American Express is pioneering a system that allows artificial intelligence agents to shop and pay on behalf of users, but it operates exclusively within its own payment network. Central to this effort is the Agentic Commerce Experiences (ACE) developer kit, which introduces concepts like intent contracts and single-use tokens to enforce secure, verifiable transactions. While promising full transaction control and enhanced trust, the system still contains opaque elements that raise questions about auditability and widespread adoption. Below we answer key questions about this emerging technology.
What is the ACE developer kit and what does it aim to solve?
The Agentic Commerce Experiences (ACE) kit is American Express’s answer to the growing need for AI agents to act autonomously in e-commerce. It addresses core pain points: trust, control, accountability, and security. Unlike traditional payment systems, ACE is built on a closed-loop network where Amex acts as both card issuer and payment processor. This dual role gives it unique oversight over every transaction. Its primary goal is to verify an agent’s identity and ensure its actions align with the user’s original intent—for instance, checking a shopping cart against a predefined spending goal. However, the exact validation mechanisms remain hidden, creating a “black box” that critics say could hinder trust.
How do intent contracts work in Amex’s agentic commerce system?
An intent contract is a digital agreement that captures what an AI agent is permitted to do and under what conditions. When a user authorizes an agent—say, to buy a laptop under $1,500—the intent contract encodes that limit and the specific parameters. During checkout, Amex’s system compares the final cart against the contract. If items match the user’s original intent, the transaction proceeds; otherwise it is blocked. This mechanism is designed to prevent rogue agents from making unauthorized purchases. While Amex explains that the contract is checked at the payment layer, it does not disclose how the semantic matching or deterministic checks work, leaving some ambiguity around enforcement.
What are single-use tokens and why are they important?
Single-use tokens are one-time cryptographic keys issued to an AI agent for a specific transaction. Unlike reusable credentials, these tokens expire immediately after use or if the transaction is cancelled. This prevents an agent—or a malicious third party—from reusing the authorization for subsequent purchases. In Amex’s architecture, the token is tied to the intent contract and the specific merchant, creating a tight security envelope. Luke Gebb, Amex’s EVP of innovation, says these tokens are a critical part of ensuring that “trust and security are the foundation of agentic commerce.” By combining tokens with the closed-loop network, Amex reduces the risk of fraud and chargebacks.
How does Amex’s closed-loop system differ from other payment networks?
Most payment networks, like Visa or Mastercard, only serve as the intermediary between a bank (issuer) and a merchant (acquirer). They do not issue cards themselves. American Express is unique because it is both issuer and network. This means Amex can control every step of an AI agent’s transaction—from authorization to settlement—without relying on a third-party bank. For agentic commerce, this allows Amex to enforce its own validation rules and integrate intent contracts directly into the payment flow. However, this closed-loop design also limits interoperability. Projects like Google’s Agent Pay Protocol (AP2) aim to bridge different networks, but Amex’s system remains proprietary.
What is Google’s role in agentic commerce and how does AP2 relate?
Google’s Agent Pay Protocol (AP2) focuses on interoperability between different payment systems and agent frameworks. While Amex participates in AP2 discussions, the ACE kit takes a different approach: transactional control rather than cross-platform compatibility. AP2 concentrates on verifying agent identity and transaction integrity across multiple networks, while Amex leverages its issuer-network status to embed compliance directly. Luke Gebb notes that Amex is “coming to the table” as the first issuer to build a full stack for AI agents. The two projects are not competing; rather, AP2 provides the interoperability layer, and ACE provides the closed-loop security. Together they could form a more robust ecosystem for agentic commerce.
What are the biggest obstacles to widespread adoption of agentic commerce?
Despite Amex’s innovations, several black boxes remain. The validation process is not fully transparent, raising concerns for merchants and banks that want to audit every step. Raj Ananthanpillai of Trua warns that without openness, trust may be slow to build. Additionally, agentic commerce requires buy-in from all sides: consumers must trust their agents, merchants must believe they will be paid, and banks must accept lower chargeback risk. Single-use tokens and intent contracts address some of these issues, but the lack of a standardized audit trail remains a hurdle. As more players like Stripe and Google enter the space, competition may drive transparency—but for now, Amex’s solution is a powerful yet guarded step forward.