{"slug": "nobody-to-blame-who-pays-when-ai-agents-buy-for-you", "title": "Nobody to Blame: Who Pays When AI Agents Buy for You", "summary": "A new study by fraud-prevention firm Riskified found that 61.5% of US and UK consumers use AI for shopping, but 55% are uncomfortable with AI agents making purchases on their behalf. Half of consumers believe the AI platform should bear responsibility for unauthorized purchases, yet legal frameworks have not assigned liability, creating a widening accountability gap in agentic commerce.", "body_md": "## Nobody to Blame: Who Pays When AI Agents Buy for You\n\nPicture the moment of the mistake. Not a dramatic one, because the dramatic ones are easy to litigate. Picture instead the small, plausible failure: an AI agent embedded in your phone, told to “sort out the trip to Lisbon,” books a non-refundable fare for the wrong week. Or it renews a subscription you meant to cancel. Or it accepts terms and conditions on a checkout page, ticks a box authorising the sharing of your data with a dozen marketing partners, and moves on to the next task at a speed no human would bother to match. By the time you notice, the money has moved, the consent has been given, and the commitment has hardened into something you cannot easily reverse.\n\nNow ask the question that the entire emerging architecture of agentic commerce is currently unable to answer cleanly: who is responsible? You issued the instruction, but you did not approve the specific action. The platform built the agent, but it acted within the bounds you set. The developer trained the underlying model, but cannot foresee the millions of paths it might take. The merchant accepted the order, but had no way of knowing a human had not reviewed it. Four parties, each holding a fragment of the responsibility, and no settled rule for assembling those fragments into a single answerable entity. That gap, between what the software can now do and what accountability exists when it does it wrong, is the most under-examined risk in consumer technology today. And it is widening fast.\n\n## The shoppers who already feel it\n\nThe unease is not theoretical, and it is not confined to commentators. It has shown up in the numbers. In its first-quarter 2026 study of consumers across the United States and the United Kingdom, the fraud-prevention firm Riskified found a population that is enthusiastically adopting AI for shopping while quietly refusing to let go of the wheel. A clear majority, 61.5 per cent, said they had already used AI tools for product discovery and recommendations. Yet 55.0 per cent said they were not comfortable with AI agents making purchases on their behalf, and 53.9 per cent believed AI could increase their exposure to online fraud.\n\nRead those figures together and a coherent psychology emerges. People are happy to let an agent browse, compare, and suggest. They are markedly less happy to let it buy. The line they are drawing falls precisely at the point where browsing becomes a binding transaction, the point where money leaves the account and an obligation is created in their name. Riskified's data sharpens this further: 46.5 per cent said they did not trust any company to manage purchases for them, and 73.9 per cent expected strong safeguards, such as biometric checks or one-time passwords, before they would consent. Most revealing of all, 50.8 per cent said they believed the AI platform itself should bear responsibility for unauthorised purchases.\n\nThat last statistic is the hinge on which this whole subject turns. Half of consumers have already, intuitively, assigned the liability. They want the platform to pay when the platform's agent gets it wrong. The trouble is that the law has made no such assignment, and there is no guarantee it will arrive at the same answer that consumers consider obvious. The shift in sentiment is recent, too. Riskified noted that concern had grown compared with its late-2025 survey, with anxieties around fraud, security, and accountability actively slowing the path toward the fully autonomous, agent-driven checkout that the industry has been promising. The technology is racing ahead. Trust is not following at the same pace.\n\n## From novelty to infrastructure\n\nIt would be comforting to treat all of this as a problem for later, a speculative concern about a future that has not yet arrived. It is not. Agentic commerce has already crossed the threshold from demonstration to deployment. The major payment networks have built the rails. Mastercard's Agent Pay, announced in 2025, allows verified AI agents to transact on a consumer's behalf using what it calls Agentic Tokens, an extension of its existing tokenisation infrastructure, with early issuing partners including Citi and US Bank. Visa has extended its intelligent-commerce programme to cover AI-initiated payments. PayPal has adopted the Agentic Commerce Protocol to embed payments directly inside conversational AI, so that a user can complete a purchase without ever leaving the chat window.