By NHI Mgmt Group Editorial TeamPublished 2026-06-03Domain: AI SecuritySource: Chainalysis

TL;DR: Agentic payments on Base crossed 100 million transactions in roughly three quarters, with $1+ transfers rising from 49% to 95% of volume and tester-to-payer conversion improving 4x, according to Chainalysis. The governance challenge is no longer whether autonomous systems will need payment rails, but how identity, authorization, and compliance controls adapt when machines transact at speed.


At a glance

What this is: Chainalysis reports that agentic payments on Base have moved from near-zero activity to over 100 million transactions, with larger-value transfers and repeat usage becoming more common.

Why it matters: This matters because machine-to-machine payment flows create new identity, authorization, and audit requirements for AI agents, workloads, and the humans accountable for them.

By the numbers:

👉 Read Chainalysis' analysis of agentic payments on Base and x402 adoption


Context

Agentic payments are a governance problem before they are a payments story. When software agents can initiate value transfer directly, existing IAM and approval models built around human-initiated requests become too slow and too brittle to support operational use.

The identity question is not just who logs in, but what system is authorized to spend, under what conditions, and with what evidence for audit and non-repudiation. That puts machine identity, policy scope, and transaction oversight into the same control conversation.


Key questions

Q: How should security teams govern AI agents that can spend money autonomously?

A: Treat spend authority as a controlled entitlement, not a convenience feature. Define who owns the agent, what it may purchase, the maximum value per transaction, and the conditions that trigger human review. Pair that with short-lived policy scopes, immutable logs, and a clear rollback path when the agent exceeds its mandate.

Q: Why do machine-to-machine payment flows create new IAM challenges?

A: Because the control problem shifts from authenticating a person to governing a machine that can initiate value transfer, resume access, and act repeatedly at speed. That requires ownership mapping, policy boundaries, and audit evidence that traditional user-centric access reviews do not capture well.

Q: What do organisations get wrong about agentic payment approval?

A: They often assume one approval is enough for an ongoing machine workflow. In practice, the risk is cumulative. The agent may keep spending after the original context has changed, so approvals need expiry conditions, transaction limits, and automatic revocation when the task is complete or the model session changes.

Q: Who is accountable when an autonomous agent makes an unauthorised payment?

A: Accountability should sit with the service owner and the business approver who granted the spend authority, supported by security and compliance controls that recorded the policy decision. If no one can show the approved purpose, scope, and transaction history, the governance model is incomplete.


Technical breakdown

How x402 changes machine-to-machine payment authorization

x402 uses an HTTP 402 response to shift payment into the request-response flow. A machine requests a resource, receives a payment specification, executes a stablecoin transfer, then retries the request with proof of payment. That model removes the human approval pause that slows agent workflows, but it also changes where trust lives. The control point moves from user checkout to protocol-level authorization, which means the agent, wallet, and receiving service all become part of the security boundary. If those identities are weakly governed, the payment flow can be abused, replayed, or misdirected.

Practical implication: treat payment-capable agents as governed identities, not just application clients.

Why transaction velocity creates identity governance pressure

The article shows that agentic payment flows can scale quickly from experimentation into repeated operational use. High transaction counts, repeated wallet activity, and rising transfer values mean the system is no longer a novelty channel. For identity teams, that matters because authorization decisions, wallet ownership, and transaction approval logic must stay aligned as behavior changes. Traditional access reviews are poorly suited to rapidly changing machine activity because they assume static entitlements and slower review cycles. In practice, agentic payment governance needs policy that is contextual, time-bound, and machine-readable.

Practical implication: align machine payment permissions to explicit policy conditions and short-lived scopes.

What auditability looks like in autonomous payment rails

Autonomous payment systems generate useful evidence only if the organisation can tie the wallet, agent, request, and business purpose together. On-chain visibility alone does not explain why a transfer happened or whether the action was approved under policy. That makes transaction logging, attribution, and exception handling part of the identity control plane. For compliance and investigation, teams need a reliable mapping from machine activity back to the service owner, risk owner, and approved use case. Without that mapping, the trail is technically visible but operationally incomplete.

Practical implication: build audit trails that connect each agent transaction to an accountable service owner.


NHI Mgmt Group analysis

Agentic payments create a new identity class that IAM has to recognise. A machine that can request, pay for, and resume access is not just an application client. It is a governed actor with its own entitlement scope, audit trail, and failure modes. That shifts control design away from static credentials and toward lifecycle-managed machine identities with explicit payment authority. Practitioners should treat payment-enabled agents as a distinct policy domain, not an edge case.

