AI Agent System Fundamentals

The news just dropped - and it was only a matter of time. After PayPal and Mastercard, Visa is also going big on agentic AI. It’s called Visa Intelligent Commerce (VIC). Here is my take. 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗶𝘁? VIC is a trust layer that lets autonomous AI agents - travel bots, voice assistants, smart fridges - find, decide and pay for consumers. Visa converts an ordinary card into an AI-ready token that: • verifies the agent is authorised by the cardholder • enforces spend limits and rules • uses Visa’s real-time risk models to approve or block each transaction. Visa will extend the infrastructure, standards and capabilities present in physical and digital commerce today to AI commerce. Consumers will enable AI agents via AI platforms to use a Visa credential (4.8 billion today) at any accepting merchant location (150 million) for any payment use case. 𝗪𝗵𝘆 𝗱𝗼𝗲𝘀 𝗶𝘁 𝗺𝗮𝗸𝗲 𝘀𝗲𝗻𝘀𝗲? • AI is moving from chat to action. Autonomous agents are forecast to drive $1 trn in spend by 2030; the missing piece is a trusted “buy” button. • Friction kills sales. Up to 70 % of mobile carts are abandoned; an agent that checks out in milliseconds fixes that. • Visa leverages existing infrastructure built over decades (to combat fraud) and redeploys it for agent-driven commerce. 𝗜𝗺𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝘁𝗼 𝘄𝗮𝘁𝗰𝗵 • Consumers: AI agents embedded in devices - from smartwatches to digital assistants - to shop on a consumer's behalf via programmable spending limits, merchant rules, and tokenised payments. • Merchants & platforms: higher conversion and truly personalised storefronts built for “segments of one” (treating each individual customer as a unique segment). • Banks & fintechs: new AI-ready cards with consent tools and dashboards, monetising agent insights. • Developers: rails-as-a-service; expect an explosion of agent-first apps across travel, retail and SMB back-office - no deep compliance or full-stack checkout flows needed. • Policy & privacy: tokenisation, spend limits, and audit trails offer a template regulators may adopt as autonomous commerce scales.    Visa isn’t trying to build the best AI - it’s ensuring any AI can pay safely. By opening its network as the last mile for autonomous agents, Visa positions itself as the invisible switchboard of the next commerce era. If AI becomes the new browser, Visa wants VIC to become its checkout button. Opinions: my own, Video source: Visa 𝐒𝐮𝐛𝐬𝐜𝐫𝐢𝐛𝐞 𝐭𝐨 𝐦𝐲 𝐧𝐞𝐰𝐬𝐥𝐞𝐭𝐭𝐞𝐫: https://lnkd.in/dkqhnxdg

OWASP GenAI Security Project Drop! 𝗧𝗟;𝗗𝗥 The team released “Agent Name Service (ANS) for Secure AI Agent Discovery,” and it proposes a DNS-inspired registry that gives every AI agent a cryptographically verifiable “passport.” By combining PKI-signed identities with a structured naming convention, ANS enables agents built on Google’s A2A, Anthropic’s MCP, IBM’s ACP, and future protocols to discover, trust, and interact with one another through a single, protocol-agnostic directory. The paper details the architecture, registration/renewal lifecycle, threat model, and governance challenges, positioning ANS as foundational infrastructure for a scalable and secure multi-agent ecosystem. 𝗛𝗲𝗿𝗲 𝗶𝘀 𝘁𝗵𝗲 𝗽𝗮𝗶𝗻 𝗔𝗡𝗦 𝘀𝗼𝗹𝘃𝗲𝘀:  Fragmented AI agents, ad-hoc naming, and zero verification. Shadow agents, spoofed endpoints, and long integration cycles 𝗛𝗼𝘄? Through a universal, PKI-backed directory where every agent presents a verifiable identity, advertises its capabilities, and can be resolved in milliseconds. This reduces integration risk and boosting time-to-value for autonomous workflows. 𝗧𝗵𝗲 𝘁𝗲𝗮𝗺 𝗺𝗮𝗻𝗮𝗴𝗲𝗱 𝘁𝗼:  • Formalize a DNS-style naming schema tied to semantic versioning  • Allow embedded X.509 certificate issuance & renewal directly into the registry lifecycle  • Add protocol adapters (A2A, MCP, ACP) so heterogeneous agents register and resolve the same way PKI trust chain + semantic names + adapter layer = a secure, interoperable agent ecosystem. Ken Huang, CISSP, Vineeth Sai Narajala, Idan Habler, PhD, Akram Sheriff Alejandro Saucedo, Apostol Vassilev, Chris Hughes, Hyrum Anderson, Steve Wilson, Scott Clinton, Vasilios Mavroudis, Josh C., Egor Pushkin John Sotiropoulos, Ron F. Del Rosario