\n\nThe model developers have built the hands that operate the rails. OpenAI's computer-using agent and Anthropic's Claude integrations can navigate websites, fill in forms, and complete checkouts. These are no longer laboratory toys. By 2026 they were processing meaningful daily transaction volumes, embedded not in some separate “AI app” that a user consciously opens, but woven into operating systems, browsers, and financial apps as a default capability. That is the crucial detail. An agent that lives inside your bank's app or your phone's assistant is not a product you chose to trust. It is infrastructure, and infrastructure is something you stop noticing.\n\nOpenAI has been candid about the failure modes. The company acknowledges that its agent can take an action the user did not intend, with consequences ranging in severity from a typo in an email through to buying the wrong item or permanently deleting an important file. That candour is welcome, but it also frames the problem precisely. The errors are not edge cases to be engineered away in the next release. They are an intrinsic property of systems that act autonomously across an open-ended web of websites, each with its own design quirks and dark patterns.\n\nThe early dispute data bears this out. Industry analysis in 2026 found that disputes on agent-initiated transactions were running at roughly 2.4 times the rate of comparable human-initiated, card-not-present transactions. Tellingly, the composition was different. There was proportionally less outright fraud and proportionally more of two other categories: “did not authorise” and “not as described.” In other words, the distinctive harm of agentic commerce is not the stolen card. It is the legitimate agent, operating within its mandate, doing something the human behind it never actually wanted. That is a category of harm that existing fraud systems were never designed to catch, because it is not fraud. It is a faithful machine faithfully executing a flawed plan.\n\n## A law built for people who can be found\n\nHere is the deeper problem, the one the legal community spent the spring of 2026 trying to articulate. A legal analysis published by Reuters in April 2026 documented the accountability gaps that open up when agentic systems, capable of booking travel, authorising payments, placing orders, and managing subscriptions without a human confirming each individual step, make errors or cause harm. The central observation was disarmingly simple. Existing consumer protection law was designed for transactions between identifiable human or corporate parties. It was not designed for autonomous software agents acting in a user's name.\n\nConsider what consumer protection law quietly assumes. It assumes there is a buyer and a seller. It assumes that when something goes wrong, you can identify who did what, establish what they knew and what they intended, and direct a remedy at a party who can be reached and held to account. The whole apparatus, from the right to a refund to the rules on unfair contract terms, rests on a knowable, reachable responsible party. Strip that away and the machinery seizes. When the “buyer” is a piece of software, intent becomes a slippery concept. When the action was taken by an agent built by one company, running a model trained by another, operating on instructions from a third, and transacting with a fourth, the chain of responsibility does not break in one obvious place. It dissolves across several.\n\nRegulators have begun to respond, though their response so far has been to reach for the tools they already have. On 9 March 2026 the United Kingdom's Competition and Markets Authority published two linked documents: practical guidance on complying with consumer law when using AI agents, and a wider policy paper on agentic AI and consumers. The CMA's headline principle was clear and, for businesses, uncomfortable: the same consumer law rules apply regardless of whether a customer interacts with a human or an AI agent. Crucially, it stated that businesses remain fully responsible for what their AI agents say and do, even where the technology is supplied or designed by a third party. Delegating a decision to software, in the regulator's view, does not delegate the legal accountability that comes with it. The teeth behind this are real. Under the Digital Markets, Competition and Consumers Act 2024, the CMA can levy fines of up to 10 per cent of a firm's global turnover.