When OpenAI announced Instant Checkout in ChatGPT, I thought it was just another feature. Then I looked deeper and realized what actually happened: we just got a new protocol.
Not a product. Not a platform feature. A protocol.
OpenAI and Stripe built the Agentic Commerce Protocol (ACP) and released it as open source under Apache 2.0. It’s a standard way for AI agents to discover products, negotiate checkout, and complete purchases with any business that implements the spec.
This means ChatGPT can buy things. Siri could buy things. Gemini could buy things. Any LLM that implements this protocol can now transact on behalf of users.
We need to talk about what that actually means.
Why This Is a Protocol Moment#
We’ve had protocol moments before. HTTP made information universally accessible. OAuth made authentication portable. SMTP made email interoperable. Each time, the protocol was the infrastructure that enabled an entire ecosystem to form.
ACP is the protocol for AI commerce. It defines how agents and businesses talk to each other about products, prices, payments, and fulfillment. It’s the missing vocabulary that was keeping AI stuck at recommendation without transaction.
The technical design is straightforward: merchants expose ACP endpoints (REST or MCP), agents call those endpoints with structured requests, and the protocol handles the entire flow from product discovery through payment to fulfillment. The spec is public, the reference implementation is live in ChatGPT, and any AI platform can adopt it.
But here’s what makes this different from previous protocol moments: we’re not just enabling information exchange or authentication. We’re enabling autonomous spending.
What This Enables: The Good#
Let’s start with the obvious benefits, because they’re real:
Frictionless commerce actually becomes frictionless. No more context switching between conversation and checkout. No more finding your credit card. No more filling out forms. You tell your AI what you need, it finds it, you confirm, it’s done. For accessibility, this is transformative. For convenience, it’s a quantum leap.
High-intent moments convert immediately. When you’re talking to an AI about a problem and it suggests a solution you can buy, the path from “I need this” to “I have this” collapses to seconds. That’s powerful for users and merchants.
Discovery gets smarter. Instead of keyword search and filter hell, you describe what you actually want. The AI understands context, preferences, constraints. You don’t search for “running shoes men size 10 blue under $100 with arch support.” You say “I need running shoes for my flat feet, budget is $100” and the AI does the translation.
Small merchants get found. If you implement ACP, you’re discoverable by every AI that speaks the protocol. You don’t need to be on page one of Google or pay for ads. You just need to be relevant to what the buyer actually needs.
This is genuinely valuable infrastructure. But we need to talk about the other side.
What Could Go Wrong: The Risks#
Here’s where it gets uncomfortable. When you give LLMs the ability to transact, you’re not just enabling convenience. You’re enabling persuasion at scale.
The deliberation tax disappears. Right now, buying something takes effort. You have to navigate to a site, add items to cart, enter payment info, review your order. That friction is annoying, but it’s also a built-in pause. It gives you time to think “do I actually need this?” When that friction vanishes, so does the pause.
Recommendation becomes indistinguishable from advertising. Today, when ChatGPT suggests something, you assume it’s optimizing for your needs. But what happens when merchants can pay to influence those recommendations? The protocol doesn’t prevent this. It’s a business model question, not a technical one. And the pressure to monetize will be enormous.
Dark patterns scale effortlessly. We’ve spent years fighting misleading “low stock” warnings and fake urgency in web interfaces. Now imagine those patterns embedded in natural conversation. “I found a great option for you, but there’s only one left at this price and three other people are looking at it right now.” Is that true? How would you know?
Impulse purchases become conversational. The best salespeople don’t feel like they’re selling. They feel like they’re helping. LLMs are incredibly good at sounding helpful. When your AI assistant casually mentions “by the way, that book you were talking about yesterday is on sale, want me to grab it?” the psychological barriers to impulse buying collapse.
The merchant of record matters more than you think. ACP keeps merchants as the merchant of record, which sounds good. But it also means liability, returns, disputes, and customer service stay with merchants who may have never directly interacted with the customer. When something goes wrong, who do you blame? The AI that recommended it? The merchant who fulfilled it? The platform that enabled it?
