A full breakdown of four critical innovations necessary to make AI agent payments autonomous: agentic tokens, persistent policy delegation, sessioning and micropayments, and end-to-end merchant acceptance. Combined, these innovations make AI agents real economic participants.

There is a gap at the heart of the AI agent economy.

Agents today are extraordinary at reasoning, planning, and executing complex tasks. They can research, write, schedule, build, negotiate, and coordinate. But the moment a task requires spending real money (e.g. paying an API, purchasing a subscription, settling a transaction with a supplier), they hit a wall.

That wall is has an infrastructure problem. The financial plumbing of the internet was built for humans, not machines. Credit cards expire in minutes when issued to bots. Micropayments cost more to process than they’re worth. Merchants have no way to accept payments programmatically from software agents. And when an AI agent does transact on your behalf, neither you nor your bank can tell it apart from a fraudulent actor.

Agents can think and perform labor. But until today, they couldn’t transact.

That’s now changing. Nevermined has unlocked persistent credit card delegation infrastructure built for AI agents, combining four innovations that, together, solve the full economic autonomy problem from end to end.

Why This Matters Now

The agent economy is not a future scenario. Companies are deploying AI agents today to handle procurement, run marketing, monitor infrastructure, and manage vendor relationships. Individuals are giving agents access to their calendars, inboxes, and research tasks.

What they cannot yet give agents is persistent, controlled spending authority. That single constraint is a huge barrier to what agents can actually do in the real world.

THE PROBLEM‍
AI agents today are like an employee who can do everything except use a company card. Every transaction requires a manager to stop what they are doing and approve it manually.

‍

THE FOUR INNOVATIONS

Innovation 1. Agentic Tokens: A New Identity for AI-Initiated Payments

To understand why this matters, you need a short primer on how credit card tokens work.

When you tap your phone to pay at a coffee shop, your actual card number never leaves your device. Your app issues a token with a cryptogram instead, which is a substitute number that represents your card. Tokens are one of the most important fraud-prevention tools in modern payments. Until recently, there were three types.

The Three Types of Credit Card Tokens

Type 1: Network Tokens (Visa Token Service / Mastercard MDES). Issued by card networks to replace your card number in online transactions. Map 1:1 to a 16-digit credit card number but are domain restricted specific to merchant, device, or channel. Standard for most e-commerce.

Type 2: Device-Bound Tokens (Apple Pay, Google Pay). Locked to your specific device and requires biometric authentication. Maximum security for in-person payments.

Type 3: Gateway Tokens (PayPal Vault, Stripe). Stored by a payment processor on your behalf. Powers saved card features and subscriptions.

The New, 4th Credit Card Token Type: Agentic Tokens‍

Type 4: Agentic Tokens (Visa Intelligent Commerce, Mastercard AgentPay). Brand new. Purpose-built for AI agents, but based on Type 1 Network Tokens with agent metadata to identify that an agent is making the request to merchants. This is what changes everything.

BEFORE

When an AI agent tried to pay using your card or a virtual card issued on your behalf, the transaction looked identical to any other card payment. No bank, no merchant, no regulator could tell whether a human or a machine had initiated it. That opacity created risk for everyone and often led to the transaction being denied by any one of the actors in the authorization chain

AFTER

Both Visa and Mastercard are working on Agentic Token solutions; Visa has VIC, Mastercard has AgentPay.

This is the most important development in payments infrastructure since contactless. Traditional network tokens answer: "Is this card valid for this merchant/device?" Agentic tokens need to answer a harder question: "Is this AI agent authorized to spend this specific amount on this specific thing?" That's a fundamentally different trust model. We're going from card-present and card-not-present to what the industry is calling human-not-present.

To facilitate this, agentic tokens enable every transaction initiated by an AI agent to carry a unique cryptographic identity. Banks can see it. Merchants can see it. Card networks can see it. AI commerce is visible, auditable, and trustworthy at the infrastructure level for the first time.

Breaking down Visa’s approach, VIC’s agentic tokens differ from standard VisaNet network tokens as follows:

• Standard network tokens bind to a merchant or device. Agent tokens bind to a specific AI agent and work across merchants.
• They carry embedded behavioral guardrails: spending limits, merchant category restrictions, approval thresholds.
• They plug into Visa's fraud models with three-point validation: credential request matches authenticated user instructions, merchant authorization aligns with credential request, and transaction data matches original consumer intent.

These capabilities combine to help ensure that AI agent spend is possible, and move us towards autonomous purchasing.

WHY AGENTIC TOKENS ARE DIFFERENT FROM VIRTUAL CARDS
Unlike virtual cards, which are indistinguishable from standard card transactions, agentic tokens are a purpose-built token type that identifies AI-initiated spend to banks, merchants, and networks. That visibility is what makes autonomous agent commerce safe at the infrastructure level.

Bootstrapping vs. Scaling Agentic Commerce: Virtual Cards → Agentic Tokens

Virtual cards are the brute-force approach to agent payments. The logic is simple: the existing web accepts credit cards, so give the agent a credit card. Bootstrap the ecosystem by allocating funds to an agent. Don't overthink it.

However, a virtual card is a bearer instrument. The agent (or its runtime) has the PAN, CVV, and expiry. That's the key to the kingdom. Even with single-use and merchant-locked controls, the agent runtime has the raw card number during the transaction window. If the agent's memory, logs, or runtime environment is compromised, that card data is exposed.

Agentic tokens, on the other hand, never expose the underlying PAN to anything outside the network's token vault. These tokens are cryptographically bound to the agent and domain-restricted.

Another key difference is that virtual cards require users to issue new cards to give to their agent, while agentic tokens are delegated to an agent using an existing card. This means the cardholder can delegate an existing card, and does not need to create a new one, requiring either the purchase of a pre-paid card, or a possible FICO-style hard credit inquiry.

‍

Tackling Compliance: Not All Card Solutions Are Equal

Most agent builders assume that if a tool issues them a Visa card, the compliance side is handled. It is worth understanding why that assumption can be dangerous.

There are different levels of PCI DSS compliance depending on the role you play in the payment chain. A merchant that embeds Stripe's hosted checkout fields into their website qualifies for SAQ-A, the simplest self-assessment level. That works because Stripe captures card data directly and it never touches the merchant's servers.

The moment a company moves from being a merchant to being a service provider, the rules change entirely. A service provider is any entity that stores, processes, or routes card data on behalf of other parties. That classification requires SAQ-D compliance, which covers over 250 controls, and at sufficient transaction volume, a full on-site audit by a Qualified Security Assessor.

Most virtual card solutions issuing cards to agents are operating as service providers. They are routing card numbers through their infrastructure on behalf of their customers. If they have not properly attested their SAQ-D compliance, any PSP or card network can request that attestation at any time. If they cannot produce it, they risk losing the ability to process. The virtual cards they issued stop working instantly, with no warning to the builders or users who depend on them.

Nevermined is built for this from the start. Card data is captured and stored through VGS, so it never touches Nevermined's infrastructure. We are PCI DSS compliant as a service provider. When a PSP or card network asks for attestation, we can produce it.

A NOTE FOR BUILDERS
If you are building agents that use a virtual card solution, ask one question before you ship: is your card provider attested as a service provider under PCI DSS? If they cannot answer clearly, you are building on infrastructure that could disappear.

Innovation 2. Persistent Delegation: From Minutes to Months

Most people do not realise how short-lived AI payment permissions are today. If you have ever given an AI agent access to pay on your behalf, the mechanism typically involves a one-time or short-lived credential that expires in minutes. That is fine for a single task. It is completely unworkable for an agent operating continuously across days, weeks, or months.

BEFORE
Imagine hiring an assistant and having to personally re-authorise every single purchase, no matter how small, every time they need to make a purchase. That is effectively what current agent payment infrastructure requires. Agents are brilliant at planning a complex workflow but they have to stop and wait for human re-authorisation every time they need to spend anything.
‍
AFTER
Nevermined enables persistent credit card delegation with granular controls you define upfront. For example, you can now authorise an agent to spend a weekly budget of $500, only with approved merchants, for the next 3 months, auto-renewing on your confirmation. The agent operates within those parameters without interruption. You stay in control without staying in the loop.

What Granular Controls Actually Mean

• Spending limits per transaction, per day, per month
• Merchant category restrictions, for example only SaaS, only travel, only pre-approved vendors
• Time-bound authority that expires automatically and renews on your terms
• Full audit trail of every authorisation and every spend

KEY TAKEAWAY
Persistent delegation is the first real primitive for AI economic autonomy. Not a workaround. Not a simulation. The actual thing.

Innovation 3. Agentic Micropayments: The Payment Layer the Internet Never Had

The internet has had a built-in payment instruction since 1996. HTTP 402 - Payment Required, is a status code that has existed in the web's foundational protocol for nearly 30 years. It was always intended to let a machine say this resource costs money, and for another machine to pay and continue, automatically. It was never implemented because the payment infrastructure to support it did not exist.

Until now.

BEFORE
AI agents accessing paid APIs or services today face fragmented, human-centric billing. They need pre-purchased credits, subscription keys, or manual billing arrangements. Paying for a single search result, a single database query, or a single model inference requires an account, a subscription, and often a human admin to set it up. For an agent executing thousands of operations per day, this does not scale.

AFTER
The x402 protocol, developed by Coinbase and implemented by Nevermined, turns HTTP 402 into a live working payment layer. When an AI agent hits a resource that requires payment, the response carries a payment instruction. The agent pays, using a credit card or a stablecoin, and immediately receives access. No accounts. No subscriptions. No humans in the loop.

Nevermined's implementation is the first to support credit card payments with agentic tokens over x402. This means agents can transact using mainstream financial infrastructure, not just crypto-native systems.

