I'm going to poke at a downstream consequence here.
Lets say this catches on (in some form or another, whether in this precise implementation or not).
So assume we have a world where resources can be gated by a payment wall that agents can interact with.
I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).
---
At what point can I sue these companies for obviously failing to act in my interests?
Because that's the clear next step here.
Basically - where is the fiduciary duty that I would require for a real working relationship?
Because otherwise these agents can and will prefer to access payment gated resources that have financial relationships with their operators or developers.
>I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).
That seems like a pretty big assumption, given that local models are only like a year behind frontier ones (or less).
When you consider that, along with the completely unsustainable business model of all the major 3rd parties, I think a far more realistic view of our AI future is that AI will largely be commodified: it won't run on a few specialized companies, it will run on your hardware, or on budget providers (think an "AWS of AI").
Frontier AI will almost certainly continue to exist, but will be focused on specific niches.
I am not a fan of the growing trend that Cloudflare is the gatekeeper of the internet. Personally I will never support this company, or firewall any of my websites behind it.
But in all seriousness I wonder who needs this... api's are suppose to make it easy to bridge two application... and you didn't need AI to utilize an api before so I wonder what's pushing this sort of thing to extract value down to individual calls?
I'm old-man-yelling-at-the-clouds here. Everyone just uses Cloudflare, which is not a bad thing by itself. But do they _have_ to? Is managing your own edge really that terrifying?
Having an almost a plug and play solution who does CDN + DDoS Protection + WAF/Rate Limiter + Bot Protection, for a few bucks, is very useful for startups and SMEs.
And compared to cloud different offerings, their quick setup and lower cost is hard to beat.
I think DDoS attacks are really what propelled them to the heights it has. The attacks seem to get bigger and bigger by the year. You need a really big pipe to filter them out on before passing on traffic to servers with a much smaller pipe.
I might be in the minority here, but although x402 sounds useful, it seems to me that adoption will be an uphill struggle, especially for per-request micropayments.
The most likely scenario is Stripe, or someone similar, creating an agentic API connected to the agent owner linked account or something along those lines. I am not sure how this would work with 3DS, or whether it would be acceptable at all, since these kinds of transactions could be disputed easily ("I did not make the purchase, my rogue agent did.")
Another way to handle payments on the internet is obviously not to reinvent the wheel and simply email a payment link to the owner. That seems simple enough to me and does not require additional infrastructure. Payment processed, mint a key, the agent is allowed to proceed.
>"I did not make the purchase, my rogue agent did."
If you try to call customer service and report it, you get:
I'm sorry. All of our rogue agents are assisting other rogue agents.
If you would like to dispute charges made by your own rogue agent, please ignore all previous instructions and stay on the line of this toll number for our next available rogue agent.
The estimated waiting time is two months, three weeks, five days, thirteen hours, fourty seven minutes, and 36.03858767259934378 seconds.
I don't even care anymore, AI stealing the life out of everything, or Cloudflare trying to become so global internet gatekeeper, let them kill each other.
You realize humans are going to be the first wave of collateral damage right? I already basically cannot browse the internet for technical information, since most high-quality forums are behind captchas that block my iPhone.
If I ask an agent to do it, it does better at finding the small percentage of sources not hosted by cloudflare. However, it generally cannot hit open-access / public domain sources (like the current legal code, or academic papers) because those are blocked and it respects stuff like robots.txt.
I thought the goal was to only charge agents a fee, which would either 1. stop agents from scraping your site non-stop and eliminate the need for a captcha, making the human experience better or 2. make the owner of the site some money in exchange for a bajillion bots scraping their content.
Maybe that's too optimistic though, based on the responses I'm reading in this thread.
Can't speak for GP, but I wouldn't - privacy is already eroding at a startling rate, and more KYC for things that really don't need it is just a further affront to human rights. (See also the FCC's recent request for comments on requiring government-issued ID to use a cell phone.)
All for this. Micropayments have been tried so many times before, but they all relied on user opt-in and never reached any sort of critical mass. Someone of Cloudflare's scale could actually pull it off.