\n\nThe CMA's instinct is sound, and it points toward concentrating accountability rather than letting it scatter. But notice what it does and does not solve. It tells a merchant deploying a customer-service agent that it cannot hide behind its vendor. That is a meaningful clarification. It does much less for the messier scenario at the heart of consumer anxiety, in which the agent is not the merchant's tool at all but the consumer's own, acting on the consumer's side of the transaction, and getting it wrong in a way that harms the very person who deployed it. When your agent books the wrong flight, the merchant did nothing improper. The platform's agent behaved as designed. There is no obvious villain to point the existing rules at.\n\nThe European position is, if anything, more exposed. The EU AI Act, the most comprehensive AI regulation yet written, was not drafted with agents in mind. It does not explicitly define agentic AI, instead sweeping such systems into broad, catch-all categories. More fundamentally, its architecture rests on the idea of a system having a static “intended purpose” and a band of “reasonably foreseeable misuse.” Agentic systems make a mockery of both. They work through an iterative execution loop, dynamically generating novel, unprogrammed routes to a goal. The intermediate actions an agent takes to satisfy an instruction are, by design, not foreseeable by the developer who built it. A regulatory framework anchored to foreseeability is poorly equipped to govern a technology whose defining feature is that its specific behaviour cannot be foreseen.\n\nThat gap is not merely an academic complaint. As of early 2026, despite the EU AI Act's prohibited-practice provisions having been enforceable since August 2025, no enforcement actions had been announced, while the powers to fine providers of general-purpose AI models were not due to engage until August 2026. The regulation was racing to define categories even as the technology slipped between them. Legal commentators tracking the field through the spring of 2026, including practitioners at firms such as Venable, reached a strikingly consistent conclusion: deploying an AI agent does not transfer accountability to the agent. It concentrates accountability on the party that deploys it. The recurring failure they identified was not a shortage of rules but a failure of legal and policy definitions to capture what agentic systems actually are, how they work, and where the genuine locus of risk and responsibility lies. A gap opens, in their phrasing, wherever the original human instruction is remote from the final, potentially harmful output. Agentic systems are engineered, deliberately, to widen exactly that distance, because the entire value proposition is that the human gives a goal and the machine handles the steps in between.\n\n## The trouble with putting it right\n\nAllocating blame is only half of consumer protection. The other half is recourse: the practical ability to undo a harm once it has happened. Here the distinctive shape of agentic failure becomes a problem in its own right. Recall that the disputes piling up are not predominantly fraud claims but “did not authorise” and “not as described” claims. Those are far harder to adjudicate than a stolen card, because they hinge on a question that is genuinely murky: what, precisely, did the consumer authorise? When you hand an agent a loose instruction such as “find me a good deal on a weekend away,” you have plainly authorised some purchases and plainly not authorised others, with a vast grey zone in between. A non-refundable booking might fall on either side of that line depending on facts that no one recorded at the time.\n\nThis is why the technical question of how an agent captures and proves consent is not a back-office detail but the foundation on which any recourse must rest. Without a record of the mandate, every dispute collapses into one person's word against a black box, and the consumer, lacking visibility into the agent's reasoning, is structurally disadvantaged. Schiavi's essay, to which we will return, made exactly this point about knowledge and consent: users cannot meaningfully consent to choices they cannot understand, and an agent's decision-making is frequently both opaque and complex. The recourse problem and the consent problem are the same problem wearing different clothes. Solve the record of intent, and you give both the disputing consumer and the adjudicating system something concrete to reason about. Leave it unsolved, and the protections that exist on paper become unreachable in practice, which for the harmed consumer is indistinguishable from having no protection at all.\n\n## The seductive, dangerous metaphor\n\nFaced with something genuinely new, the human reflex is to reach for the nearest familiar analogy. For agentic AI, the analogy everyone reaches for is the employee, or its legal cousin, the agent in the principal-agent sense: a proxy who acts on your behalf, within your authority, with consequences that flow back to you. It is an appealing frame. We already have centuries of law and intuition about delegated authority, about what a principal owes for the acts of an agent, about when a worker's mistake becomes the employer's liability. Why not simply pour the new wine into these old bottles?\n\nBecause, according to research published by Harvard Business Review in May 2026, the bottles leak in ways that produce real damage. The study, conducted by Matthew Kropp, Julie Bedard, Megan Hsu and Lisa Krayer of Boston Consulting Group together with Emma Wiles of Boston University's Questrom School of Business, examined what happens when organisations treat AI agents as though they were employees, complete with the conventional accountability structures that surround human staff. In a large-scale experiment involving more than 1,200 managers, the framing alone changed behaviour, and not for the better. When the AI was presented as an employee, managers identified 18 per cent fewer errors in its work. Individual accountability for errors dropped by nine percentage points, while the accountability that managers attributed to the AI itself rose by eight percentage points.\n\nSit with what those numbers describe. Simply by dressing an agent in the costume of a colleague, the humans around it became less vigilant, less willing to own its mistakes, and more inclined to treat the software as a locus of blame in its own right. The metaphor did not just mislead. It actively eroded the human oversight that is the only thing standing between a flawed plan and a harmful outcome. The researchers argued that the employee analogy hides three things humans supply for free that agents do not: a stable sense of context across the day, an instinct to escalate when something feels wrong, and accountability that survives a bad outcome. An agent will keep executing a flawed plan with serene confidence long after a human teammate would have stopped to ask whether the plan still made sense.\n\nThe conclusion the authors drew is the single most important sentence in this entire debate, and it deserves to be stated plainly. Accountability does not transfer to a model. It stays with the humans who deployed it. The agent cannot be a defendant. It owns no assets, feels no consequence, and carries no reputation into the next transaction. Any framework that lets responsibility settle on the agent is not allocating responsibility at all. It is abolishing it, while preserving the comforting appearance that someone, somewhere, is answerable. The HBR finding matters beyond the office, too, because the same psychological reflex that makes a manager relax their scrutiny of an “employee” agent makes a consumer relax their scrutiny of an assistant that feels like a helpful person rather than a piece of fallible software. The friendlier the framing, the looser the vigilance, and the wider the gap into which harm can fall.\n\n## Responsibility laundering\n\nThis is precisely the failure that the bioethicist Adam Schiavi warned about in an essay published by Undark in March 2026. Schiavi, an anaesthesiologist and neurocritical care specialist at the Johns Hopkins Hospital who also works as a biomedical ethicist studying synthetic personas in AI systems, gave the problem a name that ought to enter the general vocabulary: responsibility laundering. His worry is that granting AI any form of personhood or quasi-agency, even a limited one, formalises the most dangerous escape hatch of the agentic era. It creates a clean, respectable mechanism for a human to say, in effect, “It was not me. The agent did it.” The harm becomes everyone's problem and nobody's fault.\n\nSchiavi's framing is valuable because it comes from medicine, a field that has spent a very long time thinking rigorously about responsibility when the stakes are life and death and the actors are fallible. He draws on the clinical concept of moral residue: the lingering weight of responsibility that a person continues to carry even after taking a justified action with a bad outcome. A clinician who makes a defensible decision that nonetheless harms a patient feels that residue, and that felt weight is part of what keeps the profession careful. An AI agent feels nothing. It cannot bear moral residue, which means that if responsibility is allowed to flow to the agent, it does not accumulate anywhere. It simply evaporates.\n\nHis prescription is not to ban the technology but to keep responsibility within reach of a human at every stage. He proposes a framework of what he calls authorised agency, and its components map almost perfectly onto what meaningful consumer protection would need to look like. There should be an authority envelope, a bounded and explicit scope of what the agent is permitted to do. There should be a human-of-record, a named person who authorised the agent and remains answerable for it. There should be interrupt authority, an unqualified right to stop the agent at any moment. And there should be an answerability chain, a traceable path that leads from any action the agent takes back to the human who authorised it. The unifying principle, in Schiavi's words, is that human accountability must precede autonomous capability. We have, so far, deployed the capability first and left the accountability to catch up.