Google Cloud has unveiled a new open protocol, the Agent Payments Protocol (AP2), designed to securely manage AI agent-led payments across a growing number of platforms. The announcement marks a significant step towards building a trusted ecosystem for what is being called “agentic commerce.” As AI agents become more sophisticated, they are gaining the ability to transact on behalf of users, a capability that breaks the traditional assumption that a human is directly clicking the “buy” button. This shift raises critical questions around security, and AP2 is Google’s solution to address these challenges head-on.
The need for a protocol like AP2 is rooted in three key areas: Authorization, Authenticity, and Accountability. It provides a common foundation to securely authenticate, validate, and convey an agent’s authority to transact, ensuring that a user’s intent is accurately reflected in every purchase. This is a crucial development for a market where global players are already seeing a dramatic shift towards digital payments. To develop this framework, Google Cloud has collaborated with a diverse group of over 60 organizations, including major Southeast Asian companies like Shopee, Lazada, Razer, and Garena, as well as international giants like Mastercard and PayPal. This broad partnership base helps to prevent a fragmented ecosystem and ensures interoperability from the start.
AP2 establishes trust by using a system of “Mandates”—tamper-proof, cryptographically-signed digital contracts that serve as verifiable proof of a user’s instructions. For a real-time purchase, like asking an agent to “Find me new white running shoes,” an Intent Mandate captures the initial request. Once the user approves a specific cart, a Cart Mandate is signed, creating a secure record of the exact items and price. For delegated tasks, such as “Buy concert tickets the moment they go on sale,” a detailed Intent Mandate with specific rules and price limits is signed upfront, allowing the agent to automatically generate a Cart Mandate on the user’s behalf once the conditions are met.
This chain of evidence, from intent to payment, creates a non-repudiable audit trail that provides a clear foundation for accountability and helps answer the critical questions of authorization and authenticity. The protocol is also flexible, providing a foundation for entirely new commercial models. An agent could, for example, monitor prices and automatically execute a secure purchase the moment a specific item becomes available at a desired price, capturing a sale that would have otherwise been lost. This also extends to complex tasks, like booking a round-trip flight and a hotel simultaneously, with the agent interacting with multiple services and executing cryptographically-signed bookings once a budget is met.
AP2 is also designed to be a universal protocol that supports a variety of payment types, from traditional credit and debit cards to stablecoins and cryptocurrencies. To accelerate support for the Web3 ecosystem, Google, in collaboration with partners like Coinbase and MetaMask, has launched a production-ready extension for agent-based crypto payments. This forward-looking approach positions AP2 as a foundational technology for a new era of AI-driven commerce.
