Google Cloud yesterday unveiled a new open standard to secure AI agent-led payment transactions online, which will let an AI agent complete a purchase even if a human user is not there at the time of purchase.
Called Agent Payments Protocol (AP2), it is developed with more than 60 payments and technology organisations. AP2 aims to provide a “payment-agnostic framework” for trusted, AI-driven commerce, according to Google Cloud.
Existing payment systems were designed for humans to click “buy” on a trusted interface. With more autonomous AI agents capable of transacting on behalf of users, Google says a common way is needed to securely authenticate, validate, and convey an agent’s authority to transact.
AP2 provides a framework that promises to securely authenticate, authorise and determine accountability if a fraudulent transaction happens. The protocol can be used as an extension of the Agent2Agent (A2A) protocol and Model Context Protocol (MCP), aligning with industry standards while supporting all types of payment methods, from credit and debit cards, real-time bank transfers to stablecoins.
“AP2 is an open, shared protocol that provides a common language for secure, compliant transactions between agents and merchants, helping to prevent a fragmented ecosystem,” said Rao Surapaneni, vice-president and general manager of Google Cloud’s business applications platform.
“This helps ensure a consistent, secure, and scalable experience for users and merchants, while also providing financial institutions with the clarity they need to effectively manage risk,” he added.
How it works
AP2 uses “mandates”, which are tamper-proof, cryptographically signed digital contracts that are proof of a user’s instructions. This mandate chain ensures authorisation, authenticity, and accountability across all transactions.
Mandates are used when a user shops with an agent in two ways – real-time purchases or delegated tasks.
For example, when a user asks an agent to find and buy an item in real time, the intent and final cart are captured as signed mandates. This creates a secure, unchangeable record of the exact items and price
For a delegated task, say, when a user pre-authorises conditions, such as “buy tickets when they go on sale,” an AI agent can create a “cart mandate” to make and complete the purchase autonomously, according to the criteria set.
The protocol also extends to emerging payments systems, such as the Web3 ecosystem, with Google Cloud’s collaboration with organisations like Coinbase, MetaMask, and the Ethereum Foundation to extend AP2 and launch of the A2A x402 extension, a production-ready solution for agent-based crypto payments. Such extensions aims to help shape the evolution of cryptocurrency integrations within the core AP2 protocol.
More than 60 organisations are working with Google Cloud on AP2. These include Airwallex, Shopee, Lazada, Razer, ZALORA, Adyen, Mastercard, PayPal, American Express, UnionPay International, and Worldpay.
According to Mark Micallef, managing director for Southeast Asia at Google Cloud, AP2 is particularly relevant for Southeast Asia, where the gross merchandise value of the digital economy reached US$263 billion in 2024 and digital payments are on track to surpass US$2.1 trillion by 2030.
“AP2 establishes the core building blocks for secure transactions that will drive further growth, creating clear opportunities for the industry – including networks, issuers, merchants, and end users – to innovate on adjacent areas like seamless agent authorisation,” he added.
