Visa has recently unveiled a groundbreaking security framework known as the Trusted Agent Protocol, aimed at addressing one of the most pressing challenges in the rapidly evolving landscape of artificial intelligence (AI) in commerce. As AI shopping assistants become increasingly prevalent, the need for merchants to differentiate between legitimate AI agents and malicious bots has never been more critical. This initiative comes at a time when AI-driven traffic to U.S. retail websites has skyrocketed by over 4,700% in just one year, presenting both opportunities and risks for businesses.
The Trusted Agent Protocol is designed to provide a robust solution for merchants who are navigating the complexities of agentic commerce—a term that refers to the practice of consumers delegating shopping tasks to AI agents capable of autonomously searching for products, comparing prices, and completing purchases. With the surge in AI-driven traffic, traditional bot detection systems, which were primarily developed to block automated traffic, now face the risk of inadvertently blocking legitimate AI shoppers alongside malicious actors. This dual threat underscores the necessity for a more nuanced approach to bot management.
Rubail Birwadker, Visa’s Global Head of Growth, emphasized the urgency of this development, stating, “Merchants need additional tools that provide them with greater insight and transparency into agentic commerce activities to ensure they can participate safely. Without common standards, potential risks include ecosystem fragmentation and the proliferation of closed-loop models.” The stakes are high; while a significant majority of shoppers—85%—who have utilized AI for shopping report enhanced experiences, merchants must grapple with the dilemma of either turning away genuine AI-powered customers or exposing themselves to sophisticated bot attacks.
Visa’s own data reveals the scale of the challenge: the company prevented $40 billion in fraudulent activity between October 2022 and September 2023, nearly double the amount from the previous year. Much of this fraud involved AI-powered enumeration attacks, where bots systematically test combinations of card numbers until they find valid credentials. This alarming trend highlights the urgent need for a secure framework that can effectively distinguish between trustworthy AI agents and harmful bots.
At the core of the Trusted Agent Protocol is what Birwadker describes as a “cryptographic trust handshake” between merchants and approved AI agents. The protocol operates through a three-step process:
1. **Approval and Onboarding**: AI agents must first be vetted and approved through Visa’s Intelligent Commerce program. This rigorous vetting process ensures that only agents meeting specific trust and reliability standards receive approval. Each approved agent is assigned a unique digital signature key, which serves as a cryptographic credential that verifies its identity.
2. **Digital Signature Creation**: When an approved AI agent visits a merchant’s website, it generates a digital signature using its unique key. This signature transmits three critical categories of information:
– **Agent Intent**: This indicates that the agent is trusted and intends to retrieve product details or make a purchase.
– **Consumer Recognition**: This data shows whether the underlying consumer has an existing account with the merchant, facilitating a smoother transaction process.
– **Payment Information**: This optional data supports checkout processes, allowing for a seamless purchasing experience.
3. **Validation by Merchants**: Merchants or their infrastructure providers, such as content delivery networks, validate these digital signatures against Visa’s registry of approved agents. Upon proper validation of these fields, merchants can confidently confirm that the signature belongs to a trusted agent.
One of the standout features of the Trusted Agent Protocol is its design, which requires minimal changes to existing merchant infrastructure. Built on open standards like the HTTP Message Signature standard and aligned with Web Bot Auth, the protocol integrates seamlessly with current web systems without necessitating a complete overhaul of checkout pages. Birwadker highlighted this aspect, stating, “This is no-code functionality,” although merchants may need to engage with Visa’s Developer Center to access the verification system.
The introduction of the Trusted Agent Protocol also reflects Visa’s recognition of the collaborative nature of solving bot verification challenges. Developed in partnership with Cloudflare, a leading web infrastructure and security company, the protocol acknowledges that effective bot management requires cooperation across the entire web stack, not just within the payments layer. Birwadker noted, “Trusted Agent Protocol supplements traditional bot management by providing merchants insights that enable agentic commerce. Agents are providing additional context they otherwise would not, including what it intends to do, who the underlying consumer is, and payment information.”
As Visa rolls out this protocol, it finds itself in a competitive landscape where multiple technology giants are racing to establish their own standards for AI commerce. Google has introduced its Agent Protocol for Payments (AP2), while OpenAI and Stripe have also discussed their approaches to enabling AI agents to facilitate purchases. Visa’s collaboration with industry leaders, including Microsoft, Shopify, Adyen, and others, during the development of the Trusted Agent Protocol underscores the importance of creating compatibility across the ecosystem.
Visa is actively engaging with global standards bodies such as the Internet Engineering Task Force (IETF), the OpenID Foundation, and EMVCo to ensure that the Trusted Agent Protocol can eventually become interoperable with other emerging standards. Birwadker remarked, “While these specifications apply to the Visa network in this initial phase, enabling agents to safely and securely act on a consumer’s behalf requires an open, ecosystem-wide approach.”
However, the introduction of the Trusted Agent Protocol raises several important questions regarding authorization and liability when AI agents make purchases on behalf of consumers. For instance, if an AI agent completes an unauthorized transaction—perhaps due to a misunderstanding of the user’s intent or exceeding its delegated authority—who bears responsibility? While Birwadker emphasized that the protocol helps merchants leverage information to enhance consumer relationships and secure checkouts, he did not provide specific details on how disputes would be handled in cases of unauthorized purchases. It is presumed that Visa’s existing fraud protection and chargeback systems would apply, but detailed guidance on agent-initiated transaction disputes has yet to be published.
Moreover, Visa’s role as a gatekeeper in the emerging agentic commerce ecosystem raises concerns about transparency and fairness. The company determines which AI agents are approved for the Intelligent Commerce program and receive cryptographic credentials, effectively controlling which agents merchants can trust. Birwadker stated, “Agents are approved and onboarded through the Visa Intelligent Commerce program, ensuring they meet our standards for trust and reliability.” However, he did not elaborate on the specific criteria agents must meet or whether Visa charges fees for approval.
This gatekeeping function could lead to contention, particularly if Visa’s approval process appears to favor large technology companies over startups or if the company faces pressure to block agents from competitors or politically controversial entities. Visa has not disclosed how many agents it has approved thus far or the typical duration of the vetting process, leaving room for speculation about the fairness and accessibility of the approval system.
The launch of the Trusted Agent Protocol occurs amid a complex backdrop for Visa, which is currently navigating significant legal and regulatory challenges even as its core business remains strong. The company’s latest earnings report for the third quarter of fiscal year 2025 revealed a 10% increase in net revenues to $9.2 billion, driven by resilient consumer spending and robust growth in cross-border transaction volume. In the full fiscal year ending September 30, 2024, Visa processed an astounding 289 billion transactions, with a total payments volume of $15.2 trillion.
However, Visa’s legal headwinds have intensified in recent months. In July 2025, a federal judge rejected a landmark $30 billion settlement that Visa and Mastercard had reached with merchants over long-disputed credit card swipe fees, sending the parties back to the negotiating table and prolonging the ongoing legal battle. Simultaneously, Visa remains under investigation by the Department of Justice regarding its rules for routing debit card transactions, with regulators scrutinizing whether the company’s practices unlawfully limit merchant choice and stifle competition. These domestic challenges are mirrored abroad, where European regulators continue their own antitrust investigations into the fee structures of both Visa and its primary competitor, Mastercard.
In light of these regulatory pressures, Birwadker acknowledged that the adoption of the Trusted Agent Protocol will take time. “As agentic commerce continues to rise, we recognize that consumer trust is still in its early stages,” he stated. “That’s why our focus through 2025 is on building foundational credibility and demonstrating real-world value.” The protocol is available immediately through Visa’s Developer Center and GitHub, with agent onboarding already active and merchant integration resources accessible. However, Birwadker refrained from providing specific targets for how many merchants might adopt the protocol by the end of 2026, indicating that adoption will align with the momentum already being observed.
Industry analysts suggest that merchant adoption of the Trusted Agent Protocol will likely depend on the speed at which agentic commerce grows as a percentage of overall e-commerce. While AI-driven traffic has surged dramatically, much of this activity consists of agents browsing and researching rather than completing purchases. If AI agents begin to account for a significant share of completed transactions, merchants will face stronger incentives to adopt verification systems like Visa’s protocol.
Visa’s move to introduce the Trusted Agent Protocol reflects broader strategic bets on AI across the financial services industry. The company has invested approximately $10 billion in technology over the past five years to reduce fraud and enhance network security, with AI and machine learning playing central roles in these efforts. Visa’s fraud detection system analyzes over 500 different attributes for each transaction, utilizing AI models to assign real-time risk scores to the 300 billion annual transactions flowing through its network. James Mirfin, Visa’s global head of risk and identity solutions, noted, “Every single one of those transactions has been processed by AI. If you see a new type of fraud happening, our model will see that, it will catch it, it will score those transactions as high risk, and then our customers can decide not to approve those transactions.”
Additionally, Visa has aggressively expanded into new payment territories beyond its core card business. In January 2025, the company partnered with Elon Musk’s X (formerly Twitter) to provide the infrastructure for a digital wallet and peer-to-peer payment service called the X Money Account, competing with services like Venmo and Zelle. This partnership marked