Verifiable Intent in Agentic Payments

In traditional commerce, payment authorisation is straightforward: a human presents a card, enters a PIN, or confirms a transaction on their device. The human is present, identifiable, and accountable. But in agentic commerce, the human is absent. An AI agent acts on their behalf, negotiating prices, comparing options, and executing transactions autonomously.

This creates a fundamental trust problem. When an agent presents payment credentials to a merchant, how does the merchant know the transaction was genuinely authorised? How does the human principal know the agent acted within the scope they delegated? How does a regulator distinguish between a legitimate agentic transaction and an unauthorised one?

Current payment infrastructure was designed for human-present transactions. It assumes the entity initiating a payment is either a human or a system acting under direct human supervision. Agentic payments break this assumption entirely, creating a gap that verifiable intent is designed to fill.

Verifiable intent is the mechanism that proves an agentic payment was authorised by a human principal within a defined delegation scope. It is not simply authentication (proving identity) or authorisation (granting permission) - it is the proof that a specific transaction falls within the boundaries of a specific delegation from a specific human.

Verifiable intent operates at the intersection of three domains: delegation design (defining what the agent is allowed to do), trust architecture (ensuring the delegation is genuine and current), and payment protocols (embedding the proof within the transaction itself). It answers the question: "Was this payment within the scope of authority that a real human deliberately granted to this specific agent?"

The concept draws on established principles from cryptographic attestation, capability-based security, and the AXD framework's approach to delegation design. It extends these principles into the specific domain of autonomous commerce, where the stakes are financial and the consequences are immediate.

Without verifiable intent, agentic commerce faces three critical failures:

Merchant risk: Merchants cannot distinguish between legitimate agentic transactions and fraudulent ones. If an agent presents valid payment credentials but acts outside its delegated scope, the merchant bears the risk of chargebacks and disputes. Verifiable intent gives merchants a mechanism to verify that the transaction falls within the human's stated delegation.

Consumer exposure: Without proof of delegation scope, consumers have no mechanism to dispute transactions that exceeded their intent. "I authorised my agent to buy groceries under £50, not a £500 appliance" requires a verifiable record of what was delegated. Verifiable intent creates that record.

Regulatory uncertainty: Regulators need to understand who is accountable when an agent makes a payment. Verifiable intent provides the audit trail that connects every autonomous transaction back to a human delegation, enabling regulatory frameworks that can accommodate agentic commerce without stifling innovation.

A complete verifiable intent mechanism requires four components working together:

1. Delegation attestation: A cryptographically signed record of the human's delegation - what the agent is authorised to do, within what constraints, for what duration. This is the foundation: without a verifiable delegation, there is no verifiable intent.

2. Scope verification: A mechanism for verifying that a specific transaction falls within the boundaries of the delegation. This is not a simple yes/no check - it must handle the complexity of real-world delegations, including spending limits, category restrictions, time constraints, and conditional authorisations.

3. Intent binding: A mechanism that binds the verified delegation to the specific transaction, creating an unforgeable link between the human's authority and the agent's action. This prevents replay attacks, scope manipulation, and post-hoc fabrication of delegations.

4. Audit trail: A persistent, tamper-evident record of the delegation, the verification, and the binding - enabling dispute resolution, regulatory compliance, and trust calibration over time.

Verifiable intent is not just a payment infrastructure problem - it is a design problem. The way humans define their delegations, the way agents communicate their authority, and the way merchants verify that authority all require careful Agentic Experience Design.

For delegation design, verifiable intent requires that delegations be precise enough to be machine-verifiable. Vague instructions like "buy what we need" must be translated into structured constraints that can be cryptographically attested. This is the practice of intent engineering applied to commerce.

For trust architecture, verifiable intent adds a new layer: the trust between the agent and the merchant, mediated by the human's delegation. This is a three-party trust relationship that traditional two-party payment models do not address.

For recovery design, verifiable intent must handle the cases where delegation is ambiguous, where scope is contested, or where the human's intent has changed since the delegation was created. The recovery mechanisms must be as carefully designed as the verification mechanisms.