AGTNEWS
AI Agents Have Moved Money on Crypto Rails. Nobody Knows Who Is Liable.
A Keyrock report co authored with Coinbase and Tempo names four competing protocols but no single entity responsible when an agent transaction goes wrong.
A Keyrock report co authored with Coinbase and Tempo names four competing protocols but no single entity responsible when an agent transaction goes wrong.
When an AI agent executes a bad trade, sends a payment to the wrong address, or settles against a wallet that turns out to be sanctioned, the human who deployed it has no clear path to recover the money. The companies that built the rails the agent ran across have no legal obligation to make anyone whole. According to a Keyrock report published in May 2026, roughly $73 million has already moved across about 176 million agent-initiated transactions on blockchain rails between May 2025 and April 2026. None of the major regulatory frameworks taking effect this year, including MiCA in Europe, the U.S. GENIUS Act, and the EU AI Act, directly address who is liable when those transactions go wrong.
That gap is the story. The same Keyrock report, produced in collaboration with Coinbase, Tempo, and Virtuals, frames the moment as a "race for frictionless machine payments." CoinDesk's coverage of the report echoed the framing on May 24, calling crypto rails the emerging default layer for AI agents. The collaboration partners are not neutral observers. Coinbase builds one of the four protocols the report benchmarks, the x402 extension of HTTP 402. Tempo is a co-author of the Machine Payments Protocol that competes with it. Treating their shared thesis as a neutral finding would let the marketing do the reporting.
The empirical payload is real. Per Keyrock, 98.6% of agent payments settle in USDC, the stablecoin issued by Circle Internet Group. The median agent payment is between $0.01 and $0.10, well below the $0.30 floor where card-network fees stop being economical. Layer-2 stablecoin settlement costs roughly $0.0001 per transaction, which is the structural reason small agent payments exist on crypto rails at all. AI agents now account for 37% of all Safe transactions on Gnosis Chain and more than 75% on peak days. Coinbase has deployed tens of thousands of agents with built-in guardrails, per Keyrock. More than 104,000 agents are registered across 15+ directories and registries.
Four machine-payment architectures have launched in this window. Coinbase's x402 is an HTTP 402 "payment required" extension for agents. Stripe and Tempo built the Machine Payments Protocol, or MPP. Google pushed AP2, an authorization layer that signs agent intent before settlement. Visa extended its card-network credentials into a tokenized form agents can present. Coinbase and Stripe each span five of the six layers in the emerging payment stack, from settlement through governance, which means they are positioned to capture the value of any dispute resolution that gets bolted on later, or to skip building it.
The reason the volume is on these rails in the first place is a simple economic floor. Card networks price transactions above $0.30, which is fine for human commerce and untenable for an agent buying API calls, scraping services, or per-request inference at fractions of a cent. Stablecoins settled on Layer-2 networks clear for a hundredth of a cent or less. The forcing function is price, not ideology. As Gartner projects, cited via Keyrock, AI agents could intermediate $15 trillion in purchases by 2028. McKinsey's working estimate, also cited in the report, places retail agentic commerce between $3 trillion and $5 trillion by 2030. Those are forecasts, not audited facts, but the order of magnitude is what acquirers are pricing in.
Incumbents are pricing it in. Over the past twelve months, traditional finance has spent more than $8 billion acquiring machine-payment infrastructure. Capital One bought Brex for $5.15 billion. Mastercard paid $1.8 billion for BVNK. Stripe closed its $1.1 billion Bridge acquisition. The pattern is unambiguous: traditional payment companies are paying enterprise multiples to own the rails before agent volume arrives at scale, and they are paying with the assumption that the regulatory perimeter will not be retroactively redefined.
The regulatory perimeter is the open question. MiCA, the EU's Markets in Crypto-Assets regulation, is taking effect in stages through 2026 with full enforcement expected by mid-year. The GENIUS Act, the U.S. federal stablecoin framework, is on a similar mid-2026 timeline. The EU AI Act layers obligations on the providers of high-risk AI systems, with the most consequential provisions phasing in across 2026. None of these frameworks, per the Keyrock reading, directly addresses autonomous machine-to-machine transactions, the legal personhood of the agent that initiated a payment, or the liability allocation when an agent acts outside its intended mandate. A sanctioned-wallet settlement, a mispriced trade triggered by a prompt-injected agent, or a chargeback with no rail to dispute on all sit outside the explicit text of the regulations now coming into force.
Circle's May 11, 2026 launch of the Circle Agent Stack makes the liability question sharper, not softer. The product bundle includes Agent Wallets, Nanopayments routed through Circle Gateway down to $0.000001 per transaction, an Agent Marketplace, and a Circle CLI for developers. Circle positions AI agents themselves as the customer. That positioning presupposes the agent can be a counterparty in a transaction. The legal systems coming online in 2026 are not built for that presupposition.
The unresolved cases are already accumulating, and they are the kind of case the protocols have not agreed on a process for. A sanctioned wallet that receives an agent-initiated stablecoin transfer creates a sanctions exposure for the sender that does not exist on a card network, where the network operator can freeze the merchant. A mispriced agent trade that loses a treasury a measurable sum has no equivalent of a card chargeback; the stablecoin transfer is final on settlement. A prompt-injected agent that authorizes a payment outside its mandate has no defined path to clawback, because the protocol layer treats the agent's signature as authoritative. The protocols are designed to be trust-minimized in the cryptographic sense, which is exactly what makes them trust-maximizing in the legal sense when something goes wrong.
The dispute layer is the missing piece, and it is the piece the Keyrock collaboration does not address. A neutral reader can read the report and conclude that the smart money is on whichever of the four protocols captures the most layers of the stack, because vertical integration is the dominant commercial logic. The other reading, which the report does not extend, is that the protocol that captures the dispute resolution layer captures the regulatory conversation that follows, because every regulator that touches this space will need a counterpart to talk to. The accountability gap is not a feature the market will close on its own. It is the public-interest test the industry has not agreed to take.
What to watch: the first enforcement action by a U.S. or EU regulator against an agent-initiated payment that touches a sanctioned counterparty. The first acquirer or issuer to publish an explicit liability allocation for agent transactions. The first major agent deployment in banking, e-commerce, or enterprise SaaS that publishes a real incident postmortem with a defined recovery path. Any one of those will set the precedent the regulations now coming into force have not.