Transaction scale is not the same as governance maturity. A protocol can clear hundreds of millions of transactions long before most enterprises are ready to let agents spend money autonomously. The article’s volume growth shows technical viability, but it does not solve accountability, approvals, or fraud containment. Organisations should not read throughput as evidence that operating controls have caught up.

Velocity, not just value, is the key risk variable in agentic commerce. The article shows that agentic systems can move from testing to repeated use quickly, which compresses the window for approval, monitoring, and rollback. That creates a governance gap between human-paced financial controls and machine-paced execution. Practitioners should design for decision speed, not only transaction size.

Identity governance for agentic payments will converge with compliance evidence. Once machines can transact directly, auditors will ask who authorized the wallet, what policy permitted the spend, and how exceptions were handled. This is where IAM, PAM, and financial controls intersect. Teams that cannot produce that chain of evidence will struggle to defend autonomous payment use cases.

What this signals

Agentic payment rails will force security programmes to merge IAM, finance controls, and compliance evidence into one operating model. The immediate priority is not broader adoption, but tighter attribution for every machine action that can move value, because auditability becomes part of the control surface.

Machine spend governance: the practical boundary is not whether an agent can pay, but whether the organisation can prove why it paid, who allowed it, and when that permission expires. Teams that cannot answer those three questions will struggle to defend autonomous commerce.

For identity programmes, this is the same pattern seen in other non-human identity expansions: faster machine behaviour compresses approval windows and exposes static entitlement assumptions. The control gap is less about the payment protocol itself and more about whether the organisation can continuously bind machine action to accountable ownership.


For practitioners

  • Define agent payment authority as a distinct entitlement class Create a separate approval model for machine spend that records which agents can pay, what they can pay for, and the transaction ceilings that apply. Tie that authority to an accountable owner and a review cadence.
  • Bind wallet activity to service ownership and business purpose Require each payment-capable wallet to map back to a named workload, owner, and use case so investigators can reconstruct why a transfer occurred and whether it was within policy.
  • Use short-lived policy scopes for machine spending Limit autonomous payment permissions to time-bound, context-bound tasks instead of persistent wallet authority, and revoke access automatically when the task or model session ends.
  • Log the full payment decision chain Capture the request, policy evaluation, wallet action, receipt, and downstream resource access in one audit trail so finance, IAM, and security teams can reconstruct the event without manual correlation.

Key takeaways

  • Agentic payments move autonomous systems into direct financial action, which turns identity governance into an operational requirement rather than a policy discussion.
  • Chainalysis shows rapid scale, rising transaction value, and stronger retention, which means machine payment use is becoming durable enough to matter to enterprise control design.
  • The core response is to bind every payment-capable agent to ownership, policy scope, and audit evidence before allowing persistent transaction authority.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-03Agent spend authority creates the same lifecycle and credential risks covered by NHI-03.
NIST AI RMFGOVERNAutonomous payment decisions need ownership, accountability, and policy governance.
NIST CSF 2.0PR.AC-4Agentic payment access depends on controlled entitlements and least privilege.
NIST SP 800-53 Rev 5AC-6Least privilege is central when machines can initiate value transfer.
NIST Zero Trust (SP 800-207)Zero trust principles fit machine identities that need continuous verification before action.

Treat payment-capable wallets as governed NHIs and apply lifecycle controls to their authority and revocation.


Key terms

  • Agentic Payment: A payment flow where software can request, authorize, and complete a transaction without a human completing each step. In governance terms, the important question is not just payment speed, but how the organisation binds the transaction to an accountable identity, policy scope, and audit trail.
  • Machine Identity: A non-human identity used by software, workloads, or agents to authenticate and act within a system. For autonomous payment use cases, machine identity must carry explicit authority limits, ownership, and lifecycle controls so the organisation can prove what the system was allowed to do.
  • Transaction Authority: The approved scope within which an agent or workload may move value, access paid resources, or trigger billing events. Good governance makes this authority narrow, time-bound, and revocable, because persistent spend rights create avoidable exposure when behaviour changes.

What's in the full report

Chainalysis' full blog covers the operational detail this post intentionally leaves for the source:

  • Quarter-by-quarter transaction breakdowns showing how Base activity moved from experimentation to sustained usage
  • Wallet-age, balance, and token-diversity comparisons that help teams understand the user profile behind agentic payment adoption
  • Tester-to-payer conversion and weekly retention data that show whether usage is becoming durable
  • Protocol-level examples of how x402 handles payment authorization within the request flow

👉 Chainalysis' full blog adds the quarter-by-quarter volume data and wallet behaviour trends behind the adoption curve.

Deepen your knowledge

The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, and secrets management. It helps identity and security practitioners build the control foundations needed for agentic systems, workload access, and governed machine action.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-06-03.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org