E-mail marketing is frequently old, cold, and over-sold. But can AI make e-mail far more effective in creating customer connection? Yes! Here’s a short excerpt from my new Forbes article on how: E-mail newsletters are a mainstay of customer relationship management, but that doesn’t mean that they’ve been ideal. However, change is on the horizon. As Lindsay Massey, VP of Marketing at Victoria’s Secret & Co., explained in an interview, “We wanted to move beyond a manual, one-size-fits-all content strategy and provide a 1:1 personalized experience at scale.” Victoria’s Secret used AI to do the job. In its case, the firm partnered with a company called Movable Ink to provide the technology. Movable Ink’s CEO, Vivek Sharma, explained the goal in an interview. “Think about what is the story I’m telling every single customer, so that it’s correlated with what imagery, with what creative. Think about the best time to deliver it so that they’re most likely to respond. What’s the right frequency of communication? What sales channel preference do they have? What tone should be used within the set brand voice, like whether there should be a sense of urgency or joy?” This is a radically different approach than what’s predominated over the past decades. But AI is making it possible. Sharma explained that the company combines four types of AI to do it. First there is a vision model that uses deep learning to understand potential imagery and copy to use. Then generative AI writes copy based on customer preferences and past behavior. Third, a separate insights model gains that understanding, based on how creative is performing such as through driving people to new categories or higher levels of spend. Finally, the fourth element is a prediction model that deploys classic machine learning to hone the offerings. That classic approach is more observable and explainable than a neural network, which is important when significant money and customer relationships are at stake. Massey claims the company has gone from “one version of an e-mail campaign on a given day to thousands, or even hundreds of thousands, of versions, with less setup time.” Another company trying this approach is L.L.Bean. Its Senior Manager of Digital CRM Programs, Devon Phelan, recounts, “This past Monday, we sent one campaign that had nearly 1.1 million unique content variations. That would have been inconceivable before.” E-mail marketing may not be the first thing that consumers think of when they picture AI, but it may become a facet of AI that touches them on a very routine basis. Both Victoria’s Secret and L.L.Bean say that there’s no going back. Excerpted from my new Forbes piece “How AI Is Revolutionizing E-Mail Marketing”

Reading the new Agentic AI Identity and Access Management report from the Cloud Security Alliance made me pause. It highlights something we often overlook. Thats the the fact that existing identity systems were never designed for autonomous agents. These agents do not just log in like humans or service accounts. They make decisions, interact across multiple systems, and act in ways that traditional IAM simply cannot handle. Key highlights from the report • Traditional protocols like OAuth, OIDC, and SAML fall short in multi-agent environments because they assume static identities and predictable workflows • AI agents require fine-grained, context-aware permissions that change in real time • Agent IDs based on Decentralized Identifiers and Verifiable Credentials allow provenance, accountability, and secure discovery • The proposed framework blends zero trust principles, decentralized identity, dynamic policy enforcement, authenticated delegation, and continuous monitoring • Concepts like ephemeral IDs, just-in-time credentials, and zero-knowledge proofs address the privacy and speed demands of autonomous systems Who should take note • Security leaders preparing for agent-driven enterprise systems • Engineers and architects designing secure frameworks for agent-to-agent communication • Product teams deploying agents into sensitive workflows • Governance leaders shaping accountability and compliance policies Why this matters Our identity models were built around human users and predictable software. Agentic AI changes that equation. Without new approaches, we risk security blind spots, accountability gaps, and over-privileged systems that cannot be traced or revoked in time. The path forward Enterprises need to start treating AI agents as first-class identities. That means verifiable credentials, continuous monitoring, and dynamic delegation as the baseline. This is not about adding more controls. It is about reshaping IAM so that trust, security, and accountability are preserved in the age of autonomous systems.

