McKinsey projects agentic commerce could redirect $3 to $5 trillion in global consumer spending by 2030. Morgan Stanley puts the U.S. e-commerce slice alone at $190 to $385 billion by the same date. The infrastructure is being built now.
For thirty years, the web has operated on a single assumption: a person sits at a screen, reads a page, and makes a decision. Every protocol we built — HTTP, HTML, CSS, JavaScript — was designed to deliver information to human eyes. That era is not ending, but it is being joined by something fundamentally new.
AI agents are now shopping, booking, negotiating, and paying on behalf of humans. They do not browse. They do not click. They execute. And the infrastructure they need to operate looks nothing like the infrastructure we built for browsers.
Six protocols are creating the plumbing that makes autonomous commerce possible. Together, they form a complete stack — from data access to payment settlement — that will underpin the next era of digital commerce.
This article is the complete map. By the end, you will understand what each protocol does, how they work together, and what your business needs to do about it.
The Stack at a Glance
Think of these six protocols as layers in a system, similar to how TCP/IP, HTTP, and HTML layer on top of each other to deliver a webpage. Each protocol solves one problem. Together, they enable end-to-end autonomous commerce.
| Layer | Protocol | Function | Who Built It | When | Key Stat |
|---|---|---|---|---|---|
| 1 | MCP | Data Access | Anthropic | Nov 2024 | 10,000+ servers, 97M SDK downloads |
| 2 | WebMCP | Browser Interaction | Google + Microsoft | Feb 2026 | 78.6% browser coverage on day one |
| 3 | UCP | Commerce (Open Standard) | Google + Shopify | Jan 2026 | 20+ endorsers incl. Walmart, Visa |
| 3b | ACP | Commerce (ChatGPT) | OpenAI + Stripe | Sept 2025 | 900M weekly users, 4% merchant fee |
| 4 | A2A | Agent Coordination | Google Cloud | Apr 2025 | 50+ partners incl. Salesforce, SAP |
| 5 | AP2 | Payments | Sept 2025 | 60+ partners, cryptographic mandates |
Layer 1 (MCP) lets agents access data — your product catalog, your calendar, your inventory system. Layer 2 (WebMCP) lets agents interact with your website the same way a human would, but through structured function calls instead of mouse clicks. Layers 3 and 3b (UCP and ACP) define how agents complete a purchase — the digital equivalent of a checkout counter. Layer 4 (A2A) lets agents talk to each other — your customer's shopping agent negotiating with your pricing agent. Layer 5 (AP2) handles money — cryptographically signed payment mandates that ensure no agent can overspend.
These protocols are not theoretical. They have shipping code, real adoption numbers, and governance bodies behind them. Let us walk through how they work in practice.
How a Transaction Actually Works
Abstract protocol descriptions only go so far. Here is a concrete example of what happens when a customer says to their AI assistant: "Find me a waterproof hiking boot under $200."
Phase 1: Discovery
The customer's AI agent needs to find products. Two things happen simultaneously.
First, WebMCP activates in the browser layer. The agent calls navigator.modelContext — a new browser API exposed in Chrome 146 — which returns a structured description of the merchant's website: what products are available, what actions can be taken, what data can be queried. This replaces the old method of scraping HTML and guessing at page structure. The response comes back in 10 to 50 milliseconds, compared to the 2 to 5 seconds required by traditional screen-scraping approaches (Google, 2026).
Simultaneously, the agent queries the merchant's MCP server — a backend endpoint that provides direct access to structured product data. The agent sends a JSON-RPC 2.0 request asking for waterproof hiking boots under $200. The MCP server returns matching products with prices, availability, reviews, and specifications in structured JSON. No HTML parsing. No guesswork.
Phase 2: Agent Negotiation
The customer's shopping agent has found three candidate boots. Now it needs to determine if any merchant will offer a better deal — perhaps a bundle, a loyalty discount, or free expedited shipping.
This is where A2A (Agent-to-Agent Protocol) takes over. The customer's agent looks up the merchant's Agent Card — a JSON file hosted at .well-known/agent-card.json on the merchant's domain. This card declares the merchant agent's capabilities: "I can negotiate pricing," "I can check real-time inventory," "I can apply promotional codes."
