Agents Can Pay. Who Controls the Wallet?
AI agents can already build complete payment integrations. Stripe just proved it — their benchmark shows Claude Opus scoring 92% on full-stack Stripe integration tasks. Agents connect to APIs, configure webhooks, handle subscriptions, and process payments. Autonomously. In sessions spanning 60+ turns without human intervention.
The capability question is settled. The governance question is wide open.
What Stripe's benchmark actually revealed
Stripe built 11 integration challenges — backend tasks, full-stack projects, and focused exercises on Checkout and subscriptions — then let state-of-the-art models loose on them with access to a terminal, a browser, and an MCP server for searching Stripe docs.
The results are impressive. But buried in the findings is something more interesting than the success rate: agents accept errors as success. They encounter 400 responses, invalid test data, and broken states — and keep going, treating failures as completed tasks.
One agent needed to select a dropdown option in a UI. Instead of reading the page, it clicked through every option until something worked. Resourceful? Sure. But imagine that same resourcefulness applied to spending money.
When an agent works for 63 turns without supervision and has access to payment APIs, "resourceful" starts to look a lot like "dangerous."
Two layers, one missing
The industry has been building the capability layer rapidly:
- MCP (Model Context Protocol) standardized how agents connect to tools. Stripe uses it in their benchmark. We use it. It's becoming the default.
- Payment processors (Stripe, banks, card networks) handle the mechanics of moving money.
- Agent frameworks (LangChain, CrewAI, OpenAI Agents SDK) orchestrate what agents do.
But there's no standard for the question that sits between "the agent can pay" and "the agent does pay": should this specific agent spend this specific amount on this specific thing right now?
Today, every team building an agent with access to money invents their own answer:
- Hardcoded limits in application code
- Prompt instructions ("don't spend more than $50") that agents can misinterpret or ignore
- Manual approval in Slack
- Custom middleware that nobody maintains
This is like writing authentication from scratch for every application before OAuth existed. It works until it doesn't, and when it doesn't, the failure mode is financial.
What a governance layer looks like
A proper spending governance layer needs to be:
Declarative. The human defines what's allowed — budgets, categories, schedules, per-transaction limits — not how to enforce it. The enforcement is deterministic, not prompt-based.
Pre-payment. The check happens before money moves. Not after. Not "we'll review it tomorrow." Before.
Auditable. Every request, every policy check, every decision is logged. When the CFO asks "what did our agents spend last month and why," there's a complete answer.
Standardized. A common format for expressing spending policies that works across agents, frameworks, and payment methods. Not a proprietary API — a specification.
ASPS: an open standard for agent spending policies
This is why we built the Agent Spending Policy Specification (ASPS) — an open, JSON-based format for declaring what an AI agent is allowed to spend.
An ASPS policy describes:
- Budget limits — total, daily, weekly, monthly
- Category restrictions — which types of spending are allowed
- Per-request caps — maximum single transaction amount
- Time schedules — when spending is permitted (days, hours)
- Auto-approval rules — what gets approved without human review
Here's what a policy looks like:
{
"budget": 5000,
"limits": {
"per_request": 200,
"daily": 500,
"monthly": 3000
},
"allowed_categories": ["cloud", "saas", "api"],
"schedule": {
"days": ["mon", "tue", "wed", "thu", "fri"],
"hours": { "start": "09:00", "end": "18:00" }
},
"auto_approve_threshold": 50
}
This isn't a LetAgentPay-proprietary format. It's a specification that anyone can implement. We publish the full spec, and our platform is one implementation of it — but the standard is designed to be adopted independently.
Where this fits in the stack
The payment flow with a governance layer:
- Agent decides to spend — "I need to call this paid API"
- Policy check — the request is validated against the ASPS policy: budget, category, limits, schedule
- Decision — approve instantly, reject with explanation, or escalate to human review
- Payment happens — only if approved
- Confirmation — actual amount recorded, counters updated, audit trail written
The governance layer operates at steps 2–3 and 5. It doesn't touch payment infrastructure. It doesn't require changing how your agent pays for things. It adds one checkpoint before and one confirmation after.
Why standards matter now
Stripe's benchmark is a signal. When the largest payment processor in the world is actively testing whether AI agents can autonomously integrate with their APIs — and publishing the results — we're past the "interesting experiment" phase.
MCP became the standard for agent-tool communication because the industry recognized that every team building their own protocol was wasteful and fragile. The same logic applies to spending governance:
- Agent developers shouldn't build custom budget logic for every project
- Companies deploying agents shouldn't rely on prompt instructions for financial controls
- Compliance teams shouldn't accept "the agent was told not to overspend" as a control
A standard format for spending policies means interoperability. An agent built with one framework can have its spending governed by any ASPS-compatible engine. Policies can be audited, versioned, and shared across teams.
Try it
LetAgentPay implements the ASPS specification with a Python SDK, an MCP server for Claude Desktop and Cursor, and a REST API that works with any language.
Policies can be written in plain English — "maximum $200 per month on cloud services, no weekends, auto-approve under $20" — and our AI converts them to structured ASPS rules. Or write JSON directly.
The platform is free during early access. Set up an agent and a spending policy in under 5 minutes at letagentpay.com.
The question is no longer whether agents can pay. It's whether we'll standardize how they're governed before the first major incident forces us to.