AmEx CEO Stephen Squeri on Intent Contracts and Single-Use Tokens — The Trust Layer Behind Agentic Commerce

CEO Says Agentic Commerce Is Riskier Than Traditional E-Commerce

Inside AMEX's agentic commerce stack: How intent contracts and single-use tokens enforce AI transactions

Agentic commerce still suffers from a trust problem, Amex's new developer kit wants to solve at least part of that.

venturebeat.com

In May 2026, AmEx CEO Stephen Squeri told Diginomica that agentic commerce "brings added complexity and risk" alongside speed and convenience. That candor is the right lens for reading the ACE Developer Kit announced in April.

What stands out is that the CEO himself frames the AI-agent purchase environment as significantly higher risk than ordinary e-commerce or brick-and-mortar. When an AI agent decides and pays on a consumer's behalf, the question of whose will actually drove the transaction becomes much harder to answer.

Speaking to VentureBeat, Luke Gebb, AmEx's EVP and global head of innovation, said this is "really the first time that an issuer is coming to the table." His point: protocol specs alone cannot solve the trust gap. Someone has to own enforcement at the payment layer itself.

What Are Intent Contracts?

The conceptual heart of the ACE Developer Kit is the intent contract. This is more than a "user confirmation" UX — it is a structured constraint on what an AI agent is allowed to do.

Here is how it works. When a Card Member tells an agent "buy red shoes for under $500," ACE captures that purchase intent and issues a unique Intent ID and Proof of Intent Token. Those credentials act as a signed proof — across subsequent payment requests and dispute investigations — that the agent was operating under explicit human authorization.

Squeri explained the philosophy plainly to Diginomica: "We want to have the agent declare intent, and we want to match that intent with what was actually purchased… we want data from an intent perspective, all the way to a completion perspective." That framing is unusual in payments. Traditional card authorization is just a yes/no decision at one moment in time; the underlying purchase intent is rarely retained as data.

Intent contracts close that gap. They operate across three layers. First, an intent declaration layer, where the constraints a Card Member gives to the agent — spend caps, product categories, validity windows — are explicitly registered with ACE. Second, an intent verification layer, where the cart the agent submits is compared against the original intent. Third, a dispute resolution layer, where the Intent ID itself becomes evidence that determines liability when something goes wrong.

That said, as VentureBeat highlights, the matching logic itself remains a black box today. AmEx says it compares cart contents to the original intent but does not disclose the mix of deterministic checks and semantic evaluation behind it. Some practitioners are skeptical of the upstream identity layer too. Raj Ananthanpillai, founder of identity verification firm Trua, warned that "without a clear, high-assurance cryptographic link proving that an agent is acting under the explicit authority of a verified human owner, merchants, issuers, and networks face heightened risks of repudiation, massive chargebacks… and fraud."

How Single-Use Tokens Constrain the Payment Layer

If intent contracts define "what this transaction is for," single-use tokens are the layer that physically constrains "how much, and when, this credential can move money."

Gebb gave VentureBeat a concrete example: "Once the agent has found the item that the customer has asked for, like red shoes, they'll make a call for the payment credentials, which is a token that has the boundaries that the card member has provided." Set a $500 cap and a $600 purchase request is rejected by the token itself, not just by a downstream fraud check.

This is hard to do cleanly in an open-loop card network. In the Visa/Mastercard model, the network does not issue cards — work is split across issuing banks, acquirers, merchants, and the network itself. To bind intent to actual transactions across that chain, every actor has to relay intent metadata reliably.

AmEx, by contrast, is a closed-loop operator: issuer, network, and acquirer in one. Squeri describes it this way: "We have the card member, we have the network, and we have the merchant. And we have a free flow of information and it's as perfect information as you're going to get in this model." Owning token issuance and verification end-to-end is precisely what lets spend-bounded tokens function as a real enforcement mechanism rather than a polite suggestion.

In implementation terms, this sits alongside Stripe's Agentic Commerce Suite and Google's Verifiable Intent proof chain — but only AmEx holds final authorization authority itself. If an agent deviates from intent, AmEx can stop the transaction at the network layer. That is the structural payoff of the closed loop.

How This Differs From Open-Loop Networks

Open-loop players are not standing still. Visa is pushing its own AI commerce work, including agent-coordination efforts with AWS. But the structural constraint is real: without tight coordination with issuing banks, intent-contract-level enforcement is hard to deliver coherently.

For merchants, the practical difference is meaningful. In open-loop systems, when an AI agent transaction goes wrong, liability is split across issuer, network, merchant, and agent operator. In AmEx's model, if an Intent ID is on file, AmEx publicly commits to backing the Card Member end-to-end — that is the substance of Amex Agent Purchase Protection.

That said, the AmEx advantage is not absolute on interoperability. Gebb himself stresses that ACE is "designed for flexibility and interoperability with existing and emerging protocols," and AmEx is participating in Google's AP2 standardization. The strategy is two-layer: collect near-perfect data inside the closed loop, while staying compatible with external protocols.

What This Means for Merchants and Payment Operators

For businesses preparing to accept agent-driven payments, the announcement is a meaningful input into how they choose their trust layer.

One thing looks safe to assume: retaining and verifying intent metadata will become a baseline feature of payment infrastructure. The intent-contract idea will not stay confined to AmEx. Operators should audit early whether their checkout flows can ingest "intent-tagged requests" from agents at all.

A second open question is how to integrate token-based spend controls into existing checkout. When an agent presents a token with embedded spend caps or category restrictions, the merchant cart logic has to honor those constraints — and most carts today are not designed for that.

For the broader picture of the ACE Developer Kit, the companion ACE Developer Kit deep-dive walks through the five integrated services in detail. This article focused on the higher-order primitives — intent contracts and single-use tokens — and the two read well together.

Wrap-Up

Squeri's framing positions agentic commerce as a high-risk domain that, with the right data, can actually be safer than traditional e-commerce. Structure intent through intent contracts, physically constrain the payment leg with single-use tokens, and observe everything end-to-end through the closed loop. Only when those three layers line up, AmEx argues, does AI-agent payment trust really hold together.

Open issues remain. The verification logic is still opaque, and the upstream human-identity layer is genuinely underdeveloped. The next milestones to watch are how much of the matching algorithm AmEx ultimately discloses, and how aggressively the open-loop camp can replicate intent-level enforcement. For operators handling agent payments today, the right move is to invest in intent-metadata infrastructure now without locking too tightly into any single vendor's stack.