We're watching the infrastructure layer of a new Internet get built in real time.
The first Internet was built for humans — browsers, shopping carts, checkout forms, CAPTCHAs to prove you're not a robot. The next layer is being built for agents. And the clearest sign? Agents are getting their own payment rails.
Two major announcements in the past few weeks signal this shift:
- Stripe launched the Agentic Commerce Protocol (ACP) with OpenAI, enabling AI agents to complete purchases on behalf of users directly in ChatGPT
- Coinbase launched Agentic Wallets, giving AI agents the ability to hold funds and execute blockchain transactions autonomously
These aren't experimental pilots. Stripe's system is already live with Etsy and major Shopify merchants. Coinbase's x402 protocol has processed over 50 million transactions. The agent economy isn't coming — it's here.
For healthcare, this creates both opportunity and risk. Agents that can pay for things can also pay for the wrong things. Understanding how these systems work — and where the guardrails are — matters now.
Two Approaches to Agent Payments
Stripe and Coinbase are solving the same problem — how do agents transact? — but with fundamentally different philosophies.Stripe: The Agent Acts on Your Behalf
Stripe's Agentic Commerce Protocol (ACP) treats the agent as an intermediary. The human buyer remains in control. How it works:- Buyer discovers a product via AI agent (e.g., ChatGPT)
- Agent interfaces with buyer, shows options, collects preferences
- Buyer confirms purchase and authorizes payment
- Agent requests checkout from business via ACP
- Stripe issues a Shared Payment Token (SPT) — scoped to that specific seller, bounded by amount and time
- Business processes payment using their existing stack
- Business remains merchant of record and retains customer relationship
The key innovation is the Shared Payment Token. It lets the agent initiate a payment without ever seeing the buyer's actual card credentials. The token is programmable: it only works with the authorized merchant, expires after a set time, and can be revoked. Stripe Radar provides fraud signals throughout.
Current status: Live with Etsy, Shopify merchants (Glossier, Vuori, Spanx, SKIMS), and URBN brands (Anthropologie, Free People, Urban Outfitters). More merchants onboarding via the Agentic Commerce Suite.
Coinbase: The Agent Acts Independently
Coinbase's Agentic Wallets treat the agent as an independent economic entity. The agent doesn't just facilitate transactions — it holds funds and transacts autonomously. How it works:- Developer creates an agent wallet via CLI (under 2 minutes)
- Agent holds USDC and can swap tokens, interact with smart contracts
- Gasless trading on Base (Coinbase's L2) — agents don't need ETH for fees
- Agent pays for its own compute, API access, data streams — no human approval needed per transaction
- Guardrails enforced through session caps, transaction limits, and KYT screening
The underlying protocol is x402 — named after the HTTP 402 "Payment Required" status code that was planned but never implemented. It enables machine-to-machine payments at scale. Coinbase has also released Payments MCP, allowing LLMs like Claude and Gemini to access blockchain wallets directly.
Current status: Live on Base and Solana. Over 50 million transactions processed via x402. AgentKit provides developer tools for integration.
Comparing the Models
| Aspect | Stripe ACP | Coinbase Agentic Wallets |
|---|---|---|
| Agent role | Acts on behalf of human buyer | Acts as independent economic entity |
| Human-in-the-loop | Required (buyer confirms each purchase) | Optional (pre-set permissions govern) |
| Payment rails | Traditional card networks via SPT | Crypto (USDC, on-chain) |
| Merchant relationship | Preserved — business is merchant of record | N/A — agent transacts directly |
| Spending controls | SPT scoped by amount, time, seller | Session caps, transaction limits |
| Fraud prevention | Stripe Radar signals, SPT restrictions | KYT screening, trusted execution environments |
| Credential exposure | Agent never sees card details | Agent never sees private keys (TEE isolation) |
Neither approach is universally "better" — they serve different use cases. Stripe's model fits traditional commerce where a human is buying something. Coinbase's model fits autonomous operations where agents need to pay for resources continuously without human intervention.
How This Maps to Multi-Layered AI Identity
Both Stripe and Coinbase are implementing elements of what I've been calling Multi-Layered AI Identity — they just don't frame it that way.Agent Identity
Both systems give agents their own identity for financial operations:- Stripe: The agent is identified through the ACP integration — businesses know which agent initiated the checkout
- Coinbase: The agent has an on-chain identity via its wallet address, recorded on the blockchain
This is Agent Identity in action: the agent is a first-class principal with verifiable credentials.
Tool Identity
Payment capabilities are tools that agents invoke:- Stripe: The payment tool (SPT creation, checkout initiation) is a specific capability the agent has been granted
- Coinbase: Pre-built "skills" (Fund, Send, Trade, Earn) are registered tools the agent can invoke
Tool Identity verification happens before each financial action — is this agent authorized to use this payment tool?