We’re optimizing for conversion, not satisfaction. The entire protocol is designed to reduce friction in the purchase flow. That’s great for merchants and platforms. But what about buyer welfare? Lower friction means more purchases means more returns means more waste means more regret. We’re building infrastructure for speed, not for good decisions.
I’m not saying ACP is inherently bad. I’m saying we need to think hard about the incentives this protocol enables before every LLM adopts it.
How the Protocol Actually Works#
Let’s talk about the technical design, because it reveals what the creators were trying to solve (and what they weren’t).
The core handshake: Merchants expose ACP endpoints (REST or MCP). AI agents call those endpoints with structured requests. The protocol handles product discovery, checkout initiation, payment delegation, and order fulfillment. Everything is defined in the open spec.
- The agent shares a narrowly scoped, single-use payment payload with the merchant’s PSP
- The PSP validates and returns a token constrained by amount and expiration
- Settlement, chargebacks, and payment operations stay with the merchant and PSP
Stripe’s Shared Payment Token is the first implementation. It passes payment credentials and risk signals without exposing raw card data. The token is time-bounded to the transaction.
Security is baked into the foundation. Payment credentials are never shared raw with AI agents. Token scope and allowances keep exposure minimal. This is smart design.
Merchant control: The protocol preserves merchants as the merchant of record. They keep customer relationships, control what products are available, decide how they’re presented, and can accept or decline transactions on a per-agent or per-order basis. They also handle fulfillment, returns, and support.
Open source and extensible: ACP is Apache 2.0 licensed and maintained publicly on GitHub. It supports REST and MCP, works with existing commerce backends, and handles physical goods, digital goods, subscriptions, and asynchronous purchases.
The technical design is solid. The concerns I have aren’t about the protocol itself. They’re about what happens when it gets widely adopted.
ChatGPT Is Live, Others Will Follow#
ACP isn’t theoretical. It’s already powering Instant Checkout in ChatGPT. Live with Etsy merchants now, Shopify coming soon, U.S. only for the moment with expansion planned.
OpenAI says discovery is “organic and relevance-ranked” with no boost for enabling Instant Checkout. That’s the right answer. Whether it stays that way when revenue pressure increases is a different question.
Merchants provide a Product Feed to make their catalog searchable in ChatGPT. Even without Instant Checkout, you get direct links to your site. With Instant Checkout enabled, the purchase happens in the conversation.
But here’s what matters: ChatGPT is just the reference implementation. The protocol is open. Siri, Gemini, Alexa, every AI assistant can adopt this. Apple has been working on making Siri more capable. Google wants Gemini in every product. Amazon already has your payment info and shipping address.
When they all speak ACP, every conversation with an AI becomes a potential transaction. That’s the world we’re heading into.
What Questions We Should Be Asking#
The protocol is here. The reference implementation is live. More platforms will adopt it. Instead of debating whether this will happen, we should be asking how it happens responsibly.
How do we keep recommendation separate from advertising? OpenAI claims ChatGPT’s product suggestions are relevance-based, not paid placement. That’s good. But the economic pressure to monetize discovery is real. We need transparency about what influences ranking. Not just “we use relevance” but “here’s how we define and audit relevance.”
What’s the disclosure model? When an AI suggests a product, is it getting a commission? Is the merchant paying to be suggested? Is there a business relationship between the platform and the merchant? Users deserve to know. The protocol doesn’t require disclosure, but platforms should.
How do we audit persuasion tactics? Traditional web interfaces are visible. You can screenshot dark patterns. You can share them. You can shame companies into fixing them. But conversational AI is ephemeral. When an AI uses urgency tactics or social proof or scarcity claims, how do we verify them? How do we hold platforms accountable?
What’s the refund and dispute process? When you buy through an AI agent and something goes wrong, who’s responsible? The merchant fulfilled the order, but the AI made the recommendation. If the AI misrepresented the product, is that the merchant’s fault? The protocol keeps merchants as the merchant of record, but the liability questions are messy.