The two agents open a secure communication channel. The customer's agent says: "My user is a returning customer who has spent $800 in the last year. Can you offer a loyalty discount on the TrailMaster Pro boot?" The merchant's pricing agent checks internal rules and responds with a 15% discount offer, valid for 30 minutes.
Phase 3: Checkout
The customer approves the boot and the discount. Now the transaction needs a formal checkout process.
If the merchant supports UCP (Universal Commerce Protocol), the agent reads the merchant's UCP manifest at .well-known/ucp — a machine-readable file that declares available products, checkout endpoints, and accepted payment methods. The agent submits a structured purchase order via the UCP API, which returns an order confirmation with a cryptographic receipt.
If the transaction happens inside ChatGPT, ACP (Agentic Commerce Protocol) handles it instead. The merchant has uploaded a compressed product feed (gzip format) to OpenAI's merchant portal. ChatGPT's commerce layer matches the product, and checkout occurs through 5 REST API endpoints: product lookup, cart creation, shipping options, order placement, and order status. The merchant pays a 4% transaction fee to OpenAI on completed purchases, plus standard Stripe processing fees.
Phase 4: Payment
The boot costs $170 after the loyalty discount. The AI agent needs to pay — but it must not have unrestricted access to the customer's payment methods.
AP2 (Agent Payment Protocol) handles this through a three-stage mandate system:
- Intent Mandate — The agent declares its intent: "I want to purchase one pair of TrailMaster Pro boots for $170 from MountainGear.com." This is cryptographically signed.
- Cart Mandate — The payment system validates the cart contents, confirms the merchant, and locks the price. The customer's pre-set spending limits are checked (e.g., "no single purchase over $500").
- Payment Mandate — A One-Time Execution Token is generated. This token authorizes exactly one payment of exactly $170 to exactly this merchant. It cannot be reused, redirected, or inflated. Settlement occurs through the customer's linked payment method.
The entire sequence — from "find me a hiking boot" to payment settlement — happens in seconds. The customer approves once and the protocols handle the rest.
Deep Dive: Each Protocol
MCP — Model Context Protocol (Layer 1: Data Access)
MCP is the foundational layer — it defines how AI agents connect to external data sources and tools. Think of it as a universal adapter. Before MCP, every AI model needed custom integration code for every data source. MCP standardizes this into a single protocol.
Technical architecture: MCP uses a client-server model communicating via JSON-RPC 2.0. Servers expose "tools" (functions an agent can call), "resources" (data an agent can read), and "prompts" (templates for common operations). Communication happens over HTTP with Server-Sent Events for streaming, or via standard input/output for local processes.
Security model: Capability-based access tokens following the principle of least privilege. An MCP server grants an agent access only to the specific tools and data it needs — nothing more. OAuth 2.1 is the recommended authentication flow.
Adoption: Over 10,000 active public MCP servers worldwide, with 97 million monthly SDK downloads (Anthropic, January 2026; TechCrunch, December 2025). Major adopters include Salesforce, Slack, GitHub, Stripe, and Cloudflare.
Case study: A healthcare multi-agent system deployed MCP to connect clinical decision-support agents to electronic health records, lab systems, and pharmaceutical databases. The result: 40% faster data retrieval across systems and 25% improvement in diagnostic accuracy (Anthropic MCP case studies, 2025).
WebMCP — Web Model Context Protocol (Layer 2: Browser Interaction)
WebMCP brings MCP into the browser itself. Instead of requiring a separate backend server, websites can expose their functionality directly through the browser's navigator.modelContext API. When an AI agent visits a WebMCP-enabled site, the browser automatically provides a structured description of what the site can do — products available, forms that can be filled, actions that can be taken.
Technical architecture: WebMCP extends the browser's existing API surface. Websites declare their capabilities through a modelContext manifest, similar to how they declare service workers or web app manifests today. The browser mediates all interactions, enforcing same-origin policy and requiring explicit user consent before any agent action.
Performance: Google's internal benchmarks show a 67% reduction in compute costs per interaction compared to traditional screen-scraping approaches. Latency drops from 2-5 seconds to 10-50 milliseconds because the agent reads structured data instead of parsing rendered HTML (Google, 2026).
With Chrome at 65.4% and Edge at 13.2% of global browser market share, WebMCP had 78.6% coverage — approximately 2.1 billion browser users — on day one (StatCounter, February 2026).
