Stripe has introduced Link, a new digital wallet aimed at one of the most stubborn problems in payments for the age of AI: how do you let software act on your behalf without turning “convenience” into “loss of control”?
The pitch is straightforward, but the implications are not. Link is designed to let people connect their payment sources—cards, bank accounts, and subscription relationships—and then authorize autonomous AI agents to spend using secure approval flows. In other words, Stripe is trying to make agentic commerce feel less like a risky experiment and more like a familiar, permissioned workflow.
For years, the industry has treated payments as a human-only interface: you click, you confirm, you authenticate, you pay. AI agents change the model. They can decide what to buy, when to buy it, and from which merchant—often across multiple steps. That’s exactly where traditional payment UX starts to break down. If an agent can initiate transactions, the user needs a way to understand what’s happening, approve it at the right moments, and retain meaningful control over limits, categories, and intent.
Link is Stripe’s answer to that challenge, and it’s notable that the product is framed around authorization rather than automation. The emphasis is not “agents can spend,” but “agents can spend securely, with user-approved guardrails.” That distinction matters, because it signals a design philosophy: autonomy should be constrained by consent mechanisms that are legible to users and enforceable by infrastructure.
A wallet built for connected money, not just stored cards
Most digital wallets started as a way to store credentials or streamline checkout. Link goes further by focusing on connectivity. Users can connect cards, banks, and subscriptions—meaning the wallet isn’t only about one-off purchases. It’s also about recurring obligations and the broader financial context in which spending decisions occur.
That matters because AI agents don’t operate in a vacuum. If an agent is planning a trip, it might need to check whether a subscription covers something, whether a card is expiring, or whether a bank account is the right funding source for a particular purchase. If it’s managing household logistics, it may need to coordinate across merchants and billing models. A wallet that understands those relationships can reduce friction and improve reliability.
But connectivity alone doesn’t solve the core issue. The real question is: once the agent knows what’s available, how does it get permission to act?
Approval flows as the “control plane” for agent spending
Stripe’s approach centers on approval flows—secure, user-mediated steps that govern when and how an AI agent can spend. Think of this as a control plane layered on top of payment rails. The agent can propose actions, but the user remains the ultimate authority.
In practice, approval flows are where the product can differentiate itself. A generic “confirm this purchase” prompt is easy to implement, but it doesn’t scale well when agents are doing multi-step work. If an agent needs to book flights, reserve seats, buy insurance, and handle changes, the user shouldn’t be forced into a constant stream of micro-confirmations that train them to click without reading.
So the design challenge is to make approvals both granular enough to be meaningful and efficient enough to be usable. The best implementations typically include some combination of:
1) Intent-based approvals: the user approves a goal or category (for example, “book travel within $X” or “reorder household essentials”), and the agent can execute within that boundary.
2) Limits and constraints: spending caps, merchant allowlists/denylists, time windows, and frequency controls.
3) Transparency: clear summaries of what the agent intends to do, why it’s doing it, and what funding source will be used.
4) Revocability: the ability to pause or revoke permissions when something looks off.
5) Auditability: logs that help users understand past actions and troubleshoot disputes.
Even without seeing every implementation detail, the framing around “secure approval flows” suggests Stripe is aiming for a structured permission model rather than a single confirmation screen. That’s a critical shift. If Link is successful, it could become the standard way for agentic apps to request spending authority—similar to how OAuth became the standard for delegated access in web services.
Why subscriptions are a big deal for agentic commerce
Including subscriptions in the wallet is more than a convenience feature. Subscriptions are where “agentic” behavior becomes especially sensitive. An AI agent that manages your life might try to optimize costs, switch plans, cancel unused services, or add new ones based on changing needs. Those actions can have real financial consequences and can also affect services you rely on.
By connecting subscription details, Link can potentially support approvals that are aware of billing cycles and plan changes. For example, an agent might propose upgrading a plan because it predicts higher usage during a specific period. A permission system that understands subscription context can present approvals in a way that’s closer to how humans think: “Upgrade for three months, then revert,” rather than “Charge $49 now.”
