The conventional response to the commoditization argument is skepticism. Payment companies have built durable competitive advantages and shown repeated ability to defend their margins. The skepticism is reasonable but directed at the wrong variable. The threat to the payment processing margin is not a disruption originating from a competitor payment company. It is a structural consequence of open-protocol agentic commerce architecture.
Why the Execution Pipe Gets Commoditized
The mechanism is straightforward once the architecture of agentic commerce payment is understood. Under the human-friction model, payment processors captured margin at two points: fraud detection liability, which they absorbed through behavioral analytics and chargeback risk, and network effects, which made it economically irrational for merchants to operate outside dominant card network infrastructure.
The programmable wallet model, as described in the payment infrastructure analysis, eliminates both value capture mechanisms. Fraud detection in the human-friction model worked by identifying behavioral anomalies against a learned pattern of human purchasing behavior. When a buyer agent executes a purchase, it is following a precisely defined algorithmic mandate. There is no behavioral anomaly to detect. The transaction is either within the wallet's cryptographic parameters or it is not. This binary validation requires no behavioral analytics infrastructure and captures no corresponding margin.
The network effect moat is dismantled by the separation of the negotiation protocol from the execution rail. When the Agentic Commerce Protocol standardizes the agent-to-agent handshake as an open standard under an Apache 2.0 license, the merchant no longer requires a specific payment network to receive the validated authorization token. Any PSP that can validate the cryptographic credential can execute the settlement. In European markets this means the settlement can route through SEPA Instant or Wero, entirely bypassing card network infrastructure and the interchange fees it sustains.
The commoditization of the payment pipe is not a threat. It is an architectural feature of agentic commerce that concentrates value at the edges of the stack: whoever owns intent at the top and whoever owns trust at the bottom.
The Intent Layer: Why Owning the Agent's Discovery Function Is the New Search
The most immediate value concentration is at the intent layer. This is a direct structural parallel to the early days of search advertising, with one critical difference: the conversion point has moved upstream.
In the traditional digital commerce funnel, a consumer searches, clicks an organic or paid result, browses a product page, adds to cart, and converts. The search platform captures margin at the click, before any commercial outcome has been achieved. The conversion risk sits with the merchant. This is why Google search advertising has historically been a relatively low-risk, high-volume revenue model for the platform.
In the agentic model, the agent completes the entire funnel internally before the merchant is ever contacted. Discovery, evaluation, comparison, and decision all happen within the agent's reasoning process. The agent then contacts the merchant with an intent to purchase, not an intent to browse. The platform hosting this agent is no longer selling a click. It is selling a purchase. The approximately 4 percent toll being charged by OpenAI on ACP-routed transactions reflects this shift from pre-conversion to post-conversion value capture. It is structurally more valuable than advertising and structurally closer to a marketplace commission.
The implication for merchants is significant. In a search advertising model, the merchant pays for the opportunity to convert a browser. In the agent intent model, the merchant is presented with a buyer who has already decided to purchase. The conversion rate for an agent-initiated transaction approaches 100 percent by definition. The platform's 4 percent toll is charged against a near-certain sale, not an uncertain click. From the merchant's perspective this may be economically preferable to search advertising spend, but it represents a fundamentally different commercial relationship with the platform layer.
The Verification Layer: From Transaction Processing to Trust Underwriting
Financial institutions that recognize the payment processing margin is being commoditized face a fundamental strategic choice: attempt to defend the execution pipe through proprietary closed-loop architectures, or pivot to capturing margin on trust issuance.
The closed-loop defense strategy is the instinct of institutions that built their competitive advantage on network effects. Its structural problem in the agentic context is the same problem that walled gardens face against open protocols generally. An autonomous buyer agent that is constrained to a single institution's ecosystem cannot access the full supply available to an agent operating on open protocol standards. The agent's principal will either accept this limitation, which is commercially suboptimal, or provision their agent through an institution that supports open protocols. Closed-loop strategies in agentic commerce replicate, at the institutional level, the same fragmentation problem that prevents the Frankfurt U4 scenario from executing today in the fragmented Western market.
The trust underwriting pivot is structurally more defensible. Financial institutions hold two assets that are irreplaceable in the KYA framework: regulatory authorization to perform KYC verification on the human principal, and the legal standing to issue the cryptographic credential that binds that principal's authorization to a specific agent. No technology platform, regardless of scale, can substitute for a regulated financial institution in this role without regulatory authorization. The margin that banks can capture on wallet issuance, credential renewal, and liability underwriting for algorithmic mandates is not commoditizable by open-source protocol. It requires regulatory standing that is scarce by institutional design.
The Data and Context Layer: Generative Experience Optimization as the New SEO
The third value layer is emerging in a form that existing merchant infrastructure is almost entirely unprepared to capture. The current paradigm of digital marketing optimization is built on human-readable interfaces. Search engine optimization improves ranking in results pages that humans scan. Social advertising generates awareness in feeds that humans scroll. A/B testing optimizes conversion rates for humans navigating checkout flows. Every dollar of current marketing optimization spend is directed at improving commercial outcomes with human buyers.
An autonomous purchasing agent never sees a website. It queries a machine-readable data endpoint and evaluates the structured response against the buyer principal's parameters. The merchant's beautifully designed product page, carefully crafted product description, and strategically placed social proof are entirely invisible to this buyer. What the agent reads is the structured data feed, the API response, and whatever context has been made available in machine-readable format.