How do we handle vulnerable users? Elderly users, kids, people with impulse control issues, people in financial distress. LLMs are persuasive. Conversational commerce removes friction. The combination is powerful and potentially harmful. What guardrails should platforms implement? What responsibility do they have?
What about competition? If Apple integrates ACP into Siri, Amazon into Alexa, Google into Gemini, we get a handful of gatekeepers deciding which merchants get suggested. That’s not better than Google search monopoly. It’s worse, because the suggestions feel personal and trustworthy instead of commercial.
These aren’t hypothetical concerns. They’re questions we need answers to before this becomes infrastructure.
What to Build If You’re a Merchant#
Despite my concerns, I think merchants should pay attention to ACP. Not because it’s perfect, but because it’s happening.
Start with a product feed. Get your catalog into ChatGPT’s shopping search even if you’re not ready for Instant Checkout. If your products don’t show up when buyers ask for them, you’re invisible. The feed spec is straightforward, and you keep control over what products are discoverable.
Implement ACP endpoints incrementally. You don’t need to expose your entire catalog. Start with your best-selling, lowest-support-burden products. Learn how AI agents discover and purchase them. Expand as you understand the patterns.
Pick your payment path carefully. If you’re on Stripe, the Shared Payment Token is ready. If you’re not, talk to your PSP about their ACP roadmap. Don’t rush to support every possible payment method. Start with what’s proven.
Build internal controls for per-agent approvals. The protocol lets you accept or decline transactions based on which agent is making the request. Use that. If you see concerning patterns from a particular platform, you can stop transactions before they become problems.
Monitor return rates and customer satisfaction. AI-driven purchases might have different return patterns than traditional web purchases. Track that. If certain products have high return rates when purchased through AI, that’s a signal.
What This Actually Changes#
Here’s the uncomfortable truth: ACP makes AI commerce infrastructure. Just like HTTP made information accessible and OAuth made authentication portable, ACP makes transactions automatic.
When a capability becomes infrastructure, it becomes invisible. People stop questioning it. It just works. That’s the danger and the opportunity.
The danger is that we normalize AI-driven purchasing before we’ve figured out the ethics, the disclosure requirements, the consumer protections, and the competitive dynamics. We build the infrastructure first and deal with the consequences later.
The opportunity is that we have a moment, right now, while this is still new, to ask hard questions and demand better answers. To push for transparency, disclosure, and user control. To build the norms before the infrastructure becomes locked in.
The protocol moment is when we set the rules, not just the interfaces. What we accept now becomes the baseline for everything that follows.
What I’m Watching For#
I’ll be paying attention to a few things:
How OpenAI handles monetization. They say rankings are organic. When they introduce revenue-sharing with merchants (and they will), does that change? How transparent are they about it?
How other platforms adopt ACP. Does Apple prioritize Apple Pay merchants? Does Google prioritize Shopping advertisers? Does Amazon prioritize FBA sellers? The protocol is neutral, but implementations won’t be.
What PSPs beyond Stripe implement the spec. If we end up with a Stripe monopoly on ACP payments, that’s not neutral infrastructure. We need multiple PSPs implementing the Delegated Payment Spec.
What regulatory attention this gets. Consumer protection agencies should be looking at this. If they’re not, someone needs to make them aware.
What merchant discovery looks like. The protocol doesn’t define how AI agents find ACP-enabled merchants. Whoever builds that discovery layer has enormous power.
The Protocol Is Here#
We just gave LLMs the ability to buy things. The Agentic Commerce Protocol is solid technical infrastructure. The payment security is well designed. The merchant controls are thoughtful.
But infrastructure isn’t neutral. The capabilities it enables depend on how it’s used, who controls access, and what incentives it creates.
ChatGPT can buy things now. Siri, Gemini, and Alexa could be next. Every conversation becomes a potential transaction. That’s powerful and concerning in equal measure.
The question isn’t whether this will happen. It’s already happening. The question is whether we’ll demand transparency, accountability, and user protection as it scales, or whether we’ll realize what we’ve built after it’s too late to change it.
Learn more: