The era when AI does your online shopping for you has truly arrived.

Nearly a year has passed since the start of the "hundred Agents melee". Each of us has, to some extent, "raised" several increasingly intelligent AI agents in our phones. The capabilities of multi-modal large models have far exceeded our imagination from last year.

At this moment, all you need to do is say to your phone, "Based on my annual leave and budget, plan a 5-day Golden Week trip. I don't want to go to crowded places. It'd be best if there are opportunities for hiking and stargazing."

Within seconds, a perfect travel plan unfolds before your eyes. However, in the end, your AI Agent can only reluctantly present you with a series of payment links and app jump pop-ups. "Click here to confirm your flight ticket," "Jump to the app for hotel pre-authorization"...

This is the most frustrating "prisoner's dilemma" in 2025, an era when artificial intelligence seems omnipotent: We've created the most powerful efficiency tool in human history, but we've confined it to a digital cage where it can't conduct value exchanges with the real world. It can process almost all the world's information but can't handle the most crucial value. It has extraordinary intelligence but no "economic rights" at all.

Recently, Google officially launched and, in collaboration with over 60 industry giants, is promoting the "Agent Payments Protocol" - AP2. This signals that a trillion-dollar "Agentic Commerce" era is approaching faster than we thought.

Today, Silicon Rabbit, based on exchanges with its Silicon Valley expert team, will deeply dissect the AP2 protocol and the business future it points to.

01

Why can't powerful Agents take that "final step" of autonomous transactions? Because there's a mountain called "trust" in front of them.

Our existing entire financial payment system is built entirely around the "human" subject. Every security measure in it is based on assumptions about human behavior - the password you enter manually, the click to confirm "agreement", your unique fingerprint or face.

When the executor changes from "you" to "your Agent", the entire foundation of trust collapses. This brings three soul-searching questions, which are also obstacles that all past AI payment attempts couldn't bypass:

Authorization question: "Merchant, how can you trust that this AI is sent by me?"

When an Agent sends a ticket-booking request to an airline, how can the airline be 100% sure that this request truly comes from the user's real authorization, rather than a runaway program hijacked by hackers or malfunctioning due to a bug? Without verifying the authorization, no merchant would dare to accept an order from a "robot".

Authenticity question: "Is this order really what I intended?"

Users' intentions are complex and vague, and an Agent's understanding may deviate. If I tell my Agent, "Book me a flight ticket to 'Springfield'", it might book a ticket to any of the dozens of cities with the same name in the US. When the Agent submits an incorrect order to the merchant and pays with my money, how can the "authenticity" of this transaction be guaranteed?

Responsibility question: "If something goes wrong and I buy the wrong thing, who's going to take the blame?"

This is the most fatal question. If an Agent makes a mistake in a transaction, who's responsible? Is it because the user's instructions were vague? Is there a flaw in the Agent platform's technology? Or is there a problem with the merchant's system connection? Without clear responsibilities, disputes would be a nightmare. No financial institution or commercial platform would dare to get deeply involved in such a vague area.

These three questions are like three shackles, locking AI Agents firmly in the role of "information assistants" and preventing them from becoming true "full-fledged butlers" that can handle affairs for us.

02

The AP2 protocol didn't come out of nowhere. It's the final chapter of a well-planned "AI economy socialization" trilogy. Looking back at the industry's progress over the past year, you'll find a clear evolutionary path.

Step 1: Giving "hands and feet" (MCP protocol - Agent-to-Tool)

In November last year (2024), the MCP protocol (Manus-Connected Protocols) launched by Anthropic, a major competitor of OpenAI, started to draw attention. Its core is to solve the problem of connecting Agents with "tools" (Tools/APIs) in the external world. It's like giving AI flexible "hands" and "feet", enabling it to truly operate software, access data, and execute tasks.

Step 2: Teaching "language" (A2A protocol - Agent-to-Agent)

In April this year (2025), Google launched the open A2A protocol (Agent-to-Agent Protocol). If the MCP gives a single Agent the ability to act, then the A2A enables all Agents to learn a "universal language". Based on this protocol, Agents from different companies and platforms can communicate with each other, assign tasks, and collaborate to complete complex tasks that an ordinary person would need to switch between more than a dozen apps to handle.

Step 3: Issuing an "economic ID" (AP2 protocol - Agent-to-Merchant)

Now, the AP2 has arrived. After Agents have the "hands and feet" to act and the "language" to collaborate, Google finally provides the last and most crucial thing - the qualification to conduct value exchanges in the business world. The AP2 protocol is like a global "ID card" and "credit card", making every business action of an Agent authorized, verifiable, and traceable.

From connecting tools, to connecting peers, and then to connecting businesses, the "economic evolution history" of AI Agents unfolds slowly. Google's strategy clearly aims to cultivate Agents from intelligent "digital lives" into mature "economic entities" step by step.

03

What magic does AP2 use to solve the three "trust questions" mentioned earlier?

The core of the answer doesn't lie in inventing some brand-new encryption technology, but in designing a delicate and tamper-proof "digital evidence chain". The core of this evidence chain is called "Mandates".

You can think of a "Mandate" as a legally binding "digital notarization" or "power of attorney" encrypted and signed using blockchain technology. It establishes an irrefutable trust foundation for each transaction through a "three-step" process:

Step 1: "Intent Mandate" - Locking in the "idea"

When a user gives an instruction, such as "Help me grab tickets for Taylor Swift's concert next week, with a budget of less than $800 and only for the inner field", AP2 will first generate an "Intent Mandate". This document clearly records the user's original intention and all the limiting conditions, and is digitally signed by the user. It's like a notarized contract of entrustment and is the starting point of the entire evidence chain.

Step 2: "Cart Mandate" - Locking in the "fact"

When the tickets go on sale and the Agent successfully grabs a ticket that meets all the conditions (for example, seat 3, row 5, area A in the inner field, costing $780) and adds it to the cart, the system will immediately generate a second key document - the "Cart Mandate". This document details the precise information about the product, the price, the merchant, and other specific facts. In an entrusted scenario, it's automatically generated based on the first mandate; in a real-time shopping scenario, it's sent to the user for final confirmation. This is the most crucial step, as it takes an unalterable "order snapshot" of the transaction's content.

Step 3: Payment association - Locking in the "transaction"

Finally, the user's payment tool (such as a credit card) is authorized, but it pays not to the merchant directly, but to this newly generated and verified "Cart Mandate". This means that your money will only be used to pay for the specific product you've authorized and whose details have been locked in by facts, and there's no chance of it being misused.

From the "idea" to the "fact" and then to the "transaction", this complete evidence chain perfectly answers the three questions of "authorization, authenticity, and responsibility". Behind every flow of money, there's an undeniable "digital contract" as support. Trust is thus meticulously built with code.

To make these rules a common industry standard, Google has shown its strong ecological influence. The AP2 protocol is a completely open-source and open protocol, and its list of initial partners is extremely impressive. More than 60 global giants from various fields have become the first partners of AP2. We can see:

Payment and financial giants: American Express, Mastercard, PayPal, UnionPay International, Ant International, Revolut...

E-commerce and travel giants: Alibaba, Ctrip, Etsy...

Cryptocurrency and Web3: Coinbase, Mysten Labs...

Enterprise service giants: Salesforce, ServiceNow, Intuit...

This lineup covers almost all areas that future Agent commerce might reach. This clearly shows that Google's ambition isn't to create a closed payment tool, but to unite the entire industry to jointly establish the underlying trust standards for future AI commerce.

Behind this, it signals a profound shift in the business paradigm. In the future, business interactions won't involve "people" laboriously clicking, comparing, and buying on the UI interfaces of various platforms. Instead, in the background, your personal Agent will directly have high-speed conversations, intelligent negotiations, and secure transactions at the API level with the service Agents of airlines, the pricing Agents of hotels, and the inventory Agents of e-commerce platforms.

Conclusion

The release of AP2 isn't the end of a technological update, but the beginning of AI fully taking over business transactions. It clearly declares that future business competition won't be between apps and websites, but between different Agent ecosystems.

To understand and answer the future battles in Agent ecosystem commerce is far beyond what can be achieved by reading any public report or technical document.

It requires in-depth, private, and honest closed-door conversations with those who are on the front line in Silicon Valley, building these systems, defining these rules, and constantly thinking about their business boundaries. And this is exactly the core value of Silicon Rabbit.

When your team is arguing over technical routes, when your investment decisions are pending, when your product strategy is in a fog... Remember, the confusion you're facing might be a journey that some expert has already overcome. We at Silicon Rabbit believe that real first-hand experience always comes from those who are driving industry change.

Silicon Rabbit has more than 30,000 senior executives from leading companies, core technical experts, well-known university professors, and entrepreneurs from the front line in Silicon Valley. They not only have rich industry experience but are also deeply involved in industrial transformation, with fresh and reliable first-hand insights.

If you need to have one-on-one, reliable, and in-depth exchanges with the top minds in the industry regarding specific investment targets, strategic directions, or technical problems, please immediately scan the QR code below to contact us. We're committed to building a bridge for you to connect with the world's top wisdom and help you make more forward-looking decisions in a complex market environment.

This article is from the WeChat official account "Silicon Rabbit" (ID: gh_1faae33d0655), author: Silicon Rabbit. It is published by 36Kr with authorization.