A practical scoring rubric for AI-agent payment rails: identity exposure, authorization, settlement, custody, autonomy, revocation, logs, and privacy fit.
How to Score an Agent Payment Rail Before You Let It Spend
Do not ask whether an agent payment rail sounds advanced. Score what it exposes, who authorizes spend, where money settles, who holds custody, and how fast you can revoke it.
Privacy frame: agent payments are authority systems. The useful question is not whether a protocol is modern. The useful question is who can spend, who approves, who settles, who stores logs, and how quickly the user can revoke it.
Primary sources
The seven fields that matter
Start with identity surface, authorization model, settlement rail, custody model, autonomy level, revocation path, and data path. Those fields describe the real privacy shape better than a product headline.
A rail can be useful and still not private. Privacy.com is useful for card controls. x402 is useful for HTTP payments. AP2 is useful for mandates. Each one still creates records.
Autonomy is a risk score
Autonomy level 1 is agent-drafts, human-pays. Level 3 is scoped spend. Level 5 is broad authority. For privacy and safety, lower is often better.
The best agent payment setups make the approval boundary visible. The user should know when the agent is proposing, when policy is deciding, and when money actually moves.
- Prefer hard limits over monitoring promises.
- Prefer one instrument per merchant or task.
- Prefer external signing over in-runtime keys.
- Prefer revocable cards, wallets, or grants.
Buyer use
For a buyer or investor, the score shows whether a provider belongs in a privacy stack, a control stack, or an avoid list. A strong business product may still be a weak privacy product.
Cunicula should keep those categories separate. Paid data is valuable because the warnings stay intact.
Cunicula scoring rubric
- Identity: none, email, light KYCKnow Your Customer rules require users to submit identity information such as passports, selfies, addresses, or phone numbers before accessing a service.Glossary →, full KYC, or unknown.
- Authority: human approval, policy engine, mandate, API key, wallet grant, or session budget.
- Settlement: card, bank, crypto, stablecoin, gift card, internal ledger, or deferred.
- Custody: self-custody, issuer custody, provider custody, merchant credit, or none.
- Revocation: can the user pause, close, rotate, or revoke before damage spreads?
Use the Agent Money matrix and the agent-money directory filter to compare live Cunicula provider records.
Frequently Asked Questions
How should I score an AI-agent payment rail?
Score identity exposure, authorization model, settlement rail, custody model, revocation, logging, budget limits, and whether the agent can spend without fresh approval.
What is the biggest red flag?
Broad authority in the agent runtime. If the agent can access a main card, exchange session, seed phrase, or high-balance wallet, the design is unsafe.