ARTICLE DOSSIER

A practical scoring rubric for AI-agent payment rails: identity exposure, authorization, settlement, custody, autonomy, revocation, logs, and privacy fit.

AI PRIVACYPAYMENTSOPSEC
REVIEW2026-07-05
DATE2026-07-05
READ~5 min read

← Guides

How to Score an Agent Payment Rail Before You Let It Spend

Do not ask whether an agent payment rail sounds advanced. Score what it exposes, who authorizes spend, where money settles, who holds custody, and how fast you can revoke it.

Privacy frame: agent payments are authority systems. The useful question is not whether a protocol is modern. The useful question is who can spend, who approves, who settles, who stores logs, and how quickly the user can revoke it.

Primary sources

The seven fields that matter

Start with identity surface, authorization model, settlement rail, custody model, autonomy level, revocation path, and data path. Those fields describe the real privacy shape better than a product headline.

A rail can be useful and still not private. Privacy.com is useful for card controls. x402 is useful for HTTP payments. AP2 is useful for mandates. Each one still creates records.

Autonomy is a risk score

Autonomy level 1 is agent-drafts, human-pays. Level 3 is scoped spend. Level 5 is broad authority. For privacy and safety, lower is often better.

The best agent payment setups make the approval boundary visible. The user should know when the agent is proposing, when policy is deciding, and when money actually moves.

  • Prefer hard limits over monitoring promises.
  • Prefer one instrument per merchant or task.
  • Prefer external signing over in-runtime keys.
  • Prefer revocable cards, wallets, or grants.

Buyer use

For a buyer or investor, the score shows whether a provider belongs in a privacy stack, a control stack, or an avoid list. A strong business product may still be a weak privacy product.

Cunicula should keep those categories separate. Paid data is valuable because the warnings stay intact.

Cunicula scoring rubric

Use the Agent Money matrix and the agent-money directory filter to compare live Cunicula provider records.

Frequently Asked Questions

How should I score an AI-agent payment rail?

Score identity exposure, authorization model, settlement rail, custody model, revocation, logging, budget limits, and whether the agent can spend without fresh approval.

What is the biggest red flag?

Broad authority in the agent runtime. If the agent can access a main card, exchange session, seed phrase, or high-balance wallet, the design is unsafe.