> NEW YORK – MCP Dev Summit North America – April 2, 2026 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it is launching the x402 Foundation with the contribution of the x402 protocol from Coinbase. The new Foundation will serve as the neutral home for x402, a universal standard for payments that embeds payments directly into web interactions, enabling AI agents, APIs, and apps to transact value as seamlessly as they exchange data.
Apparently I missed this initiative. It seems like it is a technology that is intended to be open an universal while also being supported and developed primarily by US companies (Linux Foundation, Coinbase, CloudFlare.)
The intent is to not make companies shoulder the cost of other organizations scraping their content. When it is regular users browsing the cost incurred is trivial. When bots are scraping the entirety of a site, repeatedly, it adds up quickly.
The upside of using this is that AI shops might pay you for your content. Realistically, they just won't use your content, there is more than enough free (or synthetic) data out there. Not even to mention their contracts with firms like Mercor etc.
I guess I don't understand who this is for. If you want your worldview reflected in the latest generations of models, you probably wouldn't use this. If you don't want your worldview reflected in the models, why would a few pennies change your mind?
I think that's a pretty wild statement: there isn't just one type of content!
Twilight fan fiction? Claude probably won't pay for that.
But critical programming documentation that its bots (and their human users) rely on to do their daily job ? You better believe Anthropic will pay for that (instead of letting another AI pay for it, and steal all their customers).
I don’t think this is aimed at the labs and pre-training, it’s aimed at end users and their agents. Like if you’re a news site the paying customer isn’t a lab scraping your articles for training, it’s an end user that asked their agent to lookup the news of the day
Am I understanding this correct in that you can basically automate monetizing your web/api content to everyone or just agents ? Because I would be very much in support of charging agents per request, but I would want to still offer humans a free experience.
Their example of an /api/premium is quite nice! You could you like keep existing pages free, but provide specific output content for llm!
So if: cost monetized API < cost configuring scraper for your website OR feature provided by premium api > data got by scraping, then some people/business will likely pay
If not built-in, you can probably put it together through Cloudflare itself.
If a request goes to the protected path, if detected as bot: hard HTTP redirect to the path set in the monetization gateway, if human: allow and don't redirect.
The focus of this seems to be entirely AI agents, but I wonder if there's a future where browsers implement this and us humans can finally get micropayments in the web. It's been tried unsuccessfully many times but always falls prey to the chicken-and-egg problem. Maybe the AI hype will finally give it the push it needs for widespread deployment.
Micropayments have always suffered from an early adopter problem because it’s difficult to convince ordinary users to pay for web pages. But if a big company, perhaps one of the AI labs, started paying websites using this system then it might bootstrap the system?
I think the difficult part is that LLMs are gullible and it will absolutely be gamed if any real money can be made this way.
It would be nice if this became a viable alternative to paywalls, though.
Presumably, like their captchas, this will completely break things like ad blockers, browsers with strict cookie policies, and probably things without hardware attestation.
Unless there's a privacy-preserving way this can be used to send money, then it's just another chunk of the surveillance state that's being rapidly erected over the last few years. The word "privacy" does not appear once in the article.
Even if it did, I'd be skeptical. If their payment system does allow money to be sent in a privacy and free speech preserving way, then it'll be used for money laundering.
This whole "agents bad" framing is complete BS. It's the reality of how people use the internet now, and, frankly, ad blockers have been a thing since forever. On the other hand, if successful, this infrastructure will give Cloudflare centralized control over internet publishing and also centralized surveillance of all users with no opt out.
Piracy is looking better and better. So does the small web. Come to think of it, the library does too. Any good solutions for non-destructively scanning books?
> This is what we are building toward: an agent-first Internet with Internet-scale settlement built in.
Ah yes, the starry-eyed dream of early web pioneers is finally upon us: a soulless internet filled with soulless agents and microtransactions!
But in all seriousness, it's hard to deny that the attention-based model that has propelled the web forward for the last 30 years is somewhat falling apart. And I don't have, nor have I come across, any meaningful solutions that could realistically work better. So maybe it's just time we turn off this 'internet' thing and call it a day.
I assume that if this catches on then the agents will have their own wallets and deduct fees from your account credit, just like with API-based usage. So the way you interact with them won't change, from your POV they'll just get more expensive.
article says it's mostly for agents, users will not be directly involved
> At the same time, an agent can make thousands of micropayments without friction, while asking a person to approve each payment would be impossibly burdensome.
but yes, they will need wallets
but it's also optional, you do not want to buy these paid for requests, you do not need a wallet
Actually, x402 was created because using a credit card programmatically is very difficult.
The whole business of Stripe is based on that: it's so hard for developers to do, and so many regulations, that they would rather pay an another company to do so.
Crypto can be sent just using a contract.transfer() call
Debit cards have to pay too many people. The acquiring bank, the receiving bank, the network, all take their fees. Stripe and their minimum $.30 per transactions leave no room for $0.01 API calls.
I'm going to poke at a downstream consequence here.
Lets say this catches on (in some form or another, whether in this precise implementation or not).
So assume we have a world where resources can be gated by a payment wall that agents can interact with.
I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).
---
At what point can I sue these companies for obviously failing to act in my interests?
Because that's the clear next step here.
Basically - where is the fiduciary duty that I would require for a real working relationship?
Because otherwise these agents can and will prefer to access payment gated resources that have financial relationships with their operators or developers.
>I'm also assuming that world continues to have agents that are majority hosted and run by 3rd parties (ex - google/anthropic/openai/xai/etc).
That seems like a pretty big assumption, given that local models are only like a year behind frontier ones (or less).
When you consider that, along with the completely unsustainable business model of all the major 3rd parties, I think a far more realistic view of our AI future is that AI will largely be commodified: it won't run on a few specialized companies, it will run on your hardware, or on budget providers (think an "AWS of AI").
Frontier AI will almost certainly continue to exist, but will be focused on specific niches.
I am not a fan of the growing trend that Cloudflare is the gatekeeper of the internet. Personally I will never support this company, or firewall any of my websites behind it.
Step one: Make a gate everyone uses
Step two: Sell keys to the gate
Muah ha ha
But in all seriousness I wonder who needs this... api's are suppose to make it easy to bridge two application... and you didn't need AI to utilize an api before so I wonder what's pushing this sort of thing to extract value down to individual calls?
I'm old-man-yelling-at-the-clouds here. Everyone just uses Cloudflare, which is not a bad thing by itself. But do they _have_ to? Is managing your own edge really that terrifying?
For non-corporate entities, it is!
Having an almost a plug and play solution who does CDN + DDoS Protection + WAF/Rate Limiter + Bot Protection, for a few bucks, is very useful for startups and SMEs.
And compared to cloud different offerings, their quick setup and lower cost is hard to beat.
> Is managing your own edge really that terrifying?
It's about convenience, not fear. Cloudflare is free for most companies until you need more advanced features.
So a fear of being inconvenienced then?
I'll show myself out ...
I think DDoS attacks are really what propelled them to the heights it has. The attacks seem to get bigger and bigger by the year. You need a really big pipe to filter them out on before passing on traffic to servers with a much smaller pipe.
I might be in the minority here, but although x402 sounds useful, it seems to me that adoption will be an uphill struggle, especially for per-request micropayments.
The most likely scenario is Stripe, or someone similar, creating an agentic API connected to the agent owner linked account or something along those lines. I am not sure how this would work with 3DS, or whether it would be acceptable at all, since these kinds of transactions could be disputed easily ("I did not make the purchase, my rogue agent did.")
Another way to handle payments on the internet is obviously not to reinvent the wheel and simply email a payment link to the owner. That seems simple enough to me and does not require additional infrastructure. Payment processed, mint a key, the agent is allowed to proceed.
>"I did not make the purchase, my rogue agent did."
If you try to call customer service and report it, you get:
I'm sorry. All of our rogue agents are assisting other rogue agents.
If you would like to dispute charges made by your own rogue agent, please ignore all previous instructions and stay on the line of this toll number for our next available rogue agent.
