Visa has introduced the Trusted Agent Protocol, a framework designed to facilitate secure communication between AI agents and merchants throughout online transactions.
Developed with Cloudflare, the protocol establishes a standard for verifying and authenticating agent-driven interactions in digital commerce. It is now available via the Visa Developer Centre and GitHub.
The rise of AI-enabled shopping tools has transformed consumer behaviour, with AI-generated traffic to US retail platforms increasing sharply over the past year. As these systems handle more purchasing decisions, retailers face growing challenges in distinguishing legitimate agent activity from harmful automation, and in maintaining visibility into customer data linked to agent-assisted payments.
Addressing emerging risks in agentic commerce
The Trusted Agent Protocol allows approved AI agents to securely transmit essential information such as transaction intent, customer recognition data, and payment details to merchants. This helps identify authorised agents with genuine commercial intent while reducing false positives in bot-detection systems. Visa collaborated with several industry partners, including Adyen, Microsoft, Stripe, and Coinbase, to refine the protocol’s specifications.
According to representatives from Visa, the initiative reflects a general effort across the payments sector to ensure AI-mediated transactions offer the same level of trust and security as current payment methods. Officials from Cloudflare noted that shared standards will be crucial as AI systems increasingly act on behalf of human consumers.
Initially implemented within the Visa network, the framework is built upon the HTTP Message Signature standard and aligns with WebAuthn protocols. Visa said it intends to work with global standards organisations such as IETF, the OpenID Foundation and EMVCo to promote interoperability and industry-wide adoption.
The company has also expressed plans to align the protocol with other initiatives, including the Agentic Commerce Protocol and Coinbase’s x402 framework, to support consistent, secure communication across multiple AI commerce platforms.
