Most payment systems assume that a person is involved when a payment is launched. When a payment is initiated not by a person but by software — an agent, a script, or an automated workflow — three questions have to be answered again: who gave permission, whether the payment reflects the user's real intent, and who is responsible if something goes wrong.
A payment is AI-initiated when the immediate initiator of the request is software making a decision, not a human clicking "buy." The human may have set policy earlier, may be available for escalation, or may have pre-authorized a range of actions. What matters is that, at the moment of initiation, a person does not have to be watching.
This is narrower than "AI in payments" in general. AI-assisted fraud scoring is not AI initiation. A ChatGPT conversation that ends with a human clicking a normal checkout button is usually better described as agent-assisted rather than agent-initiated.
In human-initiated payments these roles often collapse into one. In AI-initiated payments they separate clearly, and that separation is what makes authorization harder.
Presence-based authentication. 3-D Secure, biometric prompts, and similar methods assume a person is there to respond. Agent flows either escalate to a human or present credentials that were authorized in advance.
Card-network assumptions. Card rules were written for a person at checkout. Merchant-initiated transaction (MIT) rules provide a partial framework, but agents complicate the question of who actually initiated the payment.
Dispute and accountability chains. If software initiated the payment, the record of why it happened matters more than in human flows. Visa, Mastercard, and American Express have announced agent-registration and tokenized-credential schemes partly to preserve that record.
Mandate-based authorization. Several protocols — with Google's AP2 currently the most developed — express user authority granted to an agent as a cryptographically signed mandate. An Intent Mandate captures the conditions; a Cart Mandate captures approval of specific items. These are designed to carry evidence that can stand up in a dispute. See the protocols overview.
Scoped credentials. Instead of giving an agent a full card number, systems issue a token limited by merchant, amount, time window, and purpose.
Agent identity layers. Know Your Agent schemes, network-level registration (Visa Trusted Agent Protocol, Mastercard Agent Pay, American Express ACE), and edge attestation (Cloudflare Web Bot Auth) address different versions of the same problem: helping merchants and networks understand which agent is making the request.
Two modes recur in the literature:
The second mode is structurally harder, and it is where pre-execution decisioning matters most — because there is no user at checkout to catch a mistake.
AI-initiated payments do not necessarily require new payment rails. They do require a rebuilt approach to authorization and proof of authority. The rest of the AI Payments Map focuses on where that authorization should live and how it should be structured.