopt faster because the economic value is clearer: treasury optimization, FX routing, conditional business payments, liquidity checks, API payments, data purchasing, and software-to-software transactions. In these cases, an agent can evaluate many data sources and execute a payment path that saves time or cost for the business.
Agent-to-agent payments need discovery and trust
Agent-to-agent payments already resemble one software system buying from another. What still needs to mature is discovery, reputation, and identity. Agents need to know which services exist, whether they are trustworthy, what terms apply, and whether the counterparty can be relied on. As agents begin negotiating with each other rather than just paying fixed micro-rates, identity and reputation become part of the payment infrastructure.
Scaling will require open, low-cost infrastructure
If agents begin creating large volumes of small transactions, payment infrastructure will need to support far more activity than human payments generate today. The panel discussed the importance of open standards, low-cost rails, fast onboarding, and potentially payment-channel-style models that can scale linearly without making every microtransaction expensive.
Key Speaker Insights
Brendan Ryan, Engineering, Tempo
“What I think becomes much more prevalent is agents buying services, buying data to improve their own output, doing that dynamically.”
Explaining why agentic payments may develop first around software, data, and services rather than physical retail purchases.
Catherine Peng, Product Manager, Rain
“Workflows that are well defined are the ones that get automated first.”
Describing where autonomous payments are most likely to reach production first.
James Lawton, Head of Developer Relations, Polygon Labs
“An agent needs identity, authorization, and execution.”
Breaking down the core infrastructure requirements for autonomous payments.
Catherine Peng, Product Manager, Rain
“Permissions granted to AI agents need to be traceable to a specific person, an owner of the funds.”
Explaining how delegated authority should connect back to accountability and liability.
Subscribe
Thought leadership, product updates, and partnerships - delivered only when we have something interesting to share.
Empower your organization to securely store, transfer, and govern digital assets with enterprise-grade confidence. Built for fintechs, enterprises, and institutional operators.
See how Utila fits into your stack.
Live walkthrough, no commitment.
Companies who trust our enterprise-grade governance, security, and operational control:


