We’re watching something pretty wild unfold right now. AI agents aren’t just chatting anymore, they’re starting to spend money. Your AI assistant might soon book your flight, renew your subscriptions, or order your groceries. Which, honestly, sounds convenient until you stop and think: wait, who’s making sure this thing doesn’t go rogue with my credit card?
That’s the trillion-dollar question two tech giants are racing to answer, and they’re taking completely different approaches.
Google Says: Show Me Your Papers
Google’s betting on something called the Agent Payments Protocol (AP2), and it’s basically building a legal framework for robot shoppers. The core idea? Every time an agent wants to spend your money, it needs a Mandate. Think of it like a permission slip with very specific rules.
“You can spend up to $500 on flights, but only with these three airlines, and only for trips in the next month.” That kind of thing. It’s cryptographically signed, traceable, and auditable. If something goes wrong, there’s a paper trail showing exactly what the agent was authorized to do.
What’s interesting is who’s backing this. Google’s already got over 60 partners lined up (Mastercard, Amex, Coinbase). That Coinbase partnership is particularly telling. They’re not just thinking about credit cards; they’re building this to work with stablecoins too. This is infrastructure designed for a world where money moves in ways we haven’t fully imagined yet.
For the banks and regulators? This is music to their ears. AP2 fits neatly into existing frameworks around contracts and digital signatures. It’s the “safe” bet, if you can call any of this safe.
OpenAI Says: Just Talk to Me
Meanwhile, OpenAI and Stripe are taking a completely different route with the Agentic Commerce Protocol (ACP). Instead of building a universal trust system, they’re making shopping feel like… shopping. Or rather, like having a really good conversation.
You’re chatting with ChatGPT: “I need a birthday gift for my sister, she’s into hiking.” ChatGPT shows you products, you pick one, and boom, checkout happens right there in the chat. No jumping between apps, no friction. Behind the scenes, it uses something called SharedPaymentTokens to keep your card details secure, and merchants still have to approve each transaction before it goes through.
It’s elegant. It’s simple. But here’s the catch: it all lives inside OpenAI’s ecosystem. Your agent isn’t going out into the wild web with your mandate, it’s shopping in a carefully curated mall where OpenAI is both the architect and the security guard.
Two Philosophies, One Problem
The contrast here is striking. AP2 is building an open protocol that any agent on any platform could theoretically use. It’s decentralized trust—you create a mandate once, and it can work across different AI systems. ACP is centralized convenience, everything flows through ChatGPT, and trust is concentrated in OpenAI’s hands.
AP2 is mandate-driven: explicit pre-authorization for everything. ACP is token-driven: secure but flexible delegation within a controlled environment.
Google’s approach feels like it’s designed by lawyers and payment processors (and hey, maybe it was). OpenAI’s feels like it was designed by UX designers who never wanted you to think about payment protocols at all.
What Happens Next?
Here’s my take: both of these are going to exist, and merchants are going to hate it at first. You can’t pick sides in a two-horse race when both horses belong to trillion-dollar companies. Businesses will need to support both protocols. Agents will need to speak both languages.
We’re in the early days of something massive. This reminds me of the browser wars, except instead of rendering web pages, we’re talking about autonomous systems with spending power. The companies that figure out how to bridge these protocols, the ones building the translation layers, the compliance tools, the risk monitoring dashboards, they might end up capturing more value than the protocol designers themselves.
The Real Question
I keep coming back to this: which world do we actually want to live in?
Do we want the Google version, where every transaction has a clear audit trail and agents operate under strict, verifiable rules? That sounds safe, but it also sounds like a lot of overhead. Do we want the OpenAI version, where commerce feels effortless but we’re trusting one company to get it right? That sounds convenient, but it’s also a massive concentration of power.
The answer is probably “both, depending on what we’re buying.” Small stuff? Let the agent handle it conversationally. Big purchases? I want to see that mandate with my own eyes.
What’s certain is this: the protocols being built right now will shape how we interact with money for the next decade. The first time an AI agent buys something on your behalf without you explicitly clicking “purchase,” that moment will feel either magical or terrifying.
I’m not sure which yet. But I know we’re about to find out.