Everyone talks about the AI agent app store. Wrong frame. The real battle is for the control plane: the orchestration layer that determines (i) what services an agent can discover, (ii) what credentials and tools it can use, and (iii) how it can make payments. When agents become meaningful economic actors, that control plane will likely become the routing layer for most of their value flow.

Two dynamics define the next five years: (1) standards arrive early, (2) trust and gating determine winners.

On standards, x402 is an open standard originally introduced by Coinbase and now led by the Linux Foundation and supported by megacap partners across industry verticals, including Payment Service Providers (Adyen, Stripe, Fiserv, PPRO), Cloud (Cloudflare, Google, AWS, Microsoft), Consumer AI (Shopify, KakaoPay, Ant International, Sierra), and Crypto infra (Coinbase, Circle, Solana, etc.). x402 revives HTTP 402 (“Payment Required”) to make APIs and content machine-payable with stablecoins over ordinary HTTP flows and optional facilitators for verification and settlement.

Stripe’s Machine Payments Protocol (MPP) pushes the same trend toward an open, internet-native agent payment coordination standard, co-authored with Tempo and designed to support microtransactions and recurring payments via payment channels. Meanwhile, Google’s Agent Payment Protocol (AP2) formalizes auditable mandates for agent-initiated payments; Shopify and Google’s Universal Commerce Protocol (UCP) aims to standardize merchant capability discovery and checkout flows while keeping merchants as merchant of record (MoR); and OpenAI and Stripe’s Agentic Commerce Protocol (ACP) standardizes programmatic checkout flows and supports both conventional REST APIs and agent-native MCP skills.

On trust and gating, these will decide where “horizontal” control planes operating across domains can win. Open skill distribution has already shown supply-chain risks (eg, malicious OpenClaw skills distributed via ClawHub). And the most valuable commerce surfaces can still be vetoed by incumbents: Amazon has litigated to block Perplexity’s shopping agent, while also expanding first-party “Shop Direct” discovery flows that keep Amazon looped in.

Emerging infrastructure like Cloudflare’s EmDash, an  x402-native CMS include features like bot filters that charge AI, and let humans access for free. Identity layers such as World’s AgentKit for x402 suggest a more nuanced model for web requests, where sites can verify whether an agent is backed by a unique human and combine that with native x402 payment gating.

The opportunity here is not “who has the biggest marketplace for agents to do things,” it is what becomes the default trust + settlement + policy layer that agents and providers accept as the path of least friction – especially as open standards could compress pure toll economics and push monetization toward MoR, compliance, risk, and operations services.

The agentic control plane can be understood as a three-layer coordination stack: Discovery → Authorization → Payment (DAP). It sits between an interface layer above and the supply layer below. Different actors can own different layers, but the strategic advantage comes from bundling them.

The interface layer at the top defines how tools and skills are described and invoked. Originally developed by Anthropic, but now also hosted at the Linux Foundation, the Model Context Protocol (MCP) is emerging as an open standard for LLM tool connectivity: it specifies tool schemas, transports, and authentication patterns so MCP-capable agents can call compliant services through one interface. Skill bundles typically include an instructions file plus supporting code or assets. Together, MCP and reusable skill formats make it easier for many agents and tools to work together without building a custom connection for each one.

These interfaces are available to any capable agent before a task is invoked. Once an agent receives the task, the agentic control plane takes over, beginning with Discovery.

Trustworthy service selection comes first. x402 Bazaar positions itself as a search index for paid API services, showing how discovery can be the first paid economic surface. Coinbase’s Agentic Market and Merit Systems’ x402scan/MPPscan act as ecosystem explorers for x402/MPP servers and resources. Open registries like ClawHub enable rapid skill publishing, but trust depends on scores, reviews, and manual curation. While open distribution can scale supply fast, it’s the trust layers that determine long-term value capture. There will be many of these sort of discovery tools – the edge will sit in the “SEO” of the agents ranking and valuing them.