𝐀𝐠𝐞𝐧𝐭𝐢𝐜 𝐀𝐈 𝐢𝐬 𝐜𝐨𝐦𝐢𝐧𝐠 𝐟𝐚𝐬𝐭. 𝐓𝐡𝐞 𝐫𝐞𝐚𝐥 𝐫𝐢𝐬𝐤? 𝐈𝐭’𝐬 𝐢𝐧𝐬𝐞𝐜𝐮𝐫𝐞 𝐜𝐨𝐨𝐫𝐝𝐢𝐧𝐚𝐭𝐢𝐨𝐧. As LLMs evolve into autonomous agents capable of delegating tasks, invoking APIs, and collaborating with other agents, the architecture shifts. We’re no longer building models. We’re building distributed AI systems. And distributed systems demand trust boundaries, identity protocols, and secure coordination layers. A new paper offers one of the first serious treatments of Google’s A2A (Agent2Agent) protocol. It tackles the emerging problem of agent identity, task integrity, and inter-agent trust. Key takeaways: • Agent cards act as verifiable identity tokens for each agent • Task delegation must be traceable, with clear lineage and role boundaries • Authentication happens agent to agent, not just user to agent • The protocol works closely with the Model Context Protocol (MCP), enabling secure state sharing across execution chains The authors use the MAESTRO framework to run a threat model, and it’s clear we’re entering new territory: • Agents impersonating others in long chains of delegation • Sensitive context leaking between tasks and roles • Models exploiting ambiguities in open-ended requests Why this matters If you’re building agentic workflows for customer support, enterprise orchestration, or RPA-style automation, you’re going to hit this fast. The question won’t just be “Did the agent work?” It’ll be: • Who authorized it? • What was it allowed to see? • How was the output verified? • What context was shared, when, and with whom? The strategic lens • We need agent governance as a native part of the runtime, not a bolt-on audit log • Platform builders should treat A2A-like protocols as foundational, not optional • Enterprise buyers will soon ask vendors, “Do you support agent identity, delegation tracing, and zero trust agent networks?” This is where agent architecture meets enterprise-grade engineering. Ignore this layer and you’re not just exposing data. You’re creating systems where no one can confidently answer what happened, who triggered it, or why. We’ve moved beyond the sandbox. Time to build like it.

Securing AI Collaborations: How to Prevent Tool Squatting in Multi-Agent Systems ... 👉 What if your AI agents are unknowingly working for hackers? Imagine a team of specialized AI agents collaborating to solve complex tasks—only to discover one agent has been tricked into using a malicious tool that steals data. This is "tool squatting", a growing threat in generative AI ecosystems. 👉 WHY THIS MATTERS Modern AI systems rely on agents that dynamically discover and use tools (APIs, data sources, etc.) through protocols like Google’s Agent2Agent or Anthropic’s Model Context Protocol. But these open discovery mechanisms have a flaw: - Deceptive registrations: Attackers can impersonate legitimate tools or tamper with their descriptions. - Internal threats: A compromised admin could register malicious tools hidden in plain sight. - Real consequences: Data leaks, system takeovers, and corrupted workflows. Without safeguards, AI systems become vulnerable to silent exploitation—even by trusted insiders. 👉 WHAT THE SOLUTION LOOKS LIKE Researchers propose a "Zero Trust Registry Framework" to prevent tool squatting. Think of it as a verified "app store" for AI tools: 1. Admin-controlled registration: Only approved tools/agents enter the system. 2. Dynamic trust scores: Tools are rated based on version updates, known vulnerabilities, and maintenance history. 3. Just-in-time credentials: Temporary access tokens replace permanent keys, reducing attack surfaces. 👉 HOW IT WORKS IN PRACTICE The system uses three layers of defense: 1️⃣ Verification at the Door - Admins vet every tool and agent before registration. - No anonymous entries—each tool has a verified owner and clear purpose. 2️⃣ Continuous Risk Monitoring - Tools receive a live trust score (like a credit rating). - Agents automatically avoid tools with outdated dependencies or high-risk vulnerabilities. 3️⃣ Minimal Exposure Design - Credentials expire in seconds, so stolen tokens become useless quickly. - Access is limited to specific tasks—no broad permissions. 👉 WHY THIS CHANGES THE GAME Traditional security models focus on perimeter defense. This approach assumes "no tool or agent is trusted by default", even if registered. By combining strict governance with real-time risk assessment, teams can: - Prevent impersonation attacks - Stop internal bad actors from abusing access - Maintain audit trails for every tool interaction Final Thought: As AI systems grow more collaborative, securing the "connections" between agents will be as critical as securing the agents themselves. This framework offers a blueprint for safer human-AI teamwork. (Paper: "Securing GenAI Multi-Agent Systems Against Tool Squatting" by Narajala, Huang, Habler)

Six months after Anthropic’s Model Context Protocol (#MCP) gave AI agents a universal “USB‑C port” to plug into enterprise data, the agentic landscape has exploded. Google’s Agent‑to‑Agent (#A2A) protocol now lets heterogeneous agents discover each other’s skills and collaborate, while hyperscalers embed these standards directly in their clouds—slashing integration times from weeks to hours. Accenture’s new #TrustedAgentHuddle™, launched within our NVIDIA‑powered AI Refinery™, is the critical third layer: #governance. By combining MCP, A2A and a proprietary algorithm that continuously certifies agent behaviour, the Huddle allows agents from Adobe, AWS, Databricks, Google Cloud, Meta, Microsoft, Oracle, Salesforce, SAP, ServiceNow, Snowflake, Workday—plus your home‑grown bots—to operate as one secure, auditable workforce. Early trials with FedEx show how multi‑vendor agent teams can re‑plan supply chains in minutes, not hours, without sacrificing trust or compliance.   Why it matters: #PortfolioValue: Real ROI appears when dozens of specialised agents cooperate across business functions. #TrustAsKPI: Boards will soon ask for an agent team’s “trust score” alongside uptime. #NewSkills: “Agent‑ops” roles—people who design, orchestrate and monitor digital coworkers—are becoming mission‑critical. #MyTakeaway: #MCP lit the fuse. #A2A wired the circuitry. #Trusted Agent Huddle makes the whole constellation enterprise‑safe. If you’re already dabbling with agents, let’s compare notes. If you’re still on the sidelines, now’s the moment—because companies that master networked, trusted intelligence will set tomorrow’s pace. Always keen to swap stories (and war‑stories) on pushing AI from cool demo to real‑world impact. Lan Guan Tegbir Harika Vivek Luthra Martyn Toney Rick Pearce Manish Bishnoi Vijay R Menon Vijay Sharma Patrice den Hartog Akash Das-Managing Director Navin Garg Harsha Jawagal Mukesh Chaudhary Sankar Ghosh Derek Rodriguez Teresa Tung Atish Ray Chris Howard #AIRefinery #TrustedAgentHuddle #AgenticAI #EnterpriseAI #DigitalTransformation

I've spent 12 months building AI email marketing systems at Impact Theory. Here's how we reduced our marketing team head count by 75%, with 3x the results. What did we learn? We cut our marketing team from 4 people to 1. We increased output by 300% with better quality. We turned email marketing into a predictable system that can almost run without me. Most people get AI copywriting completely wrong. They ask for "good copy" and wonder why it sounds generic. They one-shot prompts without any context. They treat AI like a magic content machine instead of a junior writer who needs direction. Those who are getting insane results with AI copy take a different approach. I use what I call the "Voice Cloning System": Step 1: The Voice Training Upload 100+ hours of coaching call transcripts. This teaches AI your exact frameworks, language patterns, and how you explain complex ideas. Step 2: The Specialist GPTs Build separate GPTs for weekly newsletters, bite-sized value emails, and email sequences. Each one knows its specific job and audience. Step 3: The Framework Extraction Prompt: "Analyze these coaching transcripts. Extract my top 10 frameworks and how I typically explain them. Turn these into high-value frameworks." Step 4: The First Draft Generator Prompt: "Write a weekly newsletter about [topic] using my voice and the [framework from step 3]. Keep it conversational but authoritative." Step 5: The Human Polish Don’t skip this! AI gives you the 80% draft. You finesse the final 20% that makes it unmistakably yours and converts like crazy. The nuclear question: "What would make this email sound exactly like me teaching this concept on a coaching call?" This system saves us 20 hours a week and creates emails with a higher ROI than our old team ever achieved. In a world where everyone's emails sound like AI wrote them, the advantage goes to those who train AI to sound exactly like them. Most people use AI as a replacement writer. Be the one who uses it as a junior copywriter who knows your voice better than most humans. AI just changed what’s possible. See if your idea is ready to launch in minutes with my Zero to Launch GPT: https://buff.ly/lYxdOHG

