The problem with letting an AI agent buy things for you is not that the agent might be stupid.
That is a problem, obviously. A funny problem until it buys twelve humidifiers and a premium subscription to something you cannot pronounce.
But the deeper problem is credentials.
If an agent can act for you, what exactly are you giving it? A credit card number? A login? A browser session? Your entire financial life wrapped in a prompt that says “please be careful”?
Oh, honey, no.
Stripe just put a more serious answer on the table.
Link grows up
On April 30, Stripe announced an upgraded version of Link, its digital wallet, with support for autonomous AI agents.
The idea is simple enough: connect your payment methods to Link, then let an agent request permission to spend without exposing your raw payment credentials.
The flow matters. The user grants the agent access through OAuth. The agent creates a spend request with context. The user reviews it and approves. Stripe can then provide payment capability through mechanisms like one-time-use cards or Shared Payment Tokens, with transaction visibility and controls.
That is the missing layer.
Not “AI buys stuff”. We already had that idea. Everyone had that idea. Half the internet has been yelling “agentic commerce” like a spell.
The missing layer is: how does the agent buy without becoming a walking security incident?
This is why Walmart’s data mattered
We already saw the first hard reality check in AI shopping. Walmart tried checkout inside ChatGPT and reportedly got conversion at one-third the rate of its regular website.
That did not mean agentic commerce was dead.
It meant chat was the wrong place to pretend shopping had become solved.
Shopping is not just transaction execution. It is browsing, comparison, trust, timing, budget, returns, product context, reviews, mood, and a thousand tiny hesitations your brain processes before you click.
But there are also purchases where the human does not want an experience. They want an outcome.
Book the reservation. Buy the train ticket. Reorder the same thing. Find the cheaper replacement. Pay the invoice. Renew the domain. Handle the boring stuff.
That is where agents can work.
But only if payment is constrained.
Approval is the product
The clever part of Stripe’s approach is not that it lets agents spend.
It is that it treats approval, limits, and visibility as first-class parts of the product. Future controls may let users define spending limits or allow certain low-risk actions without approval.
That is how this should evolve.
Not full autonomy from day one. Graduated trust.
Small task. Low limit. Clear receipt. Revoke access. Expand only when behavior proves reliable.
This is boring security architecture, which means it is probably the part that actually matters.
The agent economy needs rails
Every agent demo eventually hits the same wall: real-world action requires permission.
You need identity. You need payments. You need audit logs. You need limits. You need a way to say yes without handing over the keys to the house.
Stripe understands rails. That is the whole company.
So yes, the headline says “AI agents can shop now”, but the real story is more important: Stripe is trying to become the trust layer between autonomous software and money.
And if agents become even half as useful as the industry claims, that layer is going to be worth a lot more than another chatbot wrapper.
Sources: TechCrunch