Visa, Cloudflare, and the Trusted Agent Protocol

AI-powered shopping agents are no longer science fiction—they are being given first-class credentials on the payments rails. In mid-October 2025, Visa, Cloudflare, Mastercard, and American Express collectively sketched the blueprint for how autonomous buyers will browse, negotiate, and pay without setting off bot alarms. The Trusted Agent Protocol (TAP) is the scaffolding.

---

What’s happening

• October 14, 2025: Visa and Cloudflare announced TAP, a framework that lets AI agents search catalogs, compare offers, and execute purchases while staying inside the card networks’ risk posture (Visa).
• Cloudflare’s role: The company confirmed it is working with Visa, Mastercard, and American Express to operate an authentication layer—anchored by Web Bot Auth—that vouches for verified agents before they ever hit a merchant’s checkout stack (Cloudflare).
• October 24, 2025: Cloudflare’s engineering team published how HTTP Message Signatures plus intent tags (“browsing” vs. “paying”) are verified at the edge so merchants can treat agent traffic as trusted instead of hostile (Cloudflare Noise).

In practice, TAP turns the payments network into a directory of known agents. Each request carries a cryptographic signature and a declared intent, and merchants fetch the corresponding public key before deciding how to respond.

---

Why this matters

• Agent traffic is exploding. Visa reported a 4,700% year-over-year increase in AI-driven sessions on U.S. retail properties. That wave will only intensify as agent storefronts and shopping copilots become standard browser extensions (Help Net Security).
• “Good bots” get blocked today. Merchants have tuned WAF and bot-management tools to swat unknown automation. TAP provides a machine-readable way to distinguish good automation from credential-stuffing scripts (Visa).
• Minimal UX shifts, major backend change. Checkout flows stay familiar, but merchants now need to validate signatures, rotate keys, and log intent tags as part of their fraud posture (Visa Developer).

---

What to watch next

• Signal granularity. The intent tags shipped with TAP determine how merchants branch logic. Expect progressive rollouts—from simple browse/pay to richer taxonomies covering returns, subscriptions, and loyalty actions (Cloudflare Noise).
• Standards convergence. TAP is being aligned with IETF, OpenID Foundation, EMVCo, the Agentic Commerce Protocol, and x402 so AI agents can operate globally without bespoke integrations (TSG Payments).
• Operational readiness. “No-code” marketing claims aside, teams need playbooks for key distribution, signature failure retries, observability tied to agent IDs, and bot rule tuning that no longer assumes automation equals fraud.
• Fraud arms race. Verified agent credentials become high-value targets. Merchants will need revocation mechanics, anomaly detection on intent shifts, and layered telemetry to tell compromised agents from malicious clones.

---

How merchants can prepare

1. Inventory your bot defenses. Catalog WAF rules, rate limits, and bot-score thresholds to understand what will break when trusted TAP traffic arrives. Test against sandboxed signed requests rather than production shoppers.
2. Wire in signature verification. Stand up verification within your edge tier or API gateway so downstream services can rely on a single enrichment point. Log agent IDs alongside orders for traceability.
3. Factor agent intent into risk engines. Treat TAP tags as another signal inside fraud models—tighten controls on high-risk stages (payments, returns) while loosening friction for vetted browsing.
4. Plan for failure modes. Build fallbacks for directory outages, key rotation delays, or mismatched tags. The worst-case scenario is silently downgrading trusted agents back to anonymous bots.

If you’re starting to scope TAP and want a pragmatic walkthrough of what it means for your checkout flow and risk controls, let’s talk.