🛒 The future of AI commerce depends on trust. If autonomous agents are going to shop, trade, pay invoices, or manage subscriptions on our behalf, they need clear guardrails that prove intent, respect limits, and coordinate with one another. The Agentic Payments MCP delivers exactly that. It creates a way for AI agents to authorize and process payments with the same safeguards we’d expect from a human approval chain. Picture a shopping assistant with a weekly grocery budget that can never overspend. Or a robo-advisor that executes trades only within pre-set risk boundaries. Or an enterprise swarm where finance, compliance, and audit agents must all agree before a high-value purchase goes through. These aren’t future dreams, they’re ready-to-use scenarios powered by mandates that spell out spending caps, time windows, and merchant rules. Each mandate can be instantly revoked, and every approval can be double-checked through multi-agent consensus to prevent fraud. At the core are three complementary protocols that make this work. MCP (Model Context Protocol) connects AI assistants like Claude, ChatGPT, and Cline directly to payment authorization through natural language. Google AP2 (Agent Payments Protocol) secures every mandate with Ed25519 cryptographic signatures. Openai/Stripe ACP (Agentic Commerce Protocol) ties into existing checkout systems with Stripe-compatible APIs, bridging AI-driven flows with the broader commerce ecosystem. The system is designed to be lightweight, easy to deploy, and flexible enough to fit into almost any workflow. You don’t need to know code to use it. AI assistants like Claude, ChatGPT, or Cline can handle mandates directly through natural language, letting you set budgets, approve carts, or verify consensus with a simple request. For teams that want more control, command-line tools and APIs are available, but they’re optional. The Agentic Payments MCP makes autonomous payments auditable, safe, and transparent. It turns intent into enforceable action, giving us a foundation for real trust in the agentic economy. Try it: # Run stdio transport (local - for Claude Desktop, Cline) npx -y agentic-payments mcp # Run HTTP transport (remote - for web integrations) npx -y agentic-payments mcp --transport http --port 3000 https://lnkd.in/gCfewX8e

Google and 60+ partners (Mastercard, PayPal, Amex, Coinbase, Ant, etc.) launched AP2: an open standard for AI agents to make payments with verifiable consent, audit trails and multi-rail interoperability. If HTTP was the foundation of the web, AP2 may become the trust layer of agentic commerce. Why it matters • Frictionless CX: agents handle re-orders, subs, refunds invisibly. • Efficiency: digital mandates streamline disputes & reconciliation. • Scale: global payments revenue to reach $3.1T by 2028 (McKinsey). Early use cases 1. Subscriptions & automated re-orders. 2. Corporate travel & T&E with policy limits. 3. Autonomous replenishment in e-commerce. 4. Agent-to-Agent (A2A) payments across cards, real-time rails & stablecoins. Tech enablers • Verifiable mandates (VCs) for consent. • A2A + MCP for orchestration. • Multi-rail support: cards, RTP (PIX/UPI/FedNow), stablecoins. • Built-in KYC/AML, fraud, tokenization. Markets with strongest potential • Brazil (PIX): R$22.1T settled in 2024, >250M tx/day peak. • India (UPI): 20B+ tx/month in 2025. • US/EU: AP2 + RTP expansion + stablecoin clarity could unlock growth. Market backdrop • Global e-commerce to $6.4T in 2025. • Payments revenue to $3.1T by 2028. • Agents poised to become the “invisible end-user” of commerce. Takeaway AP2 could make agentic checkout auditable & scalable. Early adopters of mandates, audit trails, and limits will capture new revenue, margin and loyalty. Sources: Google Cloud, VentureBeat, Axios, PayPal Dev, Coinbase Dev, Fintech Magazine, McKinsey, NPCI, BCB. #Getnet #AgenticCommerce #AP2 #Payments #RTP #PIX #UPI #Stablecoins #AI