TL;DR: AI companies are changing pricing models up to five times in their first two years, and the Stripe-Metronome acquisition reflects pressure to support usage-based billing, fine-grained metering, and agent-driven purchasing, according to WorkOS. Per-seat pricing weakens when autonomous agents do the work and the buying, so billing becomes an identity and authorisation problem as much as a finance problem.
At a glance
What this is: This is WorkOS’s analysis of how AI-native pricing, billing infrastructure, and machine buyers are changing the product-market fit conversation.
Why it matters: It matters because IAM, NHI, and platform teams now have to govern not just users and workloads, but agent identities that initiate consumption and payment flows.
👉 Read WorkOS's analysis of AI pricing, agents as buyers, and machine payments
Context
AI-native pricing is moving faster than the billing and identity models many enterprises still rely on. When a product changes its charging logic repeatedly in the first two years, the real issue is not just finance. It is whether the organisation can identify the actor, meter the action, and authorise the transaction in a way that still makes sense when software behaves like a buyer.
That shift matters for identity governance because the purchasing entity is no longer always a person. If an agent can discover a service, decide to use it, and complete a transaction without a human in the loop, then entitlement, consent, and accountability all need to be modelled for a non-human actor. The governance question becomes whether the billing stack can safely distinguish human intent from agent execution.
Key questions
Q: How should security teams govern AI agents that can initiate purchases?
A: Security teams should treat agent purchasing as a governed non-human identity use case. That means binding each transaction to a named agent, enforcing scoped spend limits, logging the approval context, and reviewing the resulting entitlements alongside other machine identities. If the organisation cannot trace the buyer, it cannot govern the payment.
Q: Why do per-seat models fail when AI agents do the work?
A: Per-seat models fail because a seat assumes a stable human user, while an AI agent may complete work continuously, on demand, and at machine speed. The real value is often a task completed, a ticket resolved, or a transaction executed. Pricing and access controls need to follow that unit of value instead of the headcount model.
Q: What breaks when machine buyers are not tied to identity governance?
A: When machine buyers are not tied to identity governance, teams lose traceability, approval boundaries, and accountability. The same issue appears in billing, access reviews, and incident response because no one can reliably explain who initiated the spend, whether it was authorised, or which policy applied. That is a governance failure, not just a finance one.
Q: How do organisations decide whether to use usage-based pricing for AI products?
A: Organisations should use usage-based pricing when the product creates measurable consumption tied to outcomes rather than static access. If the agent’s contribution can be attributed and metered at the action level, usage-based pricing is usually more faithful than seats. If attribution is weak, the model becomes harder to audit and defend.
Technical breakdown
Usage-based billing and identity-bound metering
Usage-based billing ties charges to observable actions rather than seat counts. In AI products, that usually means metering on tasks completed, API calls, resolutions, or other outcome-linked events. The identity problem sits underneath the meter. If multiple actors can trigger the same usage event, billing must still know which identity initiated it, which context authorised it, and whether the action was within policy. Without that linkage, finance data and access data diverge, and chargeback becomes hard to trust.
Practical implication: align metering events with the identity that triggered them, not just the service that processed them.
Why per-seat pricing breaks for AI agents
Per-seat pricing assumes a human user is the unit of value and that the number of active users is reasonably stable. AI agents break both assumptions. They can perform work continuously, scale unevenly, and replace human labour in narrow workflows without mapping cleanly to a named seat. Once an agent resolves tickets, writes code, or completes transactions end-to-end, a seat no longer describes the value being consumed. The business model has to move closer to outcome-based or usage-based logic.
Practical implication: review every per-seat AI feature and decide whether it is actually a task, transaction, or consumption model.
Machine Payment Protocol and non-human buyers
Machine Payment Protocol is an attempt to standardise purchases made by AI agents. The important technical shift is not payment itself, but the expectation that an agent can identify a need, select a service, and complete a purchase without human approval at the moment of execution. That creates a new identity boundary: the system must recognise the agent, validate the spending scope, and preserve accountability after the transaction. In practice, payment rails become part of identity governance.
Practical implication: treat machine-buying capability as an identity and policy design problem, not just a checkout feature.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
AI pricing is becoming an identity governance problem, not just a billing problem. Once software can decide what to buy and when to buy it, the organisation is no longer pricing a user journey. It is governing a non-human actor with execution authority and spending authority. That changes who needs approval, what gets logged, and how accountability is assigned when the buyer is an agent rather than a person. Practitioners should treat agent purchasing as a governed identity behaviour, not a fintech add-on.
Per-seat pricing is collapsing because the unit of identity no longer matches the unit of value. A seat assumes a stable human user who consumes access over time. AI agents can compress work into short bursts, act continuously, and substitute for multiple human tasks without ever becoming a durable seat. Billing models that still depend on seat semantics will misread both risk and value. The implication is that entitlement design and monetisation design now need to evolve together.
