The internet is undergoing its most profound transformation yet.
Web 1.0 delivered static pages. Web 2.0 connected people and created social platforms. Web 3.0 introduced semantics, intelligence, and generative AI.
Web 4.0, often called the Agent Web, shifts to autonomous AI agents that negotiate, transact, broker data, and execute complex tasks 24/7 on behalf of users—removing the human from the loop for most routine and even sophisticated digital activities.
In this new era, your personal AI agent will handle travel bookings by negotiating with airline and hotel agents, update your address across services seamlessly, shop for optimal deals within your preferences and budget, or even monetize your data and content through micro-transactions.
This creates a global marketplace of intent, where agents trade value directly with one another. The transition promises radical efficiency and time abundance but requires new infrastructure for trust, identity, security, payments, and governance.
Major Players and Their Initiatives in Agentic Commerce
Payment networks and tech giants are racing to build the rails for this agent-driven economy:
Visa’s Leadership in Agentic Commerce
Visa has aggressively pioneered Visa Intelligent Commerce (VIC), enabling AI agents to autonomously browse, select, purchase, and manage transactions (e.g., groceries, travel, gifts) within user-defined rules. Partnerships with OpenAI, Microsoft, Anthropic, IBM, Mistral AI, Perplexity, Samsung, Stripe, AWS, Akamai, and Fiserv integrate payment capabilities deeply into AI platforms.
Key innovations include:
- Trusted Agent Protocol (TAP): An open cryptographic framework using HTTP Message Signatures for authenticating agents, verifying intent, and enabling secure transactions. It distinguishes legitimate agents from bots amid surging AI traffic.
- AI-Ready Cards with tokenization, “Know Your Agent” (KYA), spending limits, and biometric Passkeys.
- Pilots with partners like Skyfire, Nekuda, PayOS, and Ramp; projections that 25% of digital storefront interactions will be agent-initiated by 2028. Full rollout targeted for 2026.
Visa positions this as a seismic shift comparable to moving from physical to online shopping, emphasizing security, personalization (with consent), and fraud prevention.
Mastercard Agent Pay
Mastercard launched Agent Pay in April 2025 as a dedicated infrastructure for agentic commerce. It enables verified AI agents to discover, decide, and execute secure payments on behalf of consumers and businesses while maintaining strong user control, transparency, and compatibility with existing card rails.
AI agents must be registered and verified through Mastercard’s system before they can transact. This creates a clear distinction between trusted agents and malicious actors or uncontrolled bots. Merchants benefit from the Mastercard Agent Pay Acceptance Framework, a no-code or low-code integration that allows them to accept agent-initiated payments at scale with minimal changes to existing systems.
Google’s Universal Commerce Protocol (UCP)
Announced in January 2026, UCP is an open-source standard developed with retailers (Shopify, Etsy, Wayfair, Target, Walmart) and payments players (Visa, Stripe, PayPal). It standardizes interactions between AI agents and merchant systems for product discovery, cart assembly, and checkout.
UCP addresses the “N x N integration problem” by defining commerce primitives (Cart, Line Item, Checkout, etc.) and roles (Agent Platform, Merchant, PSP, Credential Provider).
Features include manifests for discovery, state-machine checkouts, OAuth identity linking, and support for multiple transports (REST, MCP, A2A). It promotes “Agent Engine Optimization (AEO)” and keeps merchants as the Merchant of Record, countering data-scraping concerns.
Major Technology Advances Enabling Web 4.0
To build a bustling, global marketplace of intent, you first need infrastructure. Before agents can seamlessly negotiate your travel plans, broker micro-licenses for your content, or pay for API access, the internet needs new roads, traffic lights, verifiable identities, and a native financial layer.
Agentic Identity and Trust
Autonomous agents require robust digital identities distinct from traditional IAM. In the human web, we rely on domain names (DNS) and SSL certificates to know that a website is legitimate. But how do you verify an autonomous piece of code?
Key developments include:
- Decentralized Identifiers (DIDs), Verifiable Credentials (VCs), and Zero-Knowledge Proofs (ZKPs) for persistent, cryptographically verifiable identities linked to human principals.
- Standards like IETF’s Agent Identity Protocol (AIP), DNSid (as a “birth certificate”), and SCIM/NGAC for provisioning and access control.
- Agent Name Service (ANS) from GoDaddy and Cloudflare’s Web Bot Auth / Signature Agent Card for verifiable naming, intent declaration, and authentication. Built on proven public key infrastructure (PKI) and DNS, ANS allows website owners to distinguish a legitimate, verified agent acting on behalf of a human or business from an unidentified, potentially malicious bot.
These enable traceability, delegation, reputation systems, and economic autonomy (e.g., agents holding wallets via standards like ERC-8126).
Agentic Data Web and Personal Data Brokers
AI agents act as personal data brokers on a semantic Agentic Data Web, inspired by XDI protocols. Your sovereign personal agent maintains a unified, privacy-first repository and provides minimal, verifiable disclosures under user policies.
Examples include instant address updates across services, health record brokering, financial negotiations, and compliance—turning fragmented data into orchestrated, user-controlled flows. This shifts from data serfdom to stewardship, with semantic linking, zero-knowledge techniques, and audit trails.
Payments and Economic Infrastructure
Once an agent’s identity is verified and a site signals that “payment is required” for access, how does the agent actually pay? The old internet relied on human behaviors—filling out credit card forms, completing KYC checks, and managing subscriptions or API keys. These friction points simply do not scale in a machine-to-machine economy.
To solve this, the industry is turning to x402, an open, neutral standard for internet-native payments. It revitalizes the historic, previously unfulfilled HTTP 402 (“Payment Required”) status code. With x402, a server can natively reject an unpaid request and prompt the AI agent to pay instantly and retry.
Taming the Agent Web: Governance, Security, and Challenges
The infrastructure being deployed today isn’t just about cybersecurity; it’s about economics. By combining granular audit logs with transparent agent identity (ANS), access control, and frictionless micro-payments (x402), we are forging a new economic framework. It ensures that when an autonomous agent makes a request, it happens within a secure, accountable, and monetizable system.
By the early 2030s, the Agent Web could become as ubiquitous as electricity. Agents will create a ceaseless marketplace of minds—trading value, optimizing lives, and amplifying human agency—while we focus on creativity, relationships, and discovery. Success depends on building it with sovereignty, transparency, and fairness at the core.
The internet will no longer be something we browse. It will be an ecosystem that works for us—intelligently, autonomously, and tirelessly. The foundations are being laid today by Visa, Google, Cloudflare, GoDaddy, and the open standards community. The Agent Web is coming; the question is how thoughtfully we shape it.