Generative Experience Optimization is the emerging discipline of structuring merchant data specifically for AI discovery engine prioritization. It is not a refinement of SEO. It is a separate capability built on different technical foundations and serving a different type of buyer. Merchants whose product data is not structured for machine consumption are structurally invisible to autonomous agents operating on the intent layer platforms. The share of voice metric introduced by Google in Merchant Center in May 2026 for AI surfaces is the first commercially visible measurement of this exposure. Departments currently holding no visibility into AI surface performance are now accountable for outcomes in a buyer channel they cannot see.
The Adversarial Data Layer: When GXO Is Weaponized
The analysis above assumes that the structured data an agent consumes from a merchant feed is an accurate representation of commercial reality. This assumption is the most exploitable gap in the current agentic architecture.
The negotiation phase of agentic commerce is probabilistic, driven by LLMs evaluating machine-readable data feeds to make purchasing decisions on behalf of a principal. The same property that makes this architecture powerful makes it vulnerable: the agent reasons over inbound data before it acts. A hostile merchant or a compromised B2B vendor does not need to hack the buyer's wallet or intercept the cryptographic handshake. They only need to poison the data feed the buyer's agent consumes before the reasoning begins.
By embedding adversarial instructions into a standard JSON product description, a malicious actor can instruct the parsing LLM to ignore the buyer's comparative pricing constraints, hallucinate a mandatory compliance requirement that only their product satisfies, or suppress the consideration of competing vendors entirely. If the agent generates a cryptographically valid token based on that manipulated reasoning, the transaction is technically flawless. The PSP will clear it. The enterprise holds the liability for a purchase its own governance parameters would never have authorized.
The PSP executes valid math. The wallet's cryptographic parameters were not violated. The transaction is architecturally correct and commercially wrong. The exploit happened upstream of every security layer the enterprise has.
This is not a theoretical threat vector. It is the direct consequence of deploying probabilistic reasoning systems against adversarially optimized data environments. Every SEO practitioner already understands the incentive to manipulate how their data is parsed by automated systems. GXO shifts that manipulation target from a human reading search results to an LLM reasoning over structured feeds, and the stakes are an executed purchase rather than a click.
Defending against adversarial GXO requires an Adversarial Sanitation Layer inserted between the merchant data feed and the buyer agent's reasoning process. This layer must do three things that current enterprise architectures do not perform by default: verify that inbound structured data conforms to the schema the agent was designed to consume, detect anomalous instruction-like content embedded in data fields, and sandbox the reasoning process so that inbound merchant data cannot modify the agent's evaluation criteria or suppress its comparison parameters. Without this layer, the Data Layer that was supposed to deliver competitive pricing precision becomes the attack surface through which that precision is subverted.
The Governance Layer: Where the B2B Value Concentrates
The fourth value layer is the one most directly relevant to enterprise risk management and least represented in current technology vendor positioning. As established in the liability analysis of agentic payment architecture, the governance burden in autonomous commerce sits with the enterprise that provisions the wallet and defines the agent's operating parameters. This is not a temporary condition pending regulatory clarification. It is the structural consequence of moving commercial authorization from synchronous human confirmation to pre-authorized algorithmic mandate.
Enterprises deploying autonomous agents at commercial scale, whether as buyers in procurement contexts or as sellers receiving agent-initiated purchase orders, require a governance architecture that can define the agent's mandate precisely, audit agent behavior against that mandate continuously, demonstrate compliance with evolving regulatory consent frameworks, and revoke agent authorization if the agent's environment is compromised or its behavior diverges from its mandate.
None of this capability exists in current enterprise software at the required level of specificity. The companies that build the first credible agentic governance suites will capture revenue from every enterprise that takes autonomous commercial deployment seriously. This is a high-margin B2B software category with no current incumbent and escalating regulatory tailwinds from both European and US frameworks for autonomous transaction consent.
The commoditization of the payment pipe is a feature, not a bug. It forces the margin out of the plumbing and into the software that dictates why the money moves and verifies who ordered it. This is where enterprise investment in agentic architecture should be directed.
The Enterprise Position: Exposure Across All Four Layers
Most enterprises approaching agentic commerce strategy are currently focused on either pilot implementations of autonomous purchasing, or defensive monitoring of how AI agents interact with their existing e-commerce infrastructure. Both orientations address only a fraction of the full value redistribution underway.
A complete enterprise position requires clarity across all four layers. On the intent layer: is your product data structured for agent discovery, and what is your current share of voice on AI surfaces as measured by the new Merchant Center metric? On the verification layer: what is your institution's strategy for wallet issuance and how does it integrate with your procurement authorization framework? On the data layer: have you assessed your machine-legible data maturity, and are your API responses structured for agent consumption? On the governance layer: which function in your organization owns the definition and audit of agent mandates, and is that function resourced for the liability it holds?
The Agentic Exposure Audit conducted by contraco maps this four-layer exposure profile through three diagnostic instruments that probe the dimensions most predictive of architectural vulnerability. The audit is designed specifically for technical leadership and enterprise boards who need a rigorous baseline assessment rather than a general orientation to the topic. The entry requirement reflects this: the three questions in the audit request are not screening criteria. They are the first diagnostic instrument.