AI Agents Can Now Pay Securely Without Human Oversight

As artificial intelligence agents take on more tasks like shopping and trading, they face a critical trust problem: how can payments be verified as legitimate without a human clicking 'buy'? This is addressed by a new system that combines blockchain technology with advanced cryptography to ensure every AI agent transaction is both authentic and aligned with user intent, paving the way for safer autonomous commerce.

The researchers developed the Trustless Intent Verification for Autonomous Agents (TIVA) framework, which uses decentralized identities and smart contracts to verify that payments are authorized. Each AI agent is assigned a unique digital identity through decentralized identifiers (DIDs) and verifiable credentials, signed by the user to define permissions such as spending limits. For transactions, agents must provide proof of user intent, either through pre-signed mandates that specify conditions like item types and prices or via on-chain policies that enforce rules dynamically. This approach ensures that only payments matching the user's approved scope are executed, preventing unauthorized actions even in a trustless environment.

To implement this, the TIVA framework integrates several components, including zero-knowledge proofs (ZKPs) for privacy and optional trusted execution environments (TEEs) for secure code execution. ZKPs allow agents to prove they are complying with user mandates without revealing sensitive details, such as exact spending caps, while TEEs use hardware protections to prevent tampering with the agent's decision-making process. The architecture, illustrated in Figure 1, connects off-chain AI agents with on-chain smart contracts that handle verification, creating an immutable audit trail from user instruction to payment completion.

In a qualitative security analysis, the framework demonstrated strong resistance to impersonation and misuse, as transactions require both the agent's and user's cryptographic signatures. For example, if an agent tries to exceed its spending limit, the smart contract rejects the payment, and the use of ZKPs ensures that private information isn't exposed. This multi-layered defense makes it difficult for attackers to forge credentials or bypass intent checks, significantly reducing risks like fraud and unauthorized transactions while maintaining accountability through on-chain logs.

Of this system are far-reaching, empowering users to delegate financial tasks to AI agents with confidence, as they retain control through updatable credentials and policies. Businesses benefit from reduced fraud, as payments come with verifiable proof of authorization, potentially lowering chargebacks and streamlining e-commerce. Additionally, the framework aligns with regulatory needs by providing transparent audit trails and identity verification, supporting compliance with standards like anti-money laundering laws and fostering interoperability in the growing ecosystem of autonomous agents.

Despite its strengths, the framework has limitations, such as reliance on the security of private keys and the optional use of TEEs, which depend on hardware trust. Future work will focus on prototyping to assess performance and refining intent representations for broader applications, ensuring that autonomous agents can operate securely and efficiently in decentralized systems.