Control of identity, permissions, and spending happens here. Protocols like x402 rely on permissions to be configured at the wallet (client) layer, and include budgeting features like session limits, address whitelisting, and configuration of per-request maximum payments.  Stripe’s Link offers a consumer-first version where users grant agents a wallet and approve each spend in real time. AP2 formalizes signed mandate flows for agent payments, creating a verifiable trail from authorization to payment. ERC-8004 adds onchain identity and reputation registries for agents and services. Meanwhile, agent-account providers such as AgentCash, AWAL, Catena, ATXP, and Sponge bundle funded identity, wallets, and spending controls into simpler integrations. Sapiom calls this the “autonomous spend API,” treating money as a universal API key and abstracting identity, risk controls, metering, and billing behind a single integration.

Three primitives coexist:

1. 402 agent-native rails: Eg, Linux x402 and Tempo’s MPP. In both models, the server can return HTTP 402 with machine-readable payment instructions, and the client can satisfy those terms and retry the request with proof of payment. This enables payments to happen inline, at request time, rather than through a separate checkout flow. x402 is designed to be payment-network agnostic and can support stablecoins, cards, and other payment methods, while preserving an HTTP-native interface for paid resources. x402 is oriented around stateless, request-level payment flows, introducing schemas like ‘upto’, while MPP introduces new header-types and session-based payment mechanics.

2. Embedded checkout: Eg, Google’s UCP, OpenAI’s ACP. Agents fill carts and trigger checkouts via REST or MCP calls, with the merchant typically remaining the official MoR. UCP defines agent and merchant profiles that define their mutual capabilities, while ACP provides APIs for checkout initiation and completion.

3. PSP/MoR handoff: The agent presents a scoped payment credential – eg, a Stripe Shared Payment Token (SPT) pre-authorized by the user – directly to the merchant, who uses it to process the payment. No agent-native checkout layer is required; the merchant processes it as a standard card authorization and settlement flows through existing card rails (but limited to Stripe). Nevermined is also working on a similar flow with Visa Intelligent Commerce.

These three primitives sit on a spectrum defined by where the agent-specific logic lives: 402 rails make the payment rail itself machine-native, UCP/ACP make the merchant checkout interface machine-native, and PSP/MoR handoff leaves the payment stack in on traditional rails.

Finally, at the bottom are the suppliers: apps, databases, compute providers, and other merchants that do the actual work after agents have gone through Discovery, Authorization, and Payment.

Control planes monetize where agents make choices and move money:

• Tx fees. The most obvious one. Intermediaries in the payment path take a fee on every agent transaction. x402 facilitators follow this model, taking a fee for intermediating verification and settlement so sellers don’t need to run their own blockchain infrastructure. Merit Systems’ Echo has also explored this model: developers set pricing, while Echo handles billing, taxes, receipts, and other MoR functions for LLM credits. 

• Agent SEO. If paid endpoints are discoverable via something like a “Google for APIs,” ranking can become a paid surface. Exa is building optimized search infra for AI agents, and its recent x402 integration enables agents to natively pay for that web search. Models like this could enable “SEO for agents,” with monetization surfaces such as sponsored placement, routing preference, and default-tool status as agents move from intent to action.

• Compliance & MoR. There’s also money to be made in handling these “messy” parts of payments that enterprise needs. For instance, Stripe’s Managed Payments is an MoR solution handling tax compliance, disputes, fraud, and post-sale support across the world. Cloudflare’s Pay Per Crawl acts as MoR for crawler payments and provides the underlying technical, billing, and access-control infrastructure to make it work. Both examples show how control planes can monetize checkout not only via tolls but also by absorbing operational complexity. Circle also recently released a CPN Managed Payments.

• Data & network effects. Once Discovery, Authorization, and Payment run through intermediaries, those parties see the signals that matter – success rate, latency, fraud signals, retries, and policy outcomes. That data can then be fed back to improve ranking and risk models. Over time, that makes intermediaries less commoditizable: their compounding data advantage comes from being in the path. Each layer exposes unique telemetry, which is most valuable when combined – another reason for the bundling efforts we’re seeing.

How much value are we talking about?

The value pool is large as it accrues across Discovery + Authorization + Payment, each with different economics. For payment settlements, let’s assume McKinsey’s forecast is more or less accurate, with AI agents mediating $3T-$5T of global consumer commerce by 2030. At that scale, if a routing product in