Agent Trust Chain — Agentic Payments Trust Layer

The unresolved question

AI agents are buying, contracting, and transacting on behalf of humans. Payment rails (x402, MCP) are in place — but most production deployments still hand the agent an API key and rely on prompt-engineered guardrails to prevent over-spending or the wrong recipient. Lemma calls the missing layer the Agent Trust Chain — authority, spending limits, and the data underlying each transaction are issued as cryptographic attestations, so the receiving side can verify them independently before the transaction commits.

Why Now

x402 protocol adoption, expanding MCP ecosystem, rapid growth of agent economy

How Lemma Fits

Prove which principal an agent represents — issued as a ZK attestation, verifiable on-chain or by any counterparty
Bind spending limits to a cryptographic attestation, not to a raw API key or wallet
Carry the upstream principal's authority through multi-step agent chains so it remains verifiable at the leaf

Agentic payments

Agent Trust Chain and Trust402 — where the trust layer fits in agentic payments

Lemma proposes the Agent Trust Chain as the trust layer that sits in front of the agent payment step. Rather than handing agents API keys and hoping prompt-engineered guardrails hold, the layer issues authority, spending limits, and provenance as cryptographic attestations — verifiable on-chain or by any counterparty, before the transaction settles. Trust402 is Lemma's product that realizes this layer at the protocol level for x402-style agent payments.

Why this layer is needed now: agentic payments — transactions executed autonomously by AI agents — became a real category in 2024–2025 with x402, the Stripe Agent SDK, and MCP-driven tool use. The payment rail problem is largely solved. What remains is the trust question — who is the agent acting for, how much can it spend, and is the data underlying the payment authentic.

The delegated-treasury, multi-agent-workflows, and x402-commerce use cases linked above show how Trust402 and the surrounding pieces compose. For the broader conceptual scope of agentic payments, see the glossary entry.

Use Cases

Delegated Treasury

Issue agent spend authority as an on-chain spend-control attestation — not as a soft prompt. Book a 30-minute discovery call to see how it fits your operations.

View use case → →

Multi-Agent Workflows

Bind every multi-agent delegation step as a ZK proof. The final output carries a verifiable trace back to the original principal. Book a 30-minute discovery call to see how it fits your orchestration setup.

View use case → →

X402 Commerce

Verify seller attributes as ZK proofs before x402 settlement runs. Buyer agents transact without relying on plaintext claims. Book a 30-minute discovery call to see how it fits your stack.

View use case → →

Recent Thinking

Business Strategy

Bridge exploits in 2026: the case for verifiable origin proofs

2026.04.30

Announcement

A Trust Layer for x402

2026.04.28

Announcement

Whitepaper: Prove What Your AI Decided On.

2026.04.23

FAQ

What is agentic payments?

A transaction pattern where autonomous AI agents — not humans — are the transacting party. The technical stack centers on x402 (Coinbase's revival of HTTP 402 Payment Required), the Stripe Agent SDK, MCP for tool use, and a Facilitator for settlement. The unresolved problem is trust — authority delegation, spend limits, and provenance. Lemma calls this layer the Agent Trust Chain, and ships Trust402 as the x402-targeted product implementation. See the glossary entry for the full definition.

What is the relationship between x402 and Trust402?

x402 is a payment protocol; Trust402 is the verification layer that sits in front of it. x402 answers "how does the agent pay" — Trust402 answers "should the agent be allowed to pay, and is the underlying data real." They are complementary, not competing. Trust402 emits ZK attestations of authority, spend limits, and provenance that any x402 facilitator can verify before settlement.

How is the Delegated Treasury use case different from other solutions?

Existing agent-payments approaches grant an API key or wallet to the agent and rely on prompt-engineered guardrails to prevent over-spending. Delegated Treasury issues the spending authority itself as a cryptographic attestation — limit, allow-list of counterparties, time window, and the data conditions that justify the transaction. The treasury never grants raw access; the agent earns the right to spend, per transaction, by proving the attestation in zero knowledge.

Where does provenance fit into agentic payments?

Provenance answers the third trust question: "is the data underlying this payment genuine and unaltered." Without it, an agent can be tricked — by retrieved documents, by upstream tool outputs, by another agent — into authorizing the wrong transaction. Lemma's provenance stack is fed into the same Trust Chain so that the attestation an agent shows at payment time includes a proof that the input data is verifiable. See the Verifiable Origin pillar for the input side.

Lemma's Other Pillars

Verifiable Origin

Data is copied. Provenance is carved.

→

Verifiable AI

Models change. Proofs remain.

→

Regulatory Attribute Proof

Data stays. Proofs travel.

→

Get Started

Ready to issue agent authority as cryptographic attestations — not soft prompts?

Talk to us about your use case. We respond within one business day.

Book a Discovery Call → Join Trust402 waitlist