Week 16, 2025 - AI sharp edges

Song of the week:

Top of mind

Over the last few weeks in $job, I've been having a lot of conversations about AI. Real ones, not the airy-fairy bogeyman stuff. I've met with some AI innovators, researchers and some large companies who are trying to tease out what the future might look like for AI. My perspective in work is very specifically around commerce, who's nomenclature is appearing as "agentic commerce" from what I can see.

Let's take an example of a normal punter who wants to leverage AI. They upload 10 pictures of themselves to the agent (Claude, GPT, whatever) and tell the agent that this represents the style that they like, and where they felt they looked good. Imagine weddings, birthdays, etc. etc. Now the prompt is to go off into the internet, knowing what the person enjoys wearing and feels good in + their size/etc., and to order a box of clothing that's weather appropriate a few times per year.

This isn't a weird request that's super-future wizardry levels. It's probably available today, but it will break at the commerce end of the stick. Because if I send an agent out to buy clothes for me, it's technically fraud to take a payment on-behalf-of me, but it's fine. Much like my wife using my card, or an assistant in work booking flights, etc.

But if 1000 people called upon an agent to go buy clothes, a merchant could be besieged by what appears to be fraudulent requests. Especially if they come from the same agent with the same IP, etc. etc. Worse, it could look like a card testing attack, which in-turn could cancel the cards associated to the innocent users.

There are solutions evolving, and $job is noodling on very excellent ones.

But let me make the problem worse. Imagine a ticket issuing company. And the world's biggest band/artist/star is launching a new tour. Why bother getting into a virtual queue on a bogged-down network when you can send an agent to do your bidding?

Assume there's an agents.txt file that everyone adheres to and respects (I say this because no one respects robots.txt today). If I'm the ticketing company, I could have two queues: one for humans and another for agents. And, because I'm an awful global evil corporation, I will charge extra for folks to use agents on behalf of them. And because I know where an agent is being used, I can use my own agent to take, sort and handle those requests.

In both scenarios, at the end of the chain a user interaction is likely required. Ideally a phone prompt to use faceID/fingerprint or to type a 6-digit code to authorise the transaction the agent has initiated. Or an inline transaction window within the agent interface itself. Either way, something needs to cause the owner of the card to authorise, if not for anything else for regulatory reasons.

The other sharp edge here is APIs and standards being used. Google has A2A, which adheres to Anthropic's MCP. But this is evolving quickly, so there's a fastest-mover advantage, but I also think openAI developing their own standard is likely to get quick and easy traction given their size in the space. How a merchant, card acquirer or solution provider handles the information is going to be critical. Even in my examples above, there's a risk that the raw PAN (basically your raw card details) are shared to an agent... and who knows where that could wind up.

It's a super interesting space that's fast moving. And I do think within the year, people will be transacting through agents more frequently than you imagine. I think Black Friday/Cyber Monday will see lots of cash flow via agents.

And when you consider the future of stablecoins and crypto in general (programmable agents running commerce on programmable rails)... well, then you're in 4D chess land.

Photo of the week

(via my flickr)

Tabs

Meta

Published on: 17th April, 2025

Tagged With: