84 terms covering AI agents, agent protocols (MCP, A2A, ACP, AP2), agentic checkout, delegated payments, and the identity and infrastructure pieces around them. Every entry links to its primary source.
84 terms
A card-network protocol (3DS 2.x is current) that lets an issuer authenticate a cardholder during a card-not-present transaction. SCA in the EEA is most often satisfied by a 3DS challenge; agent payments add new metadata (agent identity, mandate references) to the 3DS message.
An open protocol originated by Google and donated to the Linux Foundation in 2025 for communication between independent AI agents. A2A uses HTTP, JSON-RPC, and Server-Sent Events; agents publish an Agent Card describing their skills, and exchange Tasks and Messages without sharing internal state.
An open specification published by Stripe and OpenAI in September 2025 that defines how AI agents discover products, build carts, and complete purchases on behalf of a user. ACP separates the buyer-merchant flow from the payment leg, which is delegated to a payments protocol such as the Delegated Payments Spec.
A bank or financial institution that holds the merchant's account and processes card transactions through Visa, Mastercard, or other networks. In agent payments the acquirer's role is unchanged, but the transaction now arrives with additional metadata describing the agent and the mandate.
A JSON document, defined by the A2A protocol, served at /.well-known/agent-card.json on an agent's HTTP endpoint. It advertises the agent's name, version, supported skills, authentication requirements, and transport, and is the entry point other agents use to discover what an agent can do.
The verifiable identity an AI agent presents when acting on behalf of a user or organisation, distinct from the human principal's identity. Emerging models combine an agent-specific credential with a delegated authority claim from the user, often expressed as an OAuth token, signed mandate, or verifiable credential.
A portable, signed identity document that an AI agent presents to relying parties. The term is used by several proposals (including Visa's Trusted Agent Protocol and OWASP's agent identity drafts) to describe the bundle of agent metadata, attestations, and delegation claims a merchant or platform inspects before accepting agent traffic.
A checkout flow initiated and completed by an AI agent rather than a human filling a form. The agent submits cart contents, shipping details, and payment authorisation through a programmatic interface such as ACP's checkout endpoint or a merchant's Agentic Checkout API.
Commerce in which an AI agent performs the discovery, evaluation, and purchase steps that a human would otherwise perform directly. The term covers buyer-side agents that shop on a user's behalf and merchant-side agents that respond to them.
A multi-step task in which an LLM-driven agent plans actions, calls tools, observes results, and revises its plan until a goal is met. Anthropic and others distinguish workflows (orchestrated, fixed control flow) from agents (model-controlled control flow).
A software system that uses a large language model to decide which actions to take in pursuit of a goal, then takes those actions through tools, APIs, or browsers. The model is in the control loop: it chooses the next step rather than following a hard-coded script.
The degree to which a brand, product, or page is surfaced inside answers from large language models and AI search interfaces. Measured through tracked prompts, share of voice across models, and citation counts in tools such as Ahrefs Brand Radar and Profound.
A server that implements the Model Context Protocol so a Claude or other MCP-compatible host can call its tools, read its resources, and use its prompts. Anthropic published the MCP specification and reference servers in November 2024.
An open protocol announced by Google in September 2025 for verifiable agent-led payments. AP2 uses cryptographically signed mandates (Intent Mandate, Cart Mandate, Payment Mandate) so a merchant and payment network can verify that a transaction was authorised by the user and matches the user's instructions.
A developer kit released by OpenAI in October 2025 that lets third parties publish interactive apps inside ChatGPT. Apps are built on top of MCP servers and can render custom UI surfaces alongside the chat.
A signed claim by one party about the properties of another, used in agent contexts to prove that an agent is running specific code, on specific hardware, or on behalf of a specific user. Common forms include device attestation (TPM, Apple App Attest) and software attestation (SLSA, in-toto).
An agent that completes multi-step tasks without per-step human approval, in contrast to a supervised agent that pauses for confirmation. Autonomy is a spectrum: most production agents today require human review on irreversible actions such as payment, sending mail, or deleting data.
The use of headless or headed browsers, driven by code or by an LLM, to interact with websites that lack APIs. Common drivers include Playwright, Puppeteer, and Chromium Browser Use; LLM-driven variants include Anthropic's Computer Use and OpenAI's Operator.
The transfer of a cart constructed by an agent or third-party surface to a merchant for completion. Implementations range from URL-encoded carts (for example /cart/add?items=...) to ACP's structured Cart object passed through a Checkout Session.
A signed object in AP2 that captures the exact cart the user has approved before payment, including line items, totals, and merchant. The Cart Mandate binds the agent's cart to the user's intent so the payment step cannot substitute different items.