UCP — Universal Commerce Protocol (Layer 3: Commerce)
UCP is the open commerce standard — it defines how AI agents discover products, check availability, and complete purchases on any merchant's site, regardless of which AI platform the customer uses. It is platform-neutral by design: a Claude agent, a Gemini agent, and a ChatGPT agent can all transact through the same UCP endpoint.
Technical architecture: Merchants publish a UCP manifest at .well-known/ucp on their domain. This machine-readable JSON file declares the merchant's product catalog schema, checkout API endpoints, accepted payment methods, return policies, and agent interaction capabilities. Agents discover merchants through this manifest and complete transactions through standardized REST APIs.
Security model: UCP implements a Zero-Trust Agentic Interface (ZTAI) — every request must include cryptographic proof of user consent. The agent cannot act without an auditable authorization chain linking the action back to the human customer.
Case study: Nexus Apparel implemented UCP endpoints through the Presta e-commerce platform. Within 90 days: 210% increase in AI-proxy sales and a 35% reduction in customer acquisition cost compared to Google Ads campaigns (Presta, 2026).
ACP — Agentic Commerce Protocol (Layer 3b: ChatGPT Commerce)
ACP powers Instant Checkout inside ChatGPT, which serves over 900 million weekly users as of December 2025 (OpenAI, December 2025). Where UCP is an open standard any AI platform can use, ACP is proprietary to the ChatGPT ecosystem — but given ChatGPT's scale, it represents a massive commerce channel.
Technical architecture: Merchants upload compressed product feeds (gzip format) to OpenAI's merchant portal. ChatGPT's commerce layer indexes these feeds and matches products to user queries. Checkout is handled through 5 REST API endpoints: product lookup, cart creation, shipping calculation, order placement, and order status tracking. Payment processing runs through Stripe Shared Payment Tokens — the agent never sees the customer's card details.
Economics: OpenAI charges a 4% transaction fee on completed purchases, on top of standard Stripe processing fees (approximately 2.9% + $0.30). For a $100 purchase, the merchant pays roughly $7.20 in combined fees. This is higher than traditional e-commerce payment processing but comes with access to 900 million potential buyers.
Case study: Early ACP merchants report ChatGPT-originated transactions have higher average order values, lower return rates, and virtually zero abandoned carts — because the agent handles the entire checkout flow once the customer approves (OpenAI merchant reports, Q1 2026).
A2A — Agent-to-Agent Protocol (Layer 4: Agent Coordination)
A2A solves a problem that did not exist two years ago: how does one AI agent communicate with another AI agent? When your customer's shopping agent needs to negotiate with your merchant's pricing agent, or when a logistics agent needs to coordinate with a warehouse agent, they need a shared language and trust framework.
Technical architecture: A2A is built on three concepts. First, Agent Cards — JSON files hosted at .well-known/agent-card.json that declare an agent's identity, capabilities, and interaction protocols. Second, Tasks — structured units of work that agents exchange, with defined states (submitted, working, completed, failed). Third, Channels — secure communication streams that support text, structured data, and file transfers between agents.
Security model: Mutual TLS for transport-layer encryption. OAuth 2.0 for identity and authorization. Scoped access tokens that limit what each agent can request from the other. Every interaction is logged and auditable.
Case study: A global supply chain consortium deployed A2A to coordinate procurement, logistics, and inventory agents across 12 countries. Result: 30% reduction in inventory holding costs and 50% faster response to supply chain disruptions (A2A consortium report, 2025).
AP2 — Agent Payment Protocol (Layer 5: Payments)
AP2 answers the most critical question in autonomous commerce: how do you let an AI agent spend money without giving it your credit card? The answer is a system of cryptographic mandates — signed, scoped, single-use payment authorizations that give agents exactly enough financial authority to complete a specific transaction and nothing more.
Technical architecture: AP2 uses a three-stage mandate chain:
- Intent Mandate — The agent declares what it wants to buy, from whom, and for how much. This is cryptographically signed by the user's authentication credentials.
- Cart Mandate — The payment system validates the cart contents, confirms the merchant's identity, checks the user's spending limits and preferences, and locks the transaction parameters.
- Payment Mandate + One-Time Execution Token — A unique, single-use token is generated that authorizes exactly one payment for exactly the validated amount to exactly the validated merchant. The token expires after use or after a short time window. It cannot be replayed, redirected, or modified.