Machine Payment Protocol expands the attack surface by formalising autonomous purchasing paths. Any protocol that allows agents to discover and buy services needs controls for spending scope, identity binding, and post-transaction traceability. Without those, the organisation gets machine convenience but loses governance clarity. Practitioners should expect payment protocols for agents to be evaluated like access protocols, because they create the same accountability problem in a different layer.
Autonomous intent is the named concept that billing teams are now confronting. The model is simple: pricing can no longer assume that the actor requesting a service is also the actor approving the spend. When autonomous intent and attributed execution align, organisations can price by outcome. When they do not, the billing stack becomes a proxy for identity risk. That is why finance and IAM teams need a shared control plane for non-human buyers.
Standardised agent payments will accelerate vendor attention on non-human identity governance. Once agents can transact, more downstream services will need to recognise and authorise machine customers. That pushes identity decisions further into product design and makes access policy part of commercial infrastructure. Practitioners should prepare for more agent-facing systems that require identity proofing, scoped consent, and transaction logging by default.
From our research:
- AI companies are iterating on pricing five times in the first two years, according to Ultimate Guide to NHIs , 2025 Outlook and Predictions.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
- That governance gap is widening as Analysis of Claude Code Security shows how agent-facing workflows increasingly blur identity, policy, and execution boundaries.
What this signals
Autonomous buyers will force billing, access, and audit teams to share a common control language. Once an agent can make purchases without a human in the loop, finance controls start depending on identity controls, and identity teams inherit commercial risk. The practical signal is that agent transactions need explicit spend policies, approval evidence, and durable attribution before they become routine. NIST AI Risk Management Framework is a useful reference point for governance ownership.
Autonomous intent: this is the control problem that pricing teams are now inheriting. The organisation must know not only what the agent consumed, but why the actor was allowed to consume it and who remains accountable after the fact. That makes machine-buying readiness a programme issue, not a feature request.
As AI-native products mature, the organisations that survive will be the ones that connect pricing policy to non-human identity lifecycle management. Agent onboarding, spend scope changes, and offboarding need the same discipline that human IAM and NHI governance already demand, just with faster execution and lower tolerance for ambiguity.
For practitioners
- Map agent-triggered transactions to identity events Log which non-human identity initiated each purchase, what scope it had, and whether the transaction was policy-approved before execution. Billing records should be traceable back to the actor, not just the service endpoint.
- Retire seat-based assumptions for agent workloads Review AI features that are still priced as if a human occupies a seat. Reclassify them by task, resolution, transaction, or consumption pattern where the agent is the actual unit of value.
- Treat payment permissions as spend entitlements Define explicit limits for machine buyers, including service scope, value ceilings, and approval paths for transactions outside normal patterns. Make those entitlements reviewable in the same cycle as other non-human privileges.
- Build traceability into agent checkout flows Preserve a durable audit trail from discovery through purchase so teams can reconstruct why an agent acted and whether the action stayed inside policy. That evidence matters for both finance controls and identity governance.
Key takeaways
- AI-native pricing now depends on whether the organisation can govern non-human buyers, not just human accounts.
- Per-seat billing weakens when agents perform work autonomously, because the unit of value shifts from headcount to outcome.
- Machine payment flows need identity binding, scope limits, and traceable approval evidence before they can be treated as safe operating infrastructure.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent buyers and machine payment flows create autonomous execution risk. | |
| OWASP Non-Human Identity Top 10 | NHI-03 | Machine buyers need explicit identity binding and lifecycle governance. |
| NIST AI RMF | Agent purchasing requires governance for autonomy, accountability, and traceability. |
Use AI RMF GOVERN and MAP functions to assign ownership and trace decisions for autonomous buyers.
Key terms
- Machine buyer: A machine buyer is a non-human identity that can discover, evaluate, and complete purchases without a human making each transaction decision. In identity governance terms, the buyer needs the same controls as other privileged actors: scoped authority, logging, approval boundaries, and clear accountability for spend.
- Usage-based pricing: Usage-based pricing charges for consumption or outcomes instead of charging a fixed seat fee. In AI systems, that often means pricing by task, transaction, resolution, or API use. The governance challenge is proving which identity triggered the usage and whether the action was within policy.
- Attributable execution: Attributable execution means an organisation can confidently link a machine action back to the specific identity, context, and policy state that caused it. This matters when agents act quickly or autonomously, because billing, audit, and security teams all need the same evidence trail.
- Spending scope: Spending scope is the defined limit on what a non-human identity is allowed to buy, how much it can spend, and under what conditions. It is the commercial equivalent of least privilege for agents, and it only works when policy is explicit, reviewable, and enforced before the transaction completes.
Deepen your knowledge
AI agent purchasing and non-human buyer governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your teams are beginning to model spend rights for autonomous actors, it is worth exploring.
This post draws on content published by WorkOS: Pricing as product-market fit, Cosmo Wolfe on billing after the Stripe-Metronome acquisition. Read the original.
Published by the NHIMG editorial team on 2026-04-15.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
