How do merchants tell the difference between AI agents and bots?

Through cryptographic credentials. Visa's Trusted Agent Protocol and Mastercard's Agent Pay require legitimate AI agents to present digitally signed authorization documents. Bots cannot produce valid cryptographic proofs of user authorization.

What is the UCP discovery endpoint?

Google's UCP includes a /.well-known/ucp endpoint where merchants declare their capabilities and agents identify themselves. This machine-readable discovery layer allows both parties to verify each other before any transaction.

AI Agent Verification: How Merchants Know They're Dealing With a Real Agent

AI agent verification is the process by which merchants confirm that an AI agent requesting a transaction is legitimate, authorized, and operating within defined permissions — as opposed to a bot, scraper, or malicious actor.

This is the gatekeeping problem of agentic commerce. Merchants have spent decades fighting bot traffic. Now they need to let some automated agents through while blocking others. The difference between a legitimate AI shopping agent and a credential-stuffing bot is the difference between revenue and fraud.

How Verification Works Today

Visa’s Bot-vs-Agent Distinction

Visa’s Trusted Agent Protocol addresses this directly. It’s an open framework built on existing web infrastructure whose primary function is helping merchants distinguish between malicious bots and legitimate AI agents. The protocol uses digitally signed credentials: when an AI agent approaches a merchant’s checkout, it presents a cryptographic document proving its identity, the user it represents, and the scope of its authorization.

Mastercard’s Agent Suite

Mastercard’s Agent Pay takes a similar approach through its partnership with Google’s UCP. Merchants using Mastercard’s Agent Suite can verify incoming agent requests against the UCP protocol’s identity layer.

UCP’s Discovery Endpoint

Google’s UCP includes a /.well-known/ucp discovery endpoint that agents use to identify themselves and their capabilities to merchants. This is the machine-readable equivalent of a storefront — it tells incoming agents what the merchant supports, and it allows the merchant to validate the agent’s identity before processing any transaction.

Cloudflare’s Infrastructure Layer

Cloudflare published a technical guide on securing agentic commerce, providing the CDN and edge computing infrastructure that can enforce agent verification at the network level — before requests even reach the merchant’s servers.

The Five Things Merchants Verify

Agent identity. Is this agent from a recognized platform (ChatGPT, Google AI Mode, etc.)?
User authorization. Does the agent have verifiable intent credentials proving a real user authorized this action?
Scope compliance. Is the requested transaction within the authorization’s spending limits, category restrictions, and time window?
Credential freshness. Has the authorization credential expired? Has it been revoked?
Transaction integrity. Do the transaction details match what the credential authorizes?

What Happens When Verification Fails

If any check fails, the transaction is rejected and the agent receives a structured error response explaining which verification step failed. This is architecturally cleaner than traditional bot detection (CAPTCHAs, rate limiting) because the agent can programmatically understand the rejection and either request updated credentials from the user or route to a different merchant.

AI Agent Verification: How Merchants Know They’re Dealing With a Real Agent