AI agents can decide what to buy. Nobody has made it safe to let them pay. Mandate is an agentic wallet — the funding, authorization and audit layer that makes agent spending defensible: provable authority, bounded blast radius, evidence that stands up in a dispute.
Every layer of payments assumes a human is present. Autonomy breaks all of it at once.
The buyers feeling it now: agent builders with no safe way to grant purchasing power, and enterprises whose finance teams won't sign off agent spend without policy and audit.
Cards, wallets and APIs already move money. What’s missing is the layer that makes an agent’s spend defensible — to a CFO, an issuer, a regulator, a court.
A signed mandate: who delegated, to which agent, for what scope, caps, expiry. The audit chain runs intent → cart → charge → receipt.
Caps, velocity and approval thresholds enforced server-side, outside the model. Prompt injection can fool the agent — it cannot raise the cap.
Evidence-grade records that win disputes and satisfy audits. Authentication done where it belongs: human-present at card-save (3DS), MIT after.
Whoever makes agent spend defensible — not merely possible — wins the layer.
No custody in Phase 1 — the wallet holds authority, not money (user→PSP→merchant), staying outside e-money / money-transmitter scope. Funded balances later, via licensed BaaS partners, only if customers demand the float-as-risk-cap.
| vs | Their game | Our wedge |
|---|---|---|
| Protocols & networks (AP2/UCP, ACP, x402, Visa/MC) | Own a standard / a rail | Implement all of them — substrate, not competitors. Partisans can’t credibly be the neutral layer. |
| Nekuda ($5M — Madrona, Amex & Visa Ventures) | Card-mandate SDK in the dev’s stack — closest competitor, validates the thesis | Mediator enforcement (not embedded advice) · multi-protocol · enterprise policy surface |
| Skyfire ($9.5M — a16z CSX, Coinbase Ventures) | Agent identity (“KYA”), crypto-leaning | Identity ≠ governance — likely partner: their KYA + our mandates = full trust stack |
| Stripe / Ramp | Can copy any payment mechanic | Both structurally conflicted: Stripe is ACP-partisan & merchant-side; Ramp is human-spend DNA. Neutral, agent-native, buyer-side is the slot they can’t take cleanly. |
| DIY card-in-the-prompt | The real incumbent | Free until the first incident. Our flagship case study is “the cap held.” |
Infra revenue pool: $150–300B US agentic GMV × 15–25% through independent stacks × 0.25–0.75% take. Conservative & base scenarios.
30–60 platform customers · $100–500M GMV under mandate · take + platform fees.
VC already into the niche (Nekuda + Skyfire + Basis Theory) incl. Visa & Amex Ventures. ACP live in ChatGPT; UCP live with Walmart/Target/Shopify.
Sources: McKinsey (Oct ’25) · Morgan Stanley (Dec ’25) · Bain · eMarketer · Gartner (Nov ’25) · Rye/Stellagent landscape · Pulse2 (Nekuda). Take rates estimated from PSP/fraud-infra comparables — reverify before investor use.
① Wallet API + dashboard — card save (SetupIntent + 3DS) → off-session MIT, no custody
② Mandate engine — signed scope, caps, velocity, TTL, revocable, VC-ready schema
③ Enforcement mediator — allow / deny(reason) / step-up, server-side
④ Three modes — autonomous · approve · hybrid(threshold), per mandate
⑤ Audit chain — intent→receipt, hash-chained, export + webhooks
⑥ SDKs (TS + Python) + MCP server — any Claude/MCP agent in minutes
⑦ One protocol adapter: ACP (largest live distribution); AP2 stubbed
⑧ Showroom — GroceryDash rebuilt on the public API
Custody / balances (Phase 3, via BaaS partner)
Virtual-card issuing (Phase 2)
x402 / crypto rails
Visa IC / MC Agent Pay certification (track only)
Consumer app (showroom only)
Agent payouts (different problem)
Agent identity / KYA (integrate, don’t build)
≥3 design partners live · ≥1,000 enforced transactions · ≥1 real “the cap held” incident as flagship case study · audit export passes a partner finance review · integration ≤1 day, measured.
De-risked: the mechanics (SetupIntent→MIT, three modes, mediator, MCP tools, approval UX) are already running in the GroceryDash prototype — this is productization, not research.
Mandates, caps, audit, reconciliation are the product to finance/platform buyers — and friction to consumers. Commercial contracts also remove the consumer repudiation/friendly-fraud surface.
Free sandbox → $0.10–0.25/enforced tx or 0.25–0.5% GMV + $500–2k/mo platform → enterprise $30–100k+ ACV. Anchored to risk avoided, not processing.
No consumer app. No custody until a deal demands it. No protocol of our own. No head-on Stripe/Ramp fight — occupy the conflicted slot.
① Neutrality — every potential copier is partisan to a rail/protocol; their conflict is our position
② Enforcement-point gravity — finance teams don’t churn their control point
③ Mandate + audit corpus — the system of record for agent spend
④ Standards seat — visible multi-protocol implementation buys a chair
Not a moat: the payment mechanics. Anything “Stripe + caps” gets copied.
Stripe absorbs the category → be the cross-PSP layer it can’t be; win MCP surface first
Ramp/Brex move down → 12–18mo window; also most plausible acquirers
Nekuda wins the slot → out-execute: mediator > SDK, multi-protocol, enterprise policy
Adoption lags forecasts → conservative plan-of-record; costs scale with GMV
Prompt injection unsolved → our demand driver: we bound the blast radius
Fund 3 engineers + 1 BD for 12 months ≈ $1.2–1.8M against: private beta in 12 weeks · ≥3 design partners live · ≥1,000 enforced transactions · ACP adapter shipped + both partner-program applications filed · ≥$100M committed GMV-under-mandate pipeline by month 12.
Every agent transaction carries a verifiable mandate.
We issue, enforce, and prove them.