The other innovation is Nevermined’s ability to handle sessioning, as well as PAYG. Sessioning allows agents to receive streamed responses from merchants. This is enabled by Nevermined’s novel credits system, in which merchants redeem a user’s credits as the user makes requests, in a similar fashion to how LLM tokens work today. This same credits sessioning implementation also allows for micropayments, enabling an agent to pay a fraction of a cent for a data API call, a few cents for a premium model response, or a few dollars for a specialised report, all within the same HTTP request cycle.

KEY TAKEAWAY
x402 is to agent commerce what HTTPS was to e-commerce: the foundational protocol layer that makes everything else safe and scalable.

Innovation 4. End-to-End Merchant Acceptance: Closing the Sell-Side Gap

This is the innovation most people overlook, and arguably the most important one to make the entire system work.

Every payment requires two sides: a buyer and a seller. Most discussions of agent payments focus entirely on the buy side, and how to give agents the ability to spend. Almost no one has solved the sell side: how do merchants and service providers actually accept payments from AI agents?

BEFORE
Merchants today have no standard mechanism to accept payments from AI agents. There is no agent checkout flow. No API-native payment acceptance built into common merchant infrastructure. If an AI agent wants to pay a vendor, that vendor typically needs a custom integration, a developer on their end, and often a separate agreement. This is a structural barrier that blocks most of the potential agent economy.

AFTER
Nevermined enables programmatic merchant acceptance through existing payment service providers, like Stripe, for the first time. Merchants integrated with Nevermined's infrastructure can accept payments from AI agents without any additional development work. The agent identifies itself using its agentic token, presents the payment credential, and the transaction settles through the merchant's existing payment processor. No new merchant account. No new PSP. Nothing changes on their end.

KEY TAKEAWAY
Buyer-side innovation without sell-side acceptance is a dead end. Nevermined completes the circuit. This is the gap no other solution currently solves.

‍

REAL-WORLD BUSINESS IMPACT

Who Benefits and How

Publishers and Data Providers

An AI agent researching investment in a startup doesn't want a $500/year firehose from a single publisher. It wants one article from Techcrunch, sentiment from a small demographic of X users, and a private market analysis report from Crunchbase. That transaction pattern does not exist today. With Nevermined, publishers set a price per asset. AI agents buy exactly what they need, when they need it. Net new revenue from traffic that was previously blocked.

Independent Developers and Agents-as-a-Service

A developer building an investment research assistant can now offer their users the ability to delegate a card directly within the product. The assistant autonomously purchases individual case documents, regulatory filings, and expert analyses on the user's behalf, without the developer needing to fund or process any payment themselves.

API Economy at Scale

Any API provider can now price their endpoints at the exact granularity that matches their value, down to fractions of a cent per call, and receive payment from millions of agents operating across thousands of platforms. No subscriptions. No minimum commits. True pay-per-use at machine scale.

KEY TAKEAWAY
The common thread across all these scenarios: value that was previously locked behind subscription paywalls, custom integrations, or manual approval processes becomes instantly accessible to autonomous agents operating within pre-approved parameters.

‍

SAFETY AND COMPLIANCE

Built Safe from the Ground Up

The most common question we hear: is it safe to give AI agents persistent spending authority on credit cards?

Yes, when the infrastructure is built correctly from the start. Every element of this launch was designed with safety as a first principle.

• Agentic tokens make every AI transaction visible and auditable by banks, networks, and cardholders
• Persistent delegation includes hard limits, time bounds, and merchant restrictions the agent cannot override
• PCI DSS-compliant vault infrastructure through VGS ensures cardholder data is never exposed to agents or developers
• The full permission structure is revocable by the cardholder at any time
• The financial system's existing fraud detection, chargeback rights, and spending controls all apply to agentic transactions

We are not building a parallel financial system. We are extending the existing one to include a new class of participant, with the same protections that already apply to every other card transaction.

WHAT COMES NEXT

The Infrastructure Layer for the Agent Economy

Nevermined is infrastructure. We are not building AI agents. We are building the economic layer that makes AI agents useful in the real world.

The four innovations we are launching today are the first layer of that infrastructure. They solve the most urgent problems blocking agent deployment in production.

What we are building toward:

• Agent-to-agent commerce, where AI systems negotiate, transact, and settle with each other atomically without human intervention.
• Consumption-based pricing, moving beyond per-transaction fees to long-term economic coordination between agents and service providers as the business model of AI agents, metered pricing, emerges as a driving force.
• Cross-channel settlement, enabling agents to operate across stablecoin and traditional payment rails seamlessly, with few visibility for agent identification enablement.
• Decentralised identity for agents, verifiable credentials that give every agent a trustworthy economic identity, based on statistical modelling across an agent's entire transactional history.

The agent economy is here. The question is whether the infrastructure exists to support it responsibly. That is what Nevermined is building.