A ChatGPT setting introduced by OpenAI in July 2025 that gives the assistant a sandboxed virtual computer with browser, terminal, and file access so it can complete multi-step tasks end-to-end. It merged the capabilities of Operator and Deep Research into a single agentic surface.
A server-created object representing a single checkout attempt, identified by a session id and used by the merchant or PSP to track state from cart to authorisation. ACP defines a Checkout Session for agent-driven flows; Stripe Checkout and Shopify Checkout use the same pattern.
A Claude feature, launched in October 2025, that packages domain expertise as folders containing instructions, scripts, and resources that Claude loads when relevant. Skills extend a Claude agent without retraining and are portable across Claude.ai, Claude Code, and the API.
Anthropic's tool that lets a Claude model see a virtual screen, move a cursor, and type, allowing the model to operate any desktop application or website without an API. Released in October 2024 and generally available since 2025.
A machine-readable record of user consent to a specific action, scope, and recipient, defined in the Kantara Initiative Consent Receipt Specification (ISO/IEC 27560:2023). In agent flows it is used to evidence that the user authorised an agent to act, transact, or share data.
The maximum number of tokens a language model can take as input plus output in a single inference call. Frontier models in 2026 range from 200K (Claude Sonnet 4.6) to 1M+ (Claude Opus 4.7, Gemini 2.5 Pro), with cost scaling per million input and output tokens.
A 2015-era term coined by Chris Messina for commerce conducted through messaging interfaces. The term has been re-applied to LLM chat interfaces, where users buy products inside ChatGPT, Claude, or Gemini rather than visiting a storefront.
A W3C Recommendation for globally unique identifiers that resolve to a DID Document containing public keys and service endpoints, without a central registry. DIDs are one of the candidate identifier formats for agent identity and verifiable credentials.
A class of agent feature, available in OpenAI ChatGPT, Google Gemini, Perplexity, and Anthropic Claude, that produces a long-form, cited research report by autonomously browsing the web for several minutes. Deep Research outputs are increasingly cited by AI search interfaces and tracked as an AI-visibility surface.
The companion spec to ACP, published by Stripe and OpenAI, that defines how a buyer's PSP issues a single-use, scoped credential to an agent so the agent can complete one specific purchase without holding the buyer's full card credentials.
Numerical vector representations of text, images, or other media, produced by a model so that semantically similar inputs land near each other in vector space. Embeddings power retrieval-augmented generation, semantic search, and classification.
Automated test suites that score an LLM or an agent on a fixed set of inputs and graders. Treated by frontier labs as the unit-test equivalent for AI systems; Anthropic, OpenAI, and Google all ship eval frameworks alongside their model APIs.
The process of continuing the training of a pretrained model on a smaller, task-specific dataset to bias its behaviour. Common variants are full fine-tuning, parameter-efficient fine-tuning (LoRA, QLoRA), and instruction tuning.
A model trained on broad data at scale that can be adapted to many downstream tasks, a term introduced by the Stanford Center for Research on Foundation Models in 2021. GPT, Claude, Gemini, Llama, and DeepSeek are foundation models.
The mechanism by which a language model emits a structured request to invoke a named function with typed arguments, which the host then executes and returns to the model. OpenAI introduced the term in 2023; Anthropic uses 'tool use' for the same mechanism.
The practice of optimising content so it is more likely to be retrieved, cited, and quoted by generative AI search systems. The term was introduced in a 2023 Princeton-led paper that proposed measurable visibility and citation metrics.
Global Trade Item Number, the GS1 standard for uniquely identifying trade items, including UPC-12, EAN-13, and ITF-14 formats. GTINs are the primary product key in Google Merchant Center, schema.org/Product, and most agent-readable product feeds.
Programmatic checks that wrap an agent's inputs, tool calls, or outputs to enforce policy, for example blocking purchases over a budget, refusing PII in a response, or redacting prompts. Common implementations include OpenAI Guardrails, NVIDIA NeMo Guardrails, and Llama Guard.
A commerce architecture that decouples the storefront from the commerce engine, exposing catalog, cart, and checkout through APIs. Headless platforms (Shopify Hydrogen, commercetools, Saleor, BigCommerce) are a natural fit for agent buyers because every transaction can be expressed as API calls.
A design in which an agent pauses before taking specified actions and asks a human to approve, reject, or edit the proposed step. Common gates are payment, outbound communication, file deletion, and any irreversible side-effect.
A client-supplied identifier sent with a non-idempotent request so the server can safely de-duplicate retries. Critical for agent-driven payments and order creation, where a network retry could otherwise charge a card or place an order twice.
An OpenAI feature that lets ChatGPT users buy products from participating merchants without leaving the chat. Launched in September 2025 with Etsy and Shopify as initial partners, built on the Agentic Commerce Protocol and Stripe's Shared Payment Token.
A service that receives a user's purchase intent (often expressed in natural language) and routes it to merchants or marketplaces capable of fulfilling it. ChatGPT's Instant Checkout, Perplexity's shopping interface, and Klarna's KAS are early examples.
A signed object in AP2 that captures the user's instruction to an agent, for example 'buy the cheapest USB-C cable under $20 with next-day shipping'. The Intent Mandate is created before the agent shops and is referenced by the later Cart Mandate.
A stateless, lightweight remote-procedure-call protocol encoded in JSON, defined by the JSON-RPC 2.0 specification. MCP, A2A, and many agent transports use JSON-RPC 2.0 over HTTP, stdio, or WebSockets as their wire format.
Klarna's developer kit for embedding Klarna's catalog and Pay-with-Klarna inside third-party AI agents and chat surfaces, announced in 2024 alongside its OpenAI plugin work. It exposes search, recommendation, and checkout primitives over an MCP-compatible interface.
A neural network, typically a decoder-only Transformer, trained on a very large corpus of text to predict the next token. The trained model can be steered with prompts and tools to perform a wide range of language and reasoning tasks.
A domain that appears as a source link in answers from generative AI products such as ChatGPT, Claude, Perplexity, or Google AI Overviews. Tracked by tools including Ahrefs Brand Radar, Profound, and Otterly.
In AP2, a cryptographically signed object that records a specific authorisation from the user. The protocol defines three: Intent Mandate (what the user wants), Cart Mandate (the exact cart approved), and Payment Mandate (the payment instruction). Used together they give the merchant and network non-repudiable evidence of user authorisation.
An open protocol introduced by Anthropic in November 2024 that standardises how an AI host connects to tools, resources, and prompts exposed by a server. MCP is the dominant integration layer for Claude, OpenAI Apps, Cursor, Windsurf, and Zed.
A layer in front of multiple LLMs that dispatches each request to the most cost-effective model that can answer it, based on prompt features, latency budget, or evaluation scores. OpenRouter, AWS Bedrock Model Router, and self-hosted policies (RouteLLM) implement the pattern.
A system in which two or more agents, often with distinct roles or tools, coordinate to complete a task. Patterns include orchestrator-worker (one supervisor delegates), peer-to-peer (agents call each other directly), and market-based (agents bid on subtasks).
A surrogate for a payment card number issued by Visa, Mastercard, Amex, or Discover and bound to a specific merchant or use case. Network tokens reduce the value of stolen credentials and are central to agent payments because they can be issued with strict scope.
An IETF draft that consolidates OAuth 2.0 best current practice into a single specification, removing the implicit grant and password grant and requiring PKCE for all authorisation code flows. MCP and many agent platforms reference OAuth 2.1 for delegated access.
An identity layer on top of OAuth 2.0 that issues an ID Token (a signed JWT) describing the authenticated user. OIDC is the basis of most consumer 'sign in with' flows and is being extended for agents through the OpenID for Agents working group.
OpenAI's browser-using agent, introduced in January 2025, that runs in a remote Chromium and completes tasks on websites at the user's instruction. Operator was folded into ChatGPT's Agent Mode in mid-2025.
A signed object in AP2 that authorises a specific payment for a specific cart, including amount, currency, payment method, and merchant. The Payment Mandate is what the issuing bank or PSP verifies before settling.
A company that provides merchants with the technology to accept cards and other payment methods, often combining gateway, processor, and acquirer functions. Stripe, Adyen, Checkout.com, Mollie, Braintree, and Worldpay are examples.
A common multi-agent pattern in which one model produces a plan of steps and another (often a smaller, cheaper model) executes each step using tools. The split lets the system spend reasoning tokens where they matter and keep execution fast.
A graph-structured store of products, attributes, brands, and relationships, used by a merchant or aggregator to answer agent queries that go beyond a flat catalog (substitutes, compatibility, bundles). Amazon's Product Graph and Google's Shopping Graph are large, proprietary examples.
A model-API feature that lets the provider cache a prefix of the prompt (system instructions, retrieved documents, tool schemas) and reuse it across requests at a much lower per-token price. Anthropic, OpenAI, and Google all expose prompt caching with different cache lifetimes.
The European Union Payment Services Directive 2, in force since 2018, which mandates Strong Customer Authentication on most online card payments and grants licensed third parties access to bank accounts via APIs. Successor PSD3 and the Payment Services Regulation are advancing through the EU legislative process in 2026.
A prompting technique introduced by Yao et al. in 2022 in which the model interleaves Thought, Action, and Observation steps. It became the canonical pattern for tool-using agents before being subsumed by native function-calling in modern model APIs.
A model trained or post-trained to spend additional inference compute on chain-of-thought before producing a final answer. OpenAI's o-series, Anthropic's extended thinking, DeepSeek-R1, and Gemini Thinking are examples.
A technique that retrieves relevant documents from an external store and concatenates them into the prompt so the model can answer with grounded, cited content. Introduced in a 2020 Meta paper; now standard in customer-support, search, and commerce assistants.
The application of the Robots Exclusion Protocol (RFC 9309) to AI training crawlers and AI search agents. Most crawlers honour user-agent rules: GPTBot, ClaudeBot, Google-Extended, PerplexityBot, and CCBot are widely declared, while AI shopping agents are now appearing in server logs as distinct user-agents.
Running agent-generated code or shell commands inside an isolated environment, typically a Firecracker microVM, gVisor container, or Wasm runtime, to prevent arbitrary actions on the host. Used by Anthropic Code Execution, OpenAI Code Interpreter, E2B, Modal, and Daytona.
The schema.org type used to describe a product in JSON-LD or microdata. Required and recommended properties (name, image, sku, gtin, brand, offers, aggregateRating) are how Google, AI search agents, and structured data extractors understand a product page.
A unidirectional, long-lived HTTP streaming format defined in the WHATWG HTML standard. Used by MCP, A2A, and most agent APIs to stream tokens or task updates from server to client without WebSockets.
A payment settled in a fiat-pegged crypto asset such as USDC, USDT, or PYUSD, often used in agent flows for cross-border or programmatic settlement. Stripe acquired Bridge in 2024 and launched stablecoin acceptance in 2025; Visa and Mastercard both ship stablecoin settlement rails.
A merchant-side, public-read API that exposes catalog, cart, and checkout primitives so any frontend (or any agent) can build a buying experience. Shopify's Storefront API and BigCommerce's Storefront API are the most widely adopted.
The PSD2 requirement that most electronic payments in the European Economic Area be authenticated using two of three factors: knowledge, possession, and inherence. SCA is the source of the 3-D Secure step many cardholders see at checkout.
Machine-readable product attributes published by a merchant, typically as schema.org/Product JSON-LD on product pages, a Google Merchant Center feed, or an OpenAPI/MCP catalog endpoint. The fidelity of this data is the upper bound on how well an agent can shop the merchant.
Payment credentials that have been replaced with a non-sensitive surrogate (a token) for storage and transmission. The token is mapped back to the underlying primary account number only by the tokenisation service, scoping exposure if the token is leaked.
A model-API feature in which the model emits a structured request to call a named tool with typed arguments; the host runs the tool and returns the result for the model to read. Tool use is the foundation of MCP, function calling, and most agent frameworks.
A Visa specification, announced in 2025, for verifying the identity and authorisation of an AI agent attempting a card-not-present transaction. It combines an agent identity, a delegated authority claim, and a signed transaction context that the issuer can evaluate before approving.
A cart format that travels with the buyer across surfaces and merchants, so an agent can compose items from multiple sources before paying once. Bolt, Fast (closed), and Shop Pay have shipped variants; ACP's Cart object is the closest open-spec equivalent.
A datastore optimised for nearest-neighbour search over high-dimensional embeddings. Native vector databases (Pinecone, Weaviate, Qdrant, Milvus) coexist with vector-extension features in Postgres (pgvector), SQLite (sqlite-vec), and Redis.
A W3C Recommendation for tamper-evident credentials that a holder can present to a verifier without contacting the issuer. VCs are one of the candidate formats for agent identity, agent passports, and consent receipts.
User-defined HTTP callbacks that a server invokes when an event happens, as opposed to a client polling for changes. Critical in agent payments: the merchant cannot rely on the agent's session staying open, so order paid, refund issued, and dispute opened are delivered as webhooks.
A reserved URI path under /.well-known/ defined in RFC 8615 for site-wide metadata. Agent specs reuse this convention: A2A serves /.well-known/agent-card.json, OpenID Connect serves /.well-known/openid-configuration, and emerging proposals add /.well-known/ai-plugin.json and /.well-known/agent.json.
Purchases completed without the buyer clicking through to the merchant's site, because the agent or interface (ChatGPT, Perplexity, Claude, Gemini) handles cart and checkout in place. The merchant's site never receives a session, and the only artefact is the order webhook.