What is Visa's Trusted Agent Protocol (TAP)?

Trusted Agent Protocol (TAP) is an open authentication framework from Visa, built with Cloudflare, that lets merchants verify whether an inbound request is from a legitimate AI agent (like ChatGPT Operator, Claude, or Perplexity) or a hostile bot. TAP uses Web Bot Auth — cryptographic signatures — so the agent identifies itself before any payment flow runs. It is the 'admission' layer for agent commerce, not a payment rail.

How is TAP different from Mastercard Agent Pay?

TAP authenticates the agent ('who are you?'). Mastercard Agent Pay authorizes the card ('can you spend on this card with these limits?'). They operate at different layers and are designed to coexist — a typical agent transaction in 2026 uses TAP at the edge plus Mastercard Agent Pay or a Visa-rail equivalent for settlement, plus Google AP2 for the user mandate.

Do merchants have to integrate TAP themselves?

Not necessarily. Because TAP was co-developed with Cloudflare, merchants behind Cloudflare's edge can get TAP enforcement at the proxy layer with little to no code changes — Cloudflare verifies the agent signature before traffic reaches the origin. Merchants not on Cloudflare can integrate TAP directly via Visa's libraries and edge partners.

Which agents are TAP-signed in May 2026?

By mid-May 2026, the major TAP-signing agents include OpenAI's ChatGPT Operator and the new ChatGPT shopping agents, Anthropic's Claude for Work / agent SDK clients, Perplexity's commerce agent, Google's Gemini commerce flows, and several enterprise vendors via Cloudflare's bot directory. The list is updated regularly in the Cloudflare and Visa public registries.

Quick Answer

What is Visa Trusted Agent Protocol (TAP)? (May 2026)

Published: May 17, 2026

What is Visa Trusted Agent Protocol (TAP)? (May 2026)

Visa’s Trusted Agent Protocol (TAP) is the authentication layer for AI agent commerce — it lets merchants verify a real agent before letting it shop, pay, or check out. Built with Cloudflare, it shipped at scale in early 2026 and is now the de facto bouncer for agent traffic.

Last verified: May 17, 2026

The one-paragraph answer

Trusted Agent Protocol (TAP) is an open framework from Visa, co-developed with Cloudflare, that uses Web Bot Auth to cryptographically prove the identity of an AI agent making a request to a merchant. Instead of every merchant guessing whether an incoming HTTP request is from ChatGPT Operator, Claude, Perplexity, a hostile scraper, or a fraudster, TAP signs the request with a verifiable agent identity. Merchants then admit, throttle, or reject the agent based on a public registry of trusted agents. TAP does not move money — it is the trust gate that runs before any payment protocol.

What problem TAP solves

By late 2025, AI agents were doing serious volumes of e-commerce browsing, but merchants had no reliable way to tell legitimate agents apart from scrapers and fraudsters. The result was either:

Block all bots → block real AI shoppers and lose revenue.
Allow all bots → get hammered by scrapers and fraud.

TAP fixes that by giving every real agent a verifiable identity and giving merchants a single trust list to consult.

How TAP works (in May 2026)

The flow is roughly:

AI agent vendor (OpenAI, Anthropic, Google, Perplexity, etc.) registers a public key and an agent identity (e.g. openai/chatgpt-operator) with the Visa/Cloudflare TAP registry.
When the agent makes a request to a merchant, it signs the HTTP request with its private key (Web Bot Auth).
The merchant (or its CDN — usually Cloudflare) verifies the signature against the public registry.
The merchant then decides what to do:
- Admit and personalize the experience.
- Apply agent-specific rate limits.
- Reject if the agent isn’t on the merchant’s allowlist.
- Hand off to a payment protocol (Mastercard Agent Pay, Visa Agent Token, Google AP2, etc.).

TAP itself never sees the payment — it stops at admission.

Where TAP fits in the agent commerce stack

┌─────────────────────────────────────────────────────────┐
│  User                                                   │
│   ↓ signs mandate                                       │
│  AP2 (Google) — proves user authorized this agent       │
│   ↓                                                     │
│  ACP (OpenAI) — runs merchant checkout flow             │
│   ↓                                                     │
│  TAP (Visa + Cloudflare) — verifies agent identity ◀── you are here
│   ↓                                                     │
│  Mastercard Agent Pay / Visa Agent Token — settles      │
│   ↓                                                     │
│  Card rails                                             │
└─────────────────────────────────────────────────────────┘

TAP is the admission layer. The mandate (AP2), checkout (ACP), and settlement (Agent Pay / x402 / etc.) are all separate.

Who’s using TAP in May 2026

Agents currently signing with TAP

OpenAI ChatGPT Operator and the new self-serve ChatGPT shopping agents.
Anthropic Claude (via the Claude Agent SDK and Claude for Work).
Perplexity Comet commerce agent.
Google Gemini commerce flows.
A growing list of enterprise agents (Salesforce, ServiceNow, Workday) registered through Cloudflare’s bot management directory.

Merchants enforcing TAP

Anyone behind Cloudflare’s edge can enable TAP enforcement in a single toggle — Cloudflare hosts roughly 20% of the web, so this is a lot of merchants.
Direct enterprise integrations announced with major travel, ticketing, marketplace, and DTC retailers.

TAP vs alternatives

	TAP (Visa + Cloudflare)	Mastercard Agent Pay	Cloudflare Verified Bots (pre-TAP)	OpenAI ACP
Layer	Agent auth	Card auth	Bot auth (broader)	Merchant checkout
Open standard	✅	partial	proprietary	✅
Carries payment?	no	✅	no	no
Edge-enforceable	✅ (via Cloudflare)	no	✅	no

Why this matters

For merchants:

Stop fighting your best customers’ agents. If you blanket-block bots, you also block the AI shopper buying on behalf of a real customer.
Edge enforcement is the realistic deployment model. Most merchants will get TAP via their CDN, not by writing code.

For agent vendors:

Identity is the price of admission. Unsigned agents will increasingly hit walls.
Reputation matters. Once you’re identified, your behavior on merchant sites builds (or destroys) a verifiable track record.

For users:

Better outcomes. Identified agents get better experiences (real prices, real inventory, fewer captchas), which means your AI assistant actually buys the right thing.

Strengths

Open framework, not a Visa-only walled garden.
Edge-enforceable through Cloudflare — easy adoption.
Aligned with OpenAI ACP, Coinbase x402, Google AP2 — no protocol war.
Backed by the biggest payment network (Visa).

Weaknesses

Doesn’t carry payment — you still need a card protocol underneath.
Doesn’t prove user intent — that’s AP2’s job.
Adoption depends heavily on Cloudflare’s market share for default enforcement.
New agent vendors still need to bootstrap an identity / reputation.

What’s next for TAP

TAP 1.1 is expected to deepen mandate semantics so the protocol can carry user-mandate hints alongside agent identity.
Visa’s consumer-facing agent commerce platform (unveiled May 5, 2026) will be the most visible TAP showcase for end-users.
More CDNs (Fastly, Akamai) are expected to add TAP enforcement to keep parity with Cloudflare.
Verified merchant directories will start ranking agents by behavior, not just identity.

TL;DR

TAP is not a payment rail. TAP is the front door for agent commerce — it tells the merchant “this is a real, identified AI agent” so the merchant can run the rest of the checkout safely. In May 2026 it is the most widely-enforced agent identity protocol on the web, mostly thanks to Cloudflare.

Sources: Visa press releases, Cloudflare “Secure Agentic Commerce” blog post, ATXP protocol comparison, paymentsdive.com — May 2026.

What is Visa Trusted Agent Protocol (TAP)? (May 2026)

The one-paragraph answer

What problem TAP solves

How TAP works (in May 2026)

Where TAP fits in the agent commerce stack

Who’s using TAP in May 2026

Agents currently signing with TAP

Merchants enforcing TAP

TAP vs alternatives

Why this matters

Strengths

Weaknesses

What’s next for TAP

TL;DR

Related reading