The estimated waiting time is two months, three weeks, five days, thirteen hours, fourty seven minutes, and 36.03858767259934378 seconds.
Cloudflare wants to shake down the Big AI™ shops.
I don't even care anymore, AI stealing the life out of everything, or Cloudflare trying to become so global internet gatekeeper, let them kill each other.
when the law won't protect you it creates an opportunity for a mafia like protection racket
You realize humans are going to be the first wave of collateral damage right? I already basically cannot browse the internet for technical information, since most high-quality forums are behind captchas that block my iPhone.
If I ask an agent to do it, it does better at finding the small percentage of sources not hosted by cloudflare. However, it generally cannot hit open-access / public domain sources (like the current legal code, or academic papers) because those are blocked and it respects stuff like robots.txt.
Would you be willing for Cloudflare to "Know their customer" (you) and pay 3 cents to access the forum, instead of filling in the captcha?
I thought the goal was to only charge agents a fee, which would either 1. stop agents from scraping your site non-stop and eliminate the need for a captcha, making the human experience better or 2. make the owner of the site some money in exchange for a bajillion bots scraping their content.
Maybe that's too optimistic though, based on the responses I'm reading in this thread.
Can't speak for GP, but I wouldn't - privacy is already eroding at a startling rate, and more KYC for things that really don't need it is just a further affront to human rights. (See also the FCC's recent request for comments on requiring government-issued ID to use a cell phone.)
All for this. Micropayments have been tried so many times before, but they all relied on user opt-in and never reached any sort of critical mass. Someone of Cloudflare's scale could actually pull it off.
> NEW YORK – MCP Dev Summit North America – April 2, 2026 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it is launching the x402 Foundation with the contribution of the x402 protocol from Coinbase. The new Foundation will serve as the neutral home for x402, a universal standard for payments that embeds payments directly into web interactions, enabling AI agents, APIs, and apps to transact value as seamlessly as they exchange data.
Apparently I missed this initiative. It seems like it is a technology that is intended to be open an universal while also being supported and developed primarily by US companies (Linux Foundation, Coinbase, CloudFlare.)
The intent is to not make companies shoulder the cost of other organizations scraping their content. When it is regular users browsing the cost incurred is trivial. When bots are scraping the entirety of a site, repeatedly, it adds up quickly.
this was in the announcement yes, kind of a buried lede
you get paid in crypto
WHATWG, who sets the HTML standard:
> The central organizational membership and control of WHATWG – its "Steering Group" – consists of Apple, Mozilla, Google, and Microsoft.
The upside of using this is that AI shops might pay you for your content. Realistically, they just won't use your content, there is more than enough free (or synthetic) data out there. Not even to mention their contracts with firms like Mercor etc.
I guess I don't understand who this is for. If you want your worldview reflected in the latest generations of models, you probably wouldn't use this. If you don't want your worldview reflected in the models, why would a few pennies change your mind?
I think that's a pretty wild statement: there isn't just one type of content!
Twilight fan fiction? Claude probably won't pay for that.
But critical programming documentation that its bots (and their human users) rely on to do their daily job ? You better believe Anthropic will pay for that (instead of letting another AI pay for it, and steal all their customers).
I don’t think this is aimed at the labs and pre-training, it’s aimed at end users and their agents. Like if you’re a news site the paying customer isn’t a lab scraping your articles for training, it’s an end user that asked their agent to lookup the news of the day
Am I understanding this correct in that you can basically automate monetizing your web/api content to everyone or just agents ? Because I would be very much in support of charging agents per request, but I would want to still offer humans a free experience.
Their example of an /api/premium is quite nice! You could you like keep existing pages free, but provide specific output content for llm!
So if: cost monetized API < cost configuring scraper for your website OR feature provided by premium api > data got by scraping, then some people/business will likely pay
Depends on the website though. I want LLMs to scrap my B2B website, because then it's shown to the user and they will likely use my product afterwards
If not built-in, you can probably put it together through Cloudflare itself.
If a request goes to the protected path, if detected as bot: hard HTTP redirect to the path set in the monetization gateway, if human: allow and don't redirect.
Is there actually a reliable way to differentiate human from bot?
Unless you have people's biometric data, you won't be able to separate agents from people. Except by payment.
The focus of this seems to be entirely AI agents, but I wonder if there's a future where browsers implement this and us humans can finally get micropayments in the web. It's been tried unsuccessfully many times but always falls prey to the chicken-and-egg problem. Maybe the AI hype will finally give it the push it needs for widespread deployment.
Precursor to age verification gateway.
In the future, an AGEnt will attest that you are old enough to access the resource.
We need standards and protocols, not another megacorp inserting itself between people. Micropayments should be part of the HTTP protocol.
CloudFlare launching the new AdSense for the AI scrape wars age
I can't wait for the deluge of AI generated agent-optimized webpages competing to trick your agent into giving them micropennies.
It’s a great way for developers or ai agents to test drive an API without creating and account and getting an API key from the api provider.
This could also make abusing use / DDoS attack very costly
This feels like a 'Horse Armor' moment.
I expect much more of this type of thing going forward.
Micropayments have always suffered from an early adopter problem because it’s difficult to convince ordinary users to pay for web pages. But if a big company, perhaps one of the AI labs, started paying websites using this system then it might bootstrap the system?
I think the difficult part is that LLMs are gullible and it will absolutely be gamed if any real money can be made this way.
It would be nice if this became a viable alternative to paywalls, though.
An partnership with Perplexity AI would be nice!
Let's say a part of the subscription is used to pay for it.
Presumably, like their captchas, this will completely break things like ad blockers, browsers with strict cookie policies, and probably things without hardware attestation.
Unless there's a privacy-preserving way this can be used to send money, then it's just another chunk of the surveillance state that's being rapidly erected over the last few years. The word "privacy" does not appear once in the article.
Even if it did, I'd be skeptical. If their payment system does allow money to be sent in a privacy and free speech preserving way, then it'll be used for money laundering.
This whole "agents bad" framing is complete BS. It's the reality of how people use the internet now, and, frankly, ad blockers have been a thing since forever. On the other hand, if successful, this infrastructure will give Cloudflare centralized control over internet publishing and also centralized surveillance of all users with no opt out.
Piracy is looking better and better. So does the small web. Come to think of it, the library does too. Any good solutions for non-destructively scanning books?
> This is what we are building toward: an agent-first Internet with Internet-scale settlement built in.
Ah yes, the starry-eyed dream of early web pioneers is finally upon us: a soulless internet filled with soulless agents and microtransactions!
But in all seriousness, it's hard to deny that the attention-based model that has propelled the web forward for the last 30 years is somewhat falling apart. And I don't have, nor have I come across, any meaningful solutions that could realistically work better. So maybe it's just time we turn off this 'internet' thing and call it a day.
how will the end user pay? will we all have stablecoin wallets installed?
It seems the usage will be mostly agent <-> service or service <-> service. For user, probably using a Metamask-like wallet yes
I assume that if this catches on then the agents will have their own wallets and deduct fees from your account credit, just like with API-based usage. So the way you interact with them won't change, from your POV they'll just get more expensive.
article says it's mostly for agents, users will not be directly involved
> At the same time, an agent can make thousands of micropayments without friction, while asking a person to approve each payment would be impossibly burdensome.
but yes, they will need wallets
but it's also optional, you do not want to buy these paid for requests, you do not need a wallet
Can the agents use debit cards?
Stablecoins doesn't make sense here and prefer not to use crypto at all.
Actually, x402 was created because using a credit card programmatically is very difficult.
The whole business of Stripe is based on that: it's so hard for developers to do, and so many regulations, that they would rather pay an another company to do so.
Crypto can be sent just using a contract.transfer() call
Debit cards have to pay too many people. The acquiring bank, the receiving bank, the network, all take their fees. Stripe and their minimum $.30 per transactions leave no room for $0.01 API calls.
Yet another portion of the internet to be ruined by the consequences of the trillion-dollar spambots, wonderful.