One human click used to hide 6 commercial responsibilities. Agentic commerce just pulled them apart + a responsibility-layer audit.

Source: Nate’s Newsletter Date: 2026-05-12 URL: https://natesnewsletter.substack.com/p/agentic-commerce-protocol-war

Summary

Nate’s Newsletter argues that the traditional checkout button collapsed six distinct commercial responsibilities — identity verification, authorization, fraud detection, credential management, settlement/liability, and dispute resolution — into a single human gesture. As AI agents take over purchasing flows, each responsibility becomes a contested surface. The piece frames this as a protocol war: OpenAI, Stripe, Google, and Shopify are each trying to own specific layers, with MCP (tool/data reach), A2A (agent-to-agent delegation), and AG-UI (human oversight controls) as the emerging standards that will determine who controls what.

Implications

• Agentic commerce authorization is unsolved: The central design challenge — “how does everyone know the agent was allowed to do what it just did?” — has no settled answer yet; the protocol that credibly solves it will become load-bearing infrastructure.
• Feeds the agent authorization / trust thread: This is a practitioner-level analysis of the same problem space as emerging MCP auth proposals and OAuth extensions for agents.
• Responsibility-layer thinking is a useful frame: Products building agent-facing commerce flows can use this audit to check which of the six layers they’ve actually addressed vs. inherited from human checkout assumptions.