This is also where security and compliance intersect. Subscription management often involves different risk profiles than one-time purchases. It can involve proration, refunds, and recurring authorizations. A wallet that treats subscriptions as first-class objects can enforce consistent rules across these scenarios.
The bigger trend: payments becoming programmable
Link fits into a broader shift that’s been building for a while: payments are moving from static checkout to programmable financial workflows. Developers want to build experiences where money movement is orchestrated by software, not by a single button press.
AI agents accelerate that trend because they introduce decision-making. But decision-making requires a “contract” between the user and the agent. That contract is essentially what Link’s authorization layer represents.
If you zoom out, the industry is converging on a few patterns:
– Delegated access: users grant permissions to apps or services.
– Policy enforcement: systems enforce limits and constraints.
– User visibility: users can see what’s happening and why.
– Secure execution: payment rails handle the actual transaction safely.
OAuth solved delegated access for identity. API keys solved delegated access for server-to-server tasks. Link appears to be aiming at delegated access for spending—where the stakes are higher and the user experience must remain trustworthy.
A unique take: making “agent trust” operational, not just marketing
Many AI products talk about trust in vague terms: “responsible AI,” “safety measures,” “guardrails.” Those phrases can be hard to verify. Link’s approach is more operational. It treats trust as something you can encode into flows and permissions.
That’s a unique angle because it acknowledges a reality: users don’t just need to believe the agent is smart—they need to believe the agent is constrained. And constraints need to be enforced by the payment system, not merely by the agent’s own logic.
In other words, Link is positioned to reduce the gap between what an agent claims it will do and what it is actually allowed to do. That’s important because agent behavior can drift. Models can misunderstand context. Tools can fail. Merchants can change pricing. Even well-designed agents can produce surprising outcomes.
A robust approval system acts as a safety net. It doesn’t eliminate errors, but it changes the failure mode. Instead of “the agent charged my card unexpectedly,” the failure mode becomes “the agent requested permission, and the user can review or deny.”
What “securely” likely means in this context
Stripe’s word choice—secure approval flows—signals that the authorization process is designed to be resistant to common threats. While the exact technical details aren’t provided here, the general security requirements for agent spending authorization typically include:
– Strong authentication for the user at the moment of granting or confirming permissions.
– Tokenization and scoped permissions so the agent doesn’t gain broad access to payment credentials.
– Clear separation between authorization and execution, so permissions can be limited and audited.
– Protection against replay or tampering, ensuring that approvals can’t be silently altered.
– Consistent handling of edge cases like refunds, partial captures, and failed transactions.
From a product standpoint, “secure” also implies that the user’s approvals are not buried in confusing UI. Security isn’t only cryptography; it’s also comprehension. If users can’t tell what they’re approving, the system isn’t truly safe.
How Link could change the UX of agent shopping
If Link becomes widely adopted, it could reshape how agentic shopping apps behave. Today, many agent demos feel like chatbots that occasionally ask you to confirm a purchase. That’s a start, but it’s not a full workflow.
With a wallet like Link, agent apps can potentially shift from “ask for confirmation every time” to “request permission for a bounded set of actions.” Imagine an agent that plans a week of meals. Instead of prompting you for each grocery item, it could ask you to approve a weekly grocery budget and preferred stores, then execute within those constraints. If it tries to exceed the budget or switch stores, it would trigger another approval.
This kind of UX is more aligned with how humans delegate tasks. People don’t usually approve every step of a shopping trip; they set boundaries and trust the shopper to operate within them. Link aims to bring that delegation model into digital payments—without losing the ability to intervene.
The risk, of course, is that delegation can become too opaque. If approvals become overly summarized or too frequent, users may develop “permission fatigue.” The best systems will likely use progressive disclosure: show the essential summary up front, then provide deeper details when something changes or when the user requests it.
Where this could land in the ecosystem
Stripe’s strength is that it sits at the center of many payment stacks. If Link is offered as a platform capability, it can become a default integration path for developers building agentic commerce experiences.
That could lead to a new kind of standardization: instead of every agent app inventing its own permission model, Link could provide a consistent authorization framework. Consistency is valuable because it reduces cognitive load for users. If users learn how approvals work in one app, they can transfer that understanding to others