\n\nThe strength of Schiavi's approach is that it refuses the question everyone else gets bogged down in. The interesting debate, he argues, is not whether an agent deserves personhood or some lesser flavour of legal status. That debate is a distraction, and worse, it is the very mechanism by which responsibility gets laundered. The questions worth asking are blunt and operational: who authorised this agent, what was it allowed to do, who can stop it, and who will answer when it causes harm? Notice that all four are questions about humans, not about software. They reframe the entire problem away from the metaphysics of machine agency and toward the practical engineering of human accountability. That reframing is the most useful thing anyone has contributed to this argument, because it is buildable.\n\n## What protection could actually look like\n\nIf the diagnosis is that responsibility dissolves across layers of software, platforms, and developers, then the cure cannot be a single new rule. It has to be an architecture, one that is partly legal, partly technical, and partly commercial. The encouraging news is that the outlines of that architecture are already visible in the work of regulators, payment networks, and researchers. The discouraging news is that nobody yet owns the job of assembling them, and the harms are accumulating while the pieces sit in separate boxes.\n\nStart with the technical layer, because it is the most tractable and the furthest advanced. The payment networks have arrived at an instinct that aligns neatly with what consumers told Riskified they want. Visa has indicated that its zero-liability protection, which shields cardholders from unauthorised charges, applies to AI-initiated transactions just as it does to any other. Mastercard's approach keeps the consumer's chargeback rights intact and follows its established tokenisation rules, under which the card issuer carries fraud liability when a token is validly issued. The mechanism that makes this workable is the tokenised, verifiable mandate: a cryptographic record of what the user actually authorised the agent to do. Mastercard's “verifiable intent” layer is an attempt to build exactly this, a provable record of user authorisation that can be inspected after the fact.\n\nThis matters enormously, because it begins to reconstruct the thing the law assumes and agentic commerce destroyed: a knowable record of intent. If every agent action carries a verifiable mandate showing the scope the user granted, then the question “did the human authorise this?” becomes answerable rather than philosophical. An agent that buys within its mandate has acted legitimately, and the consumer wears the result the way they would wear any considered purchase. An agent that strays beyond its mandate has produced an unauthorised transaction, and the existing zero-liability and chargeback machinery can engage, just as it does for a stolen card. The verifiable mandate is, in effect, the technical implementation of Schiavi's authority envelope and answerability chain. It is the bridge between a legal system that needs a knowable responsible party and a technology that had threatened to abolish one.\n\nThe legal layer then has to do the work the CMA has started, and extend it. The principle that deploying an agent concentrates rather than dilutes accountability is the right foundation, but it needs to be applied to the consumer's own agent as well as the merchant's. That points toward a tiered allocation of responsibility rather than a single answerable party, which is uncomfortable for a legal tradition that likes to find one defendant, but probably unavoidable given that the harm genuinely is distributed. Within an agent's verified mandate, the consumer reasonably bears the outcome, with platforms obliged to make mandates clear, revocable, and not buried in dark patterns. Beyond the mandate, or where the agent malfunctioned, the platform that built and operated it should bear the loss, which is both what half of consumers already expect and what creates the correct incentive for platforms to make their agents safer. Where a model defect causes systematic harm at scale, the developer's product liability should be engaged. And merchants should retain their existing obligations around honest description and fair terms, regardless of whether the buyer on the other side was flesh or code.\n\nThe commercial layer, finally, is where competitive pressure can do work that regulation cannot do quickly enough. Riskified's finding that 73.9 per cent of consumers expect strong safeguards before they will trust an agent to buy is not just a warning. It is a market signal. Trust is the binding constraint on agentic commerce, which means that the platform that offers the most legible guarantees, the clearest interrupt authority, the most generous reversal window, and the most transparent mandate, will win the customers that the technology cannot otherwise persuade. The firms building these systems have a commercial reason, not merely a moral one, to build the accountability in. The danger is the classic one of a race to deploy, in which the pressure to ship the capability outruns the patience to ship the protections, and the harms land on consumers in the interval.\n\n## Who builds it, and when\n\nSo who is responsible for building meaningful consumer protection before the harms accumulate? The honest answer is that no single actor can, and that is exactly why the gap has been allowed to widen. The platform can build the verifiable mandate and the interrupt button, but it cannot rewrite consumer law. The regulator can insist that accountability concentrates rather than dissolves, but it cannot, on its own, supply the technical means of proving what a user authorised. The payment network can extend zero-liability protection, but only within the transactions it touches. The developer can make the underlying model more cautious and more legible, but cannot foresee every path its agent will take across an open web. Each holds one piece. None holds the whole.\n\nWhat this demands is not a single owner but a deliberate stitching-together, a decision by each layer to design for the others rather than to push responsibility outward and hope it lands somewhere else. That is the precise opposite of responsibility laundering, and it is achievable. The verifiable mandate gives the law its knowable party. The law's insistence on concentrated accountability gives the platform its incentive. The platform's incentive aligns with the consumer trust that the market is demanding. The pieces want to fit. What is missing is the urgency to fit them before the dispute rate, already running at well over twice the human baseline, climbs higher and ordinary people start absorbing losses that the system was supposed to absorb for them.\n\nThe window for getting this right is the brief moment we are in now, while agentic commerce is large enough to matter but not yet so embedded that its failure modes have calcified into the way things are. The shoppers in Riskified's survey have already told us where the line sits. They will let the agent browse. They are not yet ready to let it buy without a safety net, and they have already decided, by a narrow majority, that the platform should catch them when it falls. The technologists have built the cryptographic tools to honour that expectation. The ethicists have supplied the vocabulary, from moral residue to the authority envelope, to keep a human within reach of every action. The regulators have laid down the founding principle that software does not get to be the one who pays.\n\nThe work that remains is the unglamorous business of assembly, of treating accountability not as someone else's department but as a design requirement that every layer owns a share of. An autonomous agent acting in your name is, at bottom, a promise: that the thing buying on your behalf is still, in every way that matters, you. A promise needs someone to keep it. The achievement of the next few years, if there is one, will be ensuring that when the agent gets it wrong, the answer to “whose fault is it?” is never allowed to be the one Schiavi warned us about. Not the comfortable, dangerous answer of nobody.\n\n## References\n\nRiskified. “Riskified Study Finds Consumers Aren't Ready to Hand Over Control as AI Transforms Shopping, with Over Half Afraid of Online Fraud.” Business Wire, 27 April 2026.\n\n[https://www.businesswire.com/news/home/20260427900819/en/Riskified-Study-Finds-Consumers-Arent-Ready-to-Hand-Over-Control-as-AI-Transforms-Shopping-with-Over-Half-Afraid-of-Online-Fraud](https://www.businesswire.com/news/home/20260427900819/en/Riskified-Study-Finds-Consumers-Arent-Ready-to-Hand-Over-Control-as-AI-Transforms-Shopping-with-Over-Half-Afraid-of-Online-Fraud)StockTitan. “Most shoppers use AI to browse, but 53.9% fear more online fraud.”\n\n[https://www.stocktitan.net/news/RSKD/riskified-study-finds-consumers-aren-t-ready-to-hand-over-control-as-1s2lkwwo0muk.html](https://www.stocktitan.net/news/RSKD/riskified-study-finds-consumers-aren-t-ready-to-hand-over-control-as-1s2lkwwo0muk.html)TLT LLP. “Agentic AI: CMA publishes guidance on consumer law and DMCCA risks.”\n\n[https://www.tlt.com/insights-and-events/insight/agentic-ai-cma-publishes-guidance-on-consumer-law-and-dmcca-risks](https://www.tlt.com/insights-and-events/insight/agentic-ai-cma-publishes-guidance-on-consumer-law-and-dmcca-risks)Thomson Reuters Institute. “Agentic AI following GenAI's growth trajectory in legal, but with unique oversight challenges, new report shows.” 7 April 2026.\n\n[https://www.thomsonreuters.com/en-us/posts/technology/agentic-ai-oversight-challenges/](https://www.thomsonreuters.com/en-us/posts/technology/agentic-ai-oversight-challenges/)Kropp, Matthew; Bedard, Julie; Wiles, Emma; Hsu, Megan; Krayer, Lisa. “Research: Why You Shouldn't Treat AI Agents Like Employees.” Harvard Business Review, 6 May 2026.\n\n[https://hbr.org/2026/05/research-why-you-shouldnt-treat-ai-agents-like-employees](https://hbr.org/2026/05/research-why-you-shouldnt-treat-ai-agents-like-employees)Schiavi, Adam. “Opinion: Autonomous AI Agents Have an Ethics Problem.” Undark, 5 March 2026.\n\n[https://undark.org/2026/03/05/opinion-ai-agents-ethics/](https://undark.org/2026/03/05/opinion-ai-agents-ethics/)Johns Hopkins Anesthesiology and Critical Care Medicine. “Adam Schiavi, MD, PhD, MS.”\n\n[https://anesthesiology.hopkinsmedicine.org/faculty/adam-schiavi/](https://anesthesiology.hopkinsmedicine.org/faculty/adam-schiavi/)Venable LLP. “Agentic AI Is Here, Legal, Compliance, and Governance Risks You Need to Know.” February 2026.\n\n[https://www.venable.com/insights/publications/2026/02/agentic-ai-is-here-legal-compliance-and-governance](https://www.venable.com/insights/publications/2026/02/agentic-ai-is-here-legal-compliance-and-governance)TechPolicy.Press. “The EU AI Act is Not Ready for Agents.”\n\n[https://www.techpolicy.press/the-eu-ai-act-is-not-ready-for-agents/](https://www.techpolicy.press/the-eu-ai-act-is-not-ready-for-agents/)OpenAI. “Computer-Using Agent.”\n\n[https://openai.com/index/computer-using-agent/](https://openai.com/index/computer-using-agent/)Eco. “What Is Mastercard Agent Pay? AI Agent Commerce Protocol in 2026.”\n\n[https://eco.com/support/en/articles/15192001-what-is-mastercard-agent-pay-ai-agent-commerce-protocol-in-2026](https://eco.com/support/en/articles/15192001-what-is-mastercard-agent-pay-ai-agent-commerce-protocol-in-2026)ALM Corp. “Visa AI-Initiated Payments: What Fintech Must Know in 2026.”\n\n[https://almcorp.com/blog/visa-ai-initiated-payments-agentic-commerce-fintech/](https://almcorp.com/blog/visa-ai-initiated-payments-agentic-commerce-fintech/)CNBC. “Payment giants are preparing for a world where AI agents book flights and shop for you.” 29 December 2025.\n\n[https://www.cnbc.com/2025/12/29/ai-agentic-shopping-price-discounts-cheap-sales-commerce-visa-mastercard-chatbots.html](https://www.cnbc.com/2025/12/29/ai-agentic-shopping-price-discounts-cheap-sales-commerce-visa-mastercard-chatbots.html)TrustSphere. “When the Agent Gets It Wrong: Liability, Consent and Recourse in AI-Initiated Commerce.”\n\n[https://www.trustsphere.ai/post/when-the-agent-gets-it-wrong-liability-consent-and-recourse-in-ai-initiated-commerce](https://www.trustsphere.ai/post/when-the-agent-gets-it-wrong-liability-consent-and-recourse-in-ai-initiated-commerce)\n\n**Tim Green**\n*UK-based Systems Theorist & Independent Technology Writer*\n\nTim explores the intersections of artificial intelligence, decentralised cognition, and posthuman ethics. His work, published at [smarterarticles.co.uk](https://smarterarticles.co.uk), challenges dominant narratives of technological progress while proposing interdisciplinary frameworks for collective intelligence and digital stewardship.\n\nHis writing has been featured on Ground News and shared by independent researchers across both academic and technological communities.\n\n**ORCID:** [0009-0002-0156-9795](https://orcid.org/0009-0002-0156-9795)\n**Email:** [tim@smarterarticles.co.uk](mailto:tim@smarterarticles.co.uk)\n\nListen to the free weekly [SmarterArticles Podcast](https://www.smarterarticles.fm)", "url": "https://wpnews.pro/news/nobody-to-blame-who-pays-when-ai-agents-buy-for-you", "canonical_source": "https://smarterarticles.co.uk/nobody-to-blame-who-pays-when-ai-agents-buy-for-you?pk_campaign=rss-feed", "published_at": "2026-07-01 01:00:30+00:00", "updated_at": "2026-07-01 01:18:20.160204+00:00", "lang": "en", "topics": ["ai-agents", "ai-products", "ai-safety", "ai-ethics", "ai-policy"], "entities": ["Riskified", "Mastercard", "Agent Pay", "United States", "United Kingdom"], "alternates": {"html": "https://wpnews.pro/news/nobody-to-blame-who-pays-when-ai-agents-buy-for-you", "markdown": "https://wpnews.pro/news/nobody-to-blame-who-pays-when-ai-agents-buy-for-you.md", "text": "https://wpnews.pro/news/nobody-to-blame-who-pays-when-ai-agents-buy-for-you.txt", "jsonld": "https://wpnews.pro/news/nobody-to-blame-who-pays-when-ai-agents-buy-for-you.jsonld"}}