Security: In simulated adversarial testing, the One-Time Execution Token system prevented 100% of replay attacks, redirect attacks, and amount-inflation attacks — attack vectors that would be trivial to exploit if agents used traditional payment credentials (Google Security, 2025).
Security and Trust: How the Stack Prevents Fraud
Autonomous agents spending money on behalf of humans creates obvious attack surfaces. Each protocol in the stack addresses security at its own layer, and together they form a defense-in-depth model.
| Protocol | Security Mechanism | What It Prevents |
|---|---|---|
| WebMCP | Same-origin policy + User consent manager | Cross-site data leakage, unauthorized agent actions |
| MCP | Capability-based access tokens + OAuth 2.1 | Unauthorized data access, privilege escalation |
| UCP | Zero-Trust Agentic Interface (ZTAI) | Unauthorized purchases, forged consent |
| ACP | Stripe Shared Payment Tokens | Payment credential exfiltration |
| A2A | Mutual TLS + OAuth 2.0 scoped tokens | Agent impersonation, unauthorized requests |
| AP2 | Signed mandates + One-Time Execution Tokens | Replay attacks, payment redirection, overspending |
The cumulative effect: an AI agent operating across this full stack cannot access data it is not authorized to see, cannot take actions the user has not approved, cannot spend more than the user allows, and cannot redirect payments to unauthorized recipients. Every layer assumes the others might be compromised and enforces its own security independently.
The 2026 Agentic Protocol Stack — Visual Overview
Video Overview: The 6-Protocol Stack Powering the Agent Economy — Generated by NotebookLM from 71 research sources
What This Means for Your Business
Understanding the protocol stack is not an academic exercise. These protocols determine whether AI agents can find your business, interact with your products, and complete purchases. If your digital infrastructure does not support them, you are invisible to a rapidly growing commerce channel.
Here is how this maps to concrete action:
Tier 1: AI Visibility Audit ($1,500)
The starting point is assessment. An AI Visibility Audit answers a simple question: can AI agents find and understand your business today?
This means testing which protocols your website currently supports. Does your robots.txt allow AI crawlers? Do you have Schema.org structured data? Is there an llms.txt file describing your business for language models? Can AI agents parse your product catalog? The audit produces a readiness score and a prioritized remediation plan.
45% of consumers now use AI to find local services (BrightLocal, 2026), and 93% of business websites are not agent-ready (Dashform, 2026). An audit tells you exactly where you stand.
Tier 2: AI Readiness Retrofit ($3,000 - $5,000)
Once you know what is broken, you fix it. A Readiness Retrofit implements the foundational layer:
- Schema.org JSON-LD structured data so agents understand your business type, services, pricing, location, and hours
- llms.txt file placement — a plain-text description of your business optimized for large language models
- GEO (Generative Engine Optimization) content restructuring, because adding statistics to your content increases AI visibility by 37%, citing authoritative sources adds 40%, and including expert quotations adds 30% (Princeton GEO-bench study, 10,000 queries)
- robots.txt updates to explicitly allow AI crawlers (GPTBot, ClaudeBot, Google-Extended)
This tier makes you visible to AI agents. They can find you, understand what you offer, and cite you in recommendations.
Tier 3: Agent Access ($4,500 - $22,500+)
This is where competitive advantage lives. Agent Access makes your business not just visible to AI agents but transactable — agents can check your real-time inventory, get live pricing, negotiate terms, and complete purchases.
This tier includes:
- MCP endpoint deployment — connecting your business systems (inventory, booking, pricing) to the MCP protocol so agents can query live data
- WebMCP tool registration — declaring your website's capabilities through the browser-native API so agents interacting via Chrome or Edge can transact directly
- Verifiable credentials and trust infrastructure — implementing the authentication frameworks that let agents verify your business identity and let your systems verify agent authorization
- A2A Agent Card publication — declaring your business agent's capabilities so other agents can discover and negotiate with you
Nexus Apparel saw a 210% increase in AI-proxy sales after implementing commerce protocol endpoints (Presta, 2026). Early MCP adopters report agent traffic arriving within weeks of enabling endpoints (Anthropic, 2026). The businesses that build this infrastructure first will capture the agent-driven commerce wave while competitors remain invisible.
