AI agents can already talk to each other, call tools, and move money over the internet. What the stack still lacks is a shared way to decide when the money should actually move. That unresolved “judgment layer” is where crypto standards like ERC-8183 are now trying to wedge in.
The emerging stack for agentic commerce
In less than three years, agentic commerce has gone from a speculative idea to a live infrastructure race with credible adoption metrics.
On the tooling and connectivity side, Anthropic’s Model Context Protocol (MCP) has become a core primitive. MCP now runs on more than 10,000 public servers and is pulled in 97 million times per month via SDK downloads, giving agents standardized access to external tools, APIs, and data sources. It effectively solves the “tool/data layer” for many agent applications.
For cross-system coordination, Google’s Agent-to-Agent (A2A) protocol launched in April 2025 with 50 partners and scaled past 100 supporting companies before being handed to the Linux Foundation. A2A is designed so agents in different organizations can communicate and orchestrate work, addressing interoperability rather than money flow.
On the commerce side, Google followed up with the Universal Commerce Protocol (UCP) on Jan. 11, bringing in Shopify, Walmart, Target, Mastercard, Stripe, Visa, and American Express as early supporters. UCP aims to standardize how agents drive live checkout flows with major retailers and payment networks, pulling autonomous decision-making deep into real-world transactions.
The payment transport layer is also filling in. Coinbase’s x402 protocol, an implementation of HTTP-402 payments, enables automatic stablecoin transfers over plain HTTP. By late 2025, x402 reported more than 100 million payments processed across APIs, consumer apps, and AI agents. In parallel, standards like the Agent Payment Protocol (AP2) have emerged around signed payment mandates, specifying what an agent is authorized to spend.
This is a remarkable amount of standardization for a category that barely existed three years ago. Yet, across MCP, A2A, UCP, AP2, and x402, the pattern is consistent: they address connectivity, coordination, and initiation of payments, not the question of whether the underlying work was actually delivered.
Standardization so far: connecting, authorizing, moving money
Looking across the stack, today’s protocols cluster into three roles: connecting agents to tools and each other, authorizing spend, and transporting money.
MCP connects AI applications and agents to external tools and data, but it does not attempt to verify that a requested task produced a valid or acceptable outcome. A2A lets agents communicate and coordinate across organizational boundaries, but it does not hold funds in escrow or arbitrate deliverable quality.
UCP standardizes agent-driven checkout flows, embedding agents into real-world commerce. However, once a service or task is purchased, UCP does not define how to determine whether the service was actually provided as agreed.
AP2 and x402 then carry the financial side. AP2 frames payments around cryptographically signed mandates, proving what an agent is allowed to spend. x402 moves stablecoins over HTTP, but it is purely a transport rail — it does not evaluate whether those funds should be released only after successful work completion.
Even Mastercard’s Verifiable Intent, introduced on Mar. 5 and co-developed with Google, stays in the authorization lane. It provides a trust and audit layer for proving that a user authorized a purchase and for supporting dispute resolution. It offers evidence about consent, not ground truth about whether the promised outcome materialized.
In short, the industry has well-defined answers for “Was this payment allowed?” and “Can these agents talk and transact?” It does not yet have a common answer for “Who decides the work was done, and on what basis?”
ERC-8183: crypto’s escrow primitive for agent tasks
ERC-8183, a draft Ethereum standard published on Feb. 25, is crypto’s attempt to encode that missing decision point as a programmable primitive.
Stripped of its “agentic commerce” framing, ERC-8183 is a minimal state machine for job-based escrow. A client opens a job and locks the budget into escrow. A provider submits the work. An evaluator then marks the job as completed or rejected. If the job expires without a successful completion, funds are automatically refunded to the client.
The specification describes this as a four-phase sequence: Open, Funded, Submitted, and Terminal. Crucially, it explicitly states that only the evaluator may mark the job as completed once work is submitted. That makes the evaluator the key authority in the flow.
Participants in the Ethereum Magicians discussion thread were quick to note that there is “nothing especially ‘agentic’” in the structure. One commenter described ERC-8183 as “a job registry with escrowed funds.” The critique is directionally correct: the mechanism could be applied to any task-based transaction, human or machine, on- or off-chain.
That is also what makes ERC-8183 interesting. Instead of reinventing agent-specific semantics, it proposes a generic, programmable escrow primitive that any agent workflow can call when conditional settlement is required. The AI branding sits on top of a financial structure that predates agents — and even predates the internet.
The open question is not whether the pattern is new, but whether this is the specific primitive the current agentic stack is missing.
Authorization vs. verification: the real gap
The contrast between ERC-8183 and incumbent initiatives highlights where the true gap lies: verification, not authorization.
Google’s Agent Payment Protocol and Mastercard’s Verifiable Intent both focus on proving that a payment was properly authorized. AP2 uses cryptographic mandates to document what an agent was permitted to spend. Verifiable Intent generates a traceable record that a user sanctioned a transaction and provides an audit surface for disputes.
These systems answer questions like “Did the user or their agent approve this?” and “Can we reconstruct what was authorized?” They do not attempt to answer “Was the purchased service actually performed?”
That distinction surfaces a structural contradiction in the stack. A2A ensures cross-organization communication. MCP makes the right tools and data accessible. UCP, AP2, and x402 make it seamless for agents to initiate and complete payments. ERC-8183 inserts a conditional step: lock funds first, then release them only when some evaluator attests that the deliverable meets the specification.
The draft leaves the nature of that evaluator open. It could be the client themselves, an oracle network, a staking-backed validator set, a system anchored in zero-knowledge machine learning (zkML), or even a trusted execution environment (TEE)–style attestation. The spec does, however, explicitly reference ERC-8004 — a separate Ethereum proposal focused on on-chain trust and reputation for agents and counterparties — as the recommended composition layer for higher-value jobs.
In practice, that suggests a modular architecture: ERC-8183 for conditional escrow; ERC-8004 for identity, reputation, and validation; and potentially additional oracle, staking, or hardware-based systems for stronger guarantees. None of these are settled standards yet, but together they sketch out a crypto-native answer to “who verifies the work?”
The evaluator as the new power center
The evaluator role is where ERC-8183 moves from technical design to political and platform dynamics.
The standard’s security section is explicit about the risk: a malicious evaluator can arbitrarily complete or reject jobs. The document recommends pairing the core escrow logic with reputation mechanisms or staking for more valuable contracts and acknowledges that dispute resolution is out of scope for the base spec.
Builders in the Magicians discussion captured the crux succinctly. One observed that “the Evaluator is where the real complexity lives.” Another summarized the broader ecosystem problem as “everyone verifies the payment, nobody verifies the work.”
Those comments point to a likely structural pattern in open agent marketplaces: the actor that controls evaluation effectively controls the marketplace. If flows and reputation converge on a small set of evaluators or validation networks, they will sit at the highest-leverage point in the stack — the gate between locked funds and released payment.
In tightly scoped enterprise deployments, the complexity is muted. The client and evaluator are often the same entity, or evaluation is handled within a single organizational boundary. But in cross-organizational networks, where a provider in one domain fulfills work for a client in another, an independent evaluator becomes a potential choke point and profit center.
ERC-8183’s design makes that tension visible without resolving it. It identifies the escrow and verification step as a distinct layer, but the governance of that layer — who runs evaluators, how they are selected, how they can be challenged — remains open territory.
Who will own the conditional payment layer?
While the verification layer is still being defined, the rest of the stack is accumulating adoption quickly.
Gartner projects that 33% of enterprise software applications will include agentic AI by 2028, with 15% of day-to-day work decisions running autonomously by that time, up from effectively zero in 2024. Deloitte estimates the global agentic AI market at $8.5 billion in 2026, growing toward $35 billion by 2030, and suggests that as many as 75% of companies could be investing in the category by the end of this year.
On the demand side, IBM and the National Retail Federation reported in January that 45% of consumers already use AI during their buying journeys, including 41% who rely on AI for product research. As more of that decision-making is delegated to agents, the volume of agent-driven transactions that require settlement infrastructure will rise.
In that context, the “bull case” for ERC-8183 and related crypto primitives is straightforward: open agent marketplaces for research, code, inference, data, and microservices will involve enough cross-organizational, machine-to-machine commerce that on-chain, programmable conditional settlement becomes a practical necessity.
The “bear case” is that payments incumbents and enterprise software vendors extend their existing authorization frameworks to effectively absorb the verification problem before crypto-native standards gain traction. AP2’s mandates, Verifiable Intent’s authorization audit trails, and UCP’s deep integrations with major retailers are already positioning card networks and Big Tech at the same layer ERC-8183 is trying to reach from the other direction.
If Gartner’s 2028 adoption curve proves accurate, and a material share of procurement, research outsourcing, and service buying is delegated to agents, the most defensible position in the value chain may not belong to model providers. It may belong to whoever controls conditional payment: the infrastructure that holds funds, attests to outcomes, and releases money only when work clears verification.
ERC-8183 may evolve into that shared layer, or it may remain a generic escrow mechanism with an “agentic” label. Either way, it focuses attention on a primitive that predates AI and blockchains alike. Escrow and conditional payment are older than the internet; what is new is the attempt to standardize them for autonomous, cross-organizational digital agents.
For crypto and AI infrastructure builders, the strategic question is not simply whether agents need crypto to pay each other. It is whether the verification problem in agentic commerce is ultimately solved by extending incumbent authorization rails, or by programmable, composable escrow running on open networks. Both architectures are now live, neither is settled, and the answer will likely depend on where agents are doing the most economically meaningful work when the next wave of adoption arrives.
Hi, I’m Cary Huang — a tech enthusiast based in Canada. I’ve spent years working with complex production systems and open-source software. Through TechBuddies.io, my team and I share practical engineering insights, curate relevant tech news, and recommend useful tools and products to help developers learn and work more effectively.
