Payments

Cloudflare’s Agentic Toll Booth

September 25, 2025 / No Comments

Stablecoins and Agentic Commerce are all the rage these days. Everyone is launching their own stablecoins, payments consortia, L1 blockchain, and/or agentic protocols. It’s a truly exciting time in AI and payments, but it’s also a land-grab, with everyone jockeying to become THE standard by which agentic commerce happens. 

Cloudflare & Coinbase’s latest attempt to dictate future standards with their NET Dollar and x402 protocol is an interesting development, and also a pretty shrewd and rational move… if you’re Cloudflare. 

It seems pretty obvious to anyone paying attention to AI these days that we’re about to see an explosion of AI agents doing all sorts of things on the Internet, including human-like browsing, content consumption, and commerce. 

If you’re Cloudflare, this presents both a challenge and an opportunity. 

Never Waste a Crisis

If we assume bot traffic will explode, then Cloudflare (and other CDNs/edge providers) need to discern the good bots from the bad bots. This will get increasingly difficult. 

  • Is a bot surfing a website for its human overlord to bring good traffic to that publisher, or is it slurping up copyrighted content to train a new LLM to make that publisher irrelevant? 
  • What about shopping bots? Is a bot bringing a merchant a much desired net-new sale, or is it about to commit fraud?

A version of this problem already exists today, albeit at a much smaller scale. Web crawlers (aka “spiders” or robots”) are crawling and indexing the Internet, guided by instructions that live in a “robots.txt” file on most servers, which dictates what a robot is allowed to do on any given website. Most bots identify themselves with some user-agent identifier (e.g. “Googlebot”) and follow the rules in a site’s “robots.txt” file. But there are also bad actors who ignore “robots.txt” and do whatever their human overlord has instructed them to do, be it legal or not. Today, Cloudflare, Akamai and others actively try to detect and block bot traffic. 

Now imagine every human on earth has multiple AI agents doing stuff for them on the Internet. Some agents will be good actors, some will be bad, and a lot will probably just be semi-competent vibe-coded lunatic agents blowing up Internet traffic. Pretty quickly you can see how this becomes an issue. 

If Cloudflare doesn’t find a way to solve the AI Agent bot problem, then it will either be forced to choose between: 

  1. Err on the side of allowing more bots, thus threatening Cloudflare’s core value proposition of blocking bad traffic, or
  2. Block bots en masse, which risks choking off legitimate traffic and upsetting both users & publishers/merchants, who might go seek a different CDN provider. 

Pay the Troll Toll

One expedient way to solve this problem if you control a massive percentage of Internet traffic is to erect a “toll booth” of sorts, thus forcing AI agents and their puppetmasters to whitelist themselves and/or pay for access to content, commerce, etc. or else be blocked.  

As Matthew Prince, Cloudflare’s CEO, has said quite publicly, Cloudflare thinks creators should have control over how AI uses their content, and should have the ability to charge for or block access. 

Enter Cloudflare’s x402 “standard”.

A little-known fact about the HTTP protocol is that while it doesn’t have native payments built into it, it does have a “402” code for “payment requested”. This has been there since the start, but it’s also never been implemented, despite many, many, MANY failed attempts at creating Internet-native payment & micropayment solutions over the course of DECADES. 

Cloudflare now wants to make this a thing. 

So Cloudflare and Coinbase have teamed up to launch their own NET Dollar, or stablecoin, which can be used to pay for agentic activity like browsing content from publishers, or perhaps even transacting in commerce. 

From the point of view of Cloudflare, this is an extremely rational and shrewd move for a number of reasons: 

  1. Get out in front of agentic traffic by proposing a standard for everyone to adopt… which just so happens to also grant you a toll booth on the internet)
  2. Issue a stablecoin, pegged to USD, that can be used on your Internet Toll Booth
  3. In the process, collect float (interest income) on USD deposits tied to your stablecoin (YAY!)
  4. If it gets adopted at scale, you’ve successfully solved your bot problem AND found a new revenue stream! Winning!

Will this work? Who knows? Right now, everyone is trying to make their standard THE standard everyone adopts. It feels to me like we’re living through a version of one of my favorite XKCD comics:

The only thing standard is the lack of standards

So What’s Next?

To be honest, it’s way too early to tell, but I do have some thoughts. First of all, we’re in the top of the first inning in the game of AI agents and agentic commerce, and while everyone is understandably trying to stake a claim, a lot of things are far from certain. 

For one, while both Visa & Mastercard have put out some material on their agentic payments strategies, they haven’t yet released what I think is the REAL opportunity to dictate the future of agentic commerce, and that is a method by which to bind IDENTITY to PAYMENTS. 

It should be obvious that commerce runs on trust, but what many people don’t realize is that the biggest value Visa & Mastercard offer (aside from a massive global acceptance footprint) is a set of RULES by which each participant in the network ecosystem has agreed to play. 

When you agree to join the Visa or Mastercard ecosystem, you agree to a whole set of rules that cover acceptance, issuance, settlement, dispute resolution, reversals, fraud mitigation, etc. In short, you know what to expect and what you’re going to get, and there’s immense value in that consistent, trusted brand promise. 
So when (not “if”), Visa & Mastercard come out with a standard around agentic commerce, which should (in my opinion) include specific guidance for how payment credentials are issued and linked to AI agents, I expect that most of the commerce ecosystem will adopt it.

Regina George is a secret payments nerd

Does that mean there’s no room for others besides Visa & Mastercard? Absolutely not.

I have long been a fan of stablecoins and blockchain technology. In fact, I bought my first bitcoin by wiring money to Mt. Gox, and I also led the first-ever investment in a blockchain company by a payments network in 2014 when I was at Visa. We subsequently launched Visa’s first-ever non-card B2B payments platform, Visa B2B Connect (live in 100+ countries today). It’s arguably one of the earliest at-scale uses of blockchain in payments in the world.

I am also very excited about recent regulatory developments which make stablecoins more viable than they ever have been for payment use cases. In fact, I think there are many excellent net-new use cases for stablecoins (but that’s outside the scope of this post).

I also happen to think, however, that Visa & Mastercard’s embrace of stablecoins is an opportunity for them to continue leading global payments & commerce innovation. It also opens up some really interesting possibilities for Agentic Commerce in particular… but I’ll save those details for another post. 

If you’ve made it this far, thank you for reading! I welcome thoughts & constructive feedback. You can find me online (here, obviously), or on Twitter/X: @peter or LinkedIn.

You May Also Like

Canelés de Bordeaux

Capping off 2021 with Canelés de Bordeaux

December 31, 2021

Some Personal News…

March 23, 2023
Time Out album featuring Take Five

Happy 5/4 Day!

May 4, 2023