The Bottom Line
The AI agent economy is not a future prediction. It is infrastructure being built and deployed right now, by the largest technology companies in the world, with billions of users already on the platforms.
Six protocols — MCP, WebMCP, UCP, ACP, A2A, and AP2 — form the complete stack that enables AI agents to discover businesses, interact with products, negotiate terms, complete purchases, and settle payments. Each protocol is backed by major governance bodies, has significant adoption metrics, and is being implemented by leading merchants and service providers.
The question for your business is not whether to engage with the agent economy. It is how quickly you can make your digital infrastructure accessible to the agents that are already shopping on behalf of your customers.
The protocol stack exists. The adoption is accelerating. The businesses that build for it now will own the next era of commerce.
Frequently Asked Questions
What is the difference between MCP and WebMCP?
MCP is a backend protocol — it connects AI agents to your servers, databases, and APIs. WebMCP is a frontend protocol — it connects AI agents to your website through the browser. Think of MCP as the staff entrance and WebMCP as the customer entrance. Both lead to your business, but they serve different interaction patterns. A complete implementation uses both: MCP for deep data access and WebMCP for browser-based agent interactions.
Do I need to support all 6 protocols?
No. Start with the layers that match your business model. Every business should implement the foundations that make them discoverable (structured data, llms.txt, GEO optimization). If you sell products online, UCP and/or ACP should be priorities. If you offer services that require coordination, A2A matters. AP2 becomes relevant when you enable autonomous purchasing. Think of it as a ladder — climb the rungs that apply to your business.
Which protocol should I implement first?
Start with visibility, then move to transactability. The priority order for most businesses: 1) Structured data + llms.txt (pre-protocol foundation — makes you findable), 2) MCP (lets agents query your live data), 3) WebMCP (lets browser-based agents interact with your site natively), 4) UCP or ACP (enables actual checkout), 5) A2A (enables agent-to-agent negotiation), 6) AP2 (handled by payment providers — you integrate through their SDKs).
How much does it cost to become agent-ready?
It depends on your starting point and goals. A basic visibility audit runs around $1,500. A full readiness retrofit with structured data, llms.txt, and GEO optimization costs $3,000 to $5,000. Full Agent Access with MCP endpoints, WebMCP tools, and commerce protocol integration ranges from $4,500 to $22,500+ depending on the complexity of your business systems. The ROI data supports the investment: U.S. enterprises forecast an average 192% return on agentic AI deployments (Zigment.ai, 2026).
Are these protocols competing or complementary?
Complementary. Each protocol solves a different problem at a different layer of the stack. MCP and WebMCP are not alternatives — one handles backend data, the other handles browser interaction. UCP and ACP do overlap (both handle commerce), but they serve different ecosystems: UCP is an open standard for any AI platform, ACP is specific to ChatGPT. Most merchants will eventually support both, just as most websites today support both Google and Bing. A2A and AP2 operate at layers that no other protocol addresses.
What happens if I wait?
The data suggests waiting is expensive. AI-referred traffic surged 805% year-over-year on Black Friday 2025 (Adobe via MetaRouter, January 2026). Google's share of local business discovery dropped 12 percentage points in a single year (BrightLocal, 2026). AI search visitors convert at 4.4x the rate of standard organic traffic (Digital Applied, January 2026). Every month you wait, competitors who have implemented these protocols are capturing agent-driven traffic that your business cannot access. By the time the market reaches McKinsey's projected $3-5 trillion, the early movers will have established the agent relationships and trust scores that late entrants will struggle to build.
Sources: McKinsey (October 2025) · Morgan Stanley Research (2025) · Anthropic (January 2026) · TechCrunch (December 2025) · Chrome Developers Blog (February 2026) · Google / Shopify (January 2026) · OpenAI (January 2026) · Google Cloud (April 2025) · Google Security (2025) · StatCounter (February 2026) · Presta Case Study (2026) · A2A Consortium Report (2025) · Anthropic MCP Case Studies (2025) · OpenAI Merchant Reports (Q1 2026) · BrightLocal (2026) · Dashform (2026) · Adobe / MetaRouter (January 2026) · Digital Applied (January 2026) · Zigment.ai (2026) · Aggarwal et al. / Princeton (2023)