Data Identity
Both systems protect sensitive financial data:- Stripe: Card credentials never exposed to agent; SPT abstracts the underlying payment method
- Coinbase: Private keys isolated in trusted execution environments; agent uses session keys with limited scope
This is Data Identity applied to payment credentials — classification-aware access that prevents the agent from seeing data above its authorization level.
Intent Identity — The Gap
Here's where both systems have room to grow.Stripe's SPT is scoped to a specific seller and amount — if the agent's intent drifts, the token won't work for unauthorized merchants. That's helpful, but it's retroactive. It catches the action (wrong merchant) rather than the intent shift that led there.
Coinbase's session caps and transaction limits bound the damage but don't detect drift. An agent that starts with "pay for medical supply API access" and ends up paying for something else within the spending limit has drifted — and the system won't catch it.
Intent Identity — verifying continuously that the agent's actions align with the original purpose — remains the hardest problem. Payment guardrails help, but they're not sufficient.
What This Means for Healthcare
Healthcare will encounter agent payment workflows whether we plan for them or not. Here's what to think about:Agent Authorization for Healthcare Purchases
When an agent orders medical supplies, pays for healthcare services, or purchases data access, who authorized that transaction?- Stripe's model preserves human-confirms-purchase flow — clearer authorization chain
- Coinbase's model relies on pre-set permissions — authorization happened at setup, not at transaction time
For compliance, you need to trace financial actions back to human authorization. Stripe's per-transaction confirmation makes this easier. Coinbase's model requires robust documentation of the original permission grants.
Audit Trails for HIPAA-Adjacent Workflows
If an agent pays for access to a medical data API, that transaction may need to appear in audit logs tied to the underlying patient data access.- Stripe: SPT lifecycle is logged, webhook events are signed — transaction history is auditable
- Coinbase: On-chain transactions are inherently auditable (blockchain is a ledger) — but correlating to healthcare workflows requires integration
Neither system was built for HIPAA. Healthcare organizations deploying payment-capable agents will need to build the correlation layer that connects financial transactions to data access logs.
Intent Drift in Financial Actions
An agent that starts with "order gauze pads from our approved supplier" and ends up purchasing from an unauthorized vendor has drifted. In healthcare, this could mean:- Supplies from non-compliant vendors
- Data purchases that violate BAAs
- Service payments outside approved contracts
Stripe's seller-scoping helps (SPT only works with authorized merchant), but requires pre-configuring which merchants are allowed. Coinbase's limits cap exposure but don't prevent the drift itself.
Machine-to-Machine Healthcare Payments
Coinbase's x402 protocol enables scenarios that will emerge in healthcare:- AI diagnostic tools autonomously paying for compute
- Agents paying for premium medical data API access
- Automated payments for cloud resources during clinical workloads
These aren't theoretical. If your organization uses AI tools that consume cloud resources or third-party APIs, those tools may soon have payment capabilities. The question is whether your governance model accounts for them.
Questions to Ask Vendors
If you're evaluating AI tools or agents with payment capabilities for healthcare:- What payment rails does the agent use? Traditional card networks (Stripe-style) or crypto (Coinbase-style)?
- Is human authorization required per transaction? Or does the agent operate within pre-set limits?
- How are spending limits enforced? Per-session caps? Per-transaction limits? Merchant restrictions?
- How do you restrict which merchants/payees the agent can transact with?
- What audit trail exists for agent-initiated payments? Can you correlate to other system logs?
- What happens if the agent's payment intent drifts? How would you detect and stop it?
- How do you handle credential isolation? Does the agent ever see raw payment credentials?
Vendors who can't answer these questions aren't ready for healthcare deployment — regardless of how impressive their agent capabilities are.
The Bigger Picture
Stripe and Coinbase are building the financial infrastructure for an agent-native Internet. This is foundational work — the equivalent of building payment rails for e-commerce in the 1990s.The patterns they're establishing now will shape how agents transact for years:
- Shared Payment Tokens as a new primitive for delegated payments
- On-chain agent identities with programmable wallets
- Machine-to-machine payment protocols (x402, ACP) as standards
- Guardrails as infrastructure — spending limits, merchant restrictions, fraud signals built into the rails
For healthcare, the takeaway is clear: agent payment capabilities are production-ready. The infrastructure exists. The question is whether your governance, security, and compliance frameworks are ready to meet it.
If you're deploying agents that interact with financial systems — even indirectly — now is the time to understand these patterns. The Internet is being rebuilt for agents, and healthcare can't afford to be caught unprepared.
This is entry #21 in the AI Security series. For the Multi-Layered AI Identity framework, see Intent Identity: The Missing Layer in AI Agent Security. For related coverage, see NIST Launches AI Agent Standards Initiative and IBM's Guide to Secure AI Agents.