AI agents may start moving from recommendations toward transactions in financial services, with 85% of respondents in a Cloud Security Alliance survey expecting agents to “initiate and execute payment transactions” on behalf of consumers.
The finding appears in CSA’s Anjuna-commissioned State of Cloud and AI for Financial Services 2026 report, released June 8, and a June 23 CSA article on agentic payments.
The report also found 62% of surveyed financial services organizations had deployed AI agents, while 65% of respondents believe agent-led payments will require “an entirely new model for authorization.”
The rise of agent-led transactions
CSA said the authorization problem begins with a change in the role of human intent. Today’s payment authorization models generally rely on proof that a person approved a transaction at a specific moment, such as by clicking, tapping, confirming or authenticating. Agentic payments introduce a delegated software actor, where the user may authorize an objective before the final transaction occurs.
The article pointed to examples such as asking an agent to book travel within a budget or renew a subscription if the price has not increased. In those cases, the article said financial institutions need to answer how they can prove an autonomous transaction was “legitimate, authorized, bounded, and auditable.”
Redefining proof of authorization
Visa said in April that Intelligent Commerce Connect enables secure payment initiation, tokenization, spend controls and authentication for agent purchases.
Mastercard’s June Agent Pay for Machines announcement said the service would allow transactions to be permissioned, orchestrated and settled at machine speed, and described machine-led commerce as programmatic, always-on and executed between systems in the background of digital commerce.
Google has also proposed a protocol-level answer. Its Agent Payments Protocol, announced in September 2025, uses “Mandates” as cryptographically signed contracts that serve as verifiable proof of a user’s instructions. The CSA article points to the same underlying problem, saying agentic commerce needs “a new trust anchor before agentic commerce can possibly scale.”
Trust anchors in a machine-led world
CSA said agentic payments create questions for banks, card networks, fintechs, merchants and regulators over whose identity sits behind a transaction: the consumer, the agent, the merchant or the platform operating the agent.
The same transaction also raises questions over whether the user authorized a specific payment, a category of purchases, a merchant or a task outcome.
Security risks in automated payments
The report ties those questions to cloud security and data governance. CSA said sensitive data leakage was the top AI security concern among respondents at 61%, followed by excessive or weak permissions for AI-powered tools at 33%, unauthorized access or exfiltration through retrieval tools at 27% and credential exposure through API keys, tokens, system prompts and plugins at 19%.
Those risks become sharper when an agent can move money. An agent may need access to account balances, invoices, loyalty accounts, shipping details, personal preferences and merchant credentials before executing a payment.
CSA said financial institutions should not treat agentic payments as a standalone innovation project, but as an identity, authorization, data governance, monitoring and incident-response challenge.
Managing agent identity as a core security pillar
The controls described in the CSA article move agentic payments closer to identity management. CSA said financial institutions should treat agent identity as a first-class identity and access management object, with verifiable credentials, scoped permissions, time-bounded authority, behavioral monitoring, auditable action logs and automated credential rotation.
Its broader report also points to tool authorization, inter-agent communication and human oversight as part of agentic AI security architecture in financial services.