Who decides which agents get to transact?

On June 10, 2026, Mastercard and Visa each announced credentialing infrastructure for AI agents. Same day. Neither mentioned the other. The mainstream coverage treated it as parallel payment news—two incumbents adapting to AI.

Both announcements claim something bigger than the transaction fee: the right to decide which AI agents are allowed to act in commerce at all.

The networks have run this play before. In the 1970s and 1980s, they established themselves as mandatory intermediaries for merchant commerce. Every merchant that wanted to accept cards needed to be in the network. The networks set terms and collected fees. More importantly, they controlled who could participate. Merchant acceptance became a function of network membership, not capability.

Two registries

Mastercard’s system is called Agent Pay for Machines (AP4M). It registers agent credentials, defines what each agent is permitted to spend, routes transactions across Mastercard’s rails, and settles in traditional currencies or stablecoins. The system is designed for micropayments worth fractions of a cent, processed at machine speed. The credentials live on public blockchains: Polygon, Solana, Base. Each agent’s spending limits and authorization rules are stored on-chain, where merchants can check an agent’s permitted scope before a transaction clears. Thirty-one partners signed on at launch: Coinbase, Stripe, Adyen, Cloudflare, RippleX, Aave Labs, and others. The network is real.

Visa went a different direction. Its Agentic Directory is a proprietary list—agents and merchants Visa has verified as legitimate participants in agent commerce. Merchants consult it to decide which agents can be trusted to transact on their sites. Identity and behavioral signals ride along in the credentials. In Visa’s framing, “trust travels with the transaction.” OpenAI is the first named partner. Anthropic, Microsoft, Perplexity, and Mistral have framework-level relationships with Visa’s broader Intelligent Commerce initiative, but OpenAI got the press release.

The architectural difference is smaller than it appears. Mastercard’s blockchain settlement looks more open until you ask who chose the chains. And USDC, the stablecoin likely to move through these systems, is issued by Circle and can be blacklisted at the address level. Visa’s directory is straightforwardly proprietary. Both approaches produce the same structural outcome: a gated list of authorized agents, administered by the network.

The Cloudflare detail

Cloudflare’s presence on Mastercard’s launch partner list is the most telling detail. Cloudflare runs the web’s edge infrastructure—the layer where most HTTP traffic passes before it reaches an application server. Its Chief Strategy Officer said at the launch that “Cloudflare has already become the premier environment to build and secure AI agents; now, those agents need a trusted way to independently pay for the resources they consume.”

The pitch places credentialing at the networking layer, before any payment decision—deeper in the stack than checkout. An agent running inside Cloudflare’s infrastructure could carry AP4M credentials as part of its identity at the edge. Credentialing moves upstream from the point of transaction to the point of execution.

The opposite architecture

The architecture being built here has an alternative, and the alternative already works. L402, the Lightning-based protocol from Lightning Labs, lets any agent pay for a resource on the fly using a cryptographic proof of payment that doubles as an access credential. No account provisioning, no registry check. The credential is purchased, not granted. x402, Coinbase’s HTTP-layer approach, works the same way: a server responds to an agent with payment instructions, the agent pays, and access follows, with no prior relationship between the parties.

The card networks are building the opposite. AP4M and the Agentic Directory are enrollment systems, built on the assumption that trusted agent commerce requires an authority that decides who is trusted. L402 and x402 assume cryptographic payment is sufficient proof of legitimacy—the network doesn’t need to know who you are before you can transact. Two theories of how agent commerce should work, and which institutions should sit at its center. One of them is already deployed without anyone’s permission. The question is whether mainstream commerce ever encounters it.

Where the chokepoint forms

Neither network spells out what happens to uncredentialed agents. Neither says they’re blocked outright. The incentive structure does the work instead. Merchants who adopt these systems will extend trust to credentialed agents first. Uncredentialed agents face friction at best, rejection at worst.

Cloudflare’s participation says the enrollment layer won’t stop at payments. And if Mastercard and Visa credentials become the standard that mainstream commerce trusts—and the partner lists read like a plan to make that happen—every agent that wants to transact on the commercial internet will need to be in the registry. The networks will have done for agents what they did for merchants fifty years ago.

This is an authorization business. The networks know exactly what they’re building.