What is the Trusted Agent Protocol?

A Visa framework (14 October 2025, with Cloudflare) that lets merchants cryptographically verify trusted AI agents and distinguish them from malicious bots at checkout.

The specification and a sample implementation are public on GitHub (visa/trusted-agent-protocol) under a custom license; see LICENSE.md in the repository.

What does TAP transmit to merchants?

Cryptographically signed agent intent, consumer recognition data, and optionally payment information, over HTTP Message Signatures (RFC 9421).

What Is Visa's Trusted Agent Protocol (TAP)?

Q: How does TAP relate to ACP and x402?

Visa positions TAP as complementary to ACP and is collaborating with Coinbase on x402 interoperability.

The Trusted Agent Protocol (TAP) is a trust framework for agentic commerce unveiled by Visa on 14 October 2025 and developed in collaboration with Cloudflare. It gives merchants a standardized, cryptographic way to verify that an AI agent is legitimate, is acting for an authenticated user and is authorized for the specific action it is taking, so that trusted agents can be distinguished from malicious bots at checkout. Agent signatures are built on the HTTP Message Signatures standard (RFC 9421), aligned with Web Bot Auth, and can carry agent intent, consumer recognition data and optional payment information. The initial specifications apply to the Visa network; Visa positions TAP as complementary to ACP and is working with Coinbase on x402 interoperability. The specification and a sample implementation are public on GitHub.

Key facts

Author / steward	Visa, developed in collaboration with Cloudflare
Announced	2025-10-14
License	Public repository on GitHub (custom license, see LICENSE.md in the repo)
Governance	Published by Visa (Visa Developer Center and GitHub); Visa states alignment work with standards bodies IETF, OpenID Foundation and EMVCo
Scope	Trust framework for agentic commerce: lets merchants cryptographically verify approved AI agents (agent intent, consumer recognition, optional payment information) and distinguish them from malicious bots at checkout
Transport	HTTP Message Signatures (RFC 9421), aligned with Web Bot Auth; extendable to non-web message protocols
Payment	Agents can optionally carry payment data to support the merchant's preferred checkout; initial specifications apply to the Visa network
Maturity	beta

What makes it distinctive

Unveiled by Visa on 14 October 2025, developed in collaboration with Cloudflare
Cryptographic agent signatures bound to the merchant domain and operation, with anti-replay protections
Three information layers: agent intent, consumer recognition, optional payment information
Built on HTTP Message Signatures (RFC 9421) and aligned with Web Bot Auth
Early partner feedback from Adyen, Ant International, Checkout.com, Coinbase, CyberSource, Elavon, Fiserv, Microsoft, Nuvei, Shopify, Stripe and Worldpay
Positioned by Visa as complementary to ACP, with x402 interoperability work alongside Coinbase

How TAP works

TAP gives merchants a way to answer three questions before accepting an agent interaction: is this a legitimate, recognized agent; is it acting for a specific, authenticated user; and does it carry valid instructions for this action? The agent presents a cryptographic signature built on HTTP Message Signatures (RFC 9421), aligned with Web Bot Auth. The signature includes timestamps, a unique session identifier, key and algorithm identifiers (anti-replay), and is bound to the merchant’s domain and the specific operation (browsing or payment). Three information layers ride on it: agent intent, consumer recognition (existing account or relationship, with consent) and optional payment information (for example Payment Account References for cards on file, loyalty numbers, emails).

Specification and governance

Visa unveiled TAP on 14 October 2025, developed in collaboration with Cloudflare, with early feedback from Adyen, Ant International, Checkout.com, Coinbase, CyberSource, Elavon, Fiserv, Microsoft, Nuvei, Shopify, Stripe and Worldpay. The spec and a complete sample implementation (agent registry, CDN proxy verifying RFC 9421 signatures, merchant backend and frontend, demo agent) are public on GitHub under a custom license. Visa states alignment work with IETF, OpenID Foundation and EMVCo.

How TAP fits the stack

TAP is not a checkout or payment protocol: it is the trust layer that lets a merchant distinguish a credentialed agent from a malicious bot before commerce happens. Visa positions it as complementary to ACP and is collaborating with Coinbase on x402 interoperability. Mastercard’s Agent Pay tackles the same trust problem from the issuing/tokenization side.

Limitations and open questions

The initial specifications apply to the Visa network; ecosystem-wide reach depends on the standards-body alignment Visa says it is pursuing. No releases are tagged on the repository yet, and merchant-side adoption beyond the named early partners is not yet documented in primary sources.

Who should care

Merchants whose bot defenses block legitimate shopping agents, CDNs and anti-bot vendors, and agent platforms that want their agents recognized rather than filtered.

Adoption

Visa: Author (2025-10-14). source
Cloudflare: Co-development collaborator (2025-10-14). source
Microsoft: Early partner (feedback) (2025-10-14). source
Shopify: Early partner (feedback) (2025-10-14). source
Stripe: Early partner (feedback) (2025-10-14). source
Coinbase: Early partner; x402 interoperability (2025-10-14). source

See the full adoption tracker →

What is the Trusted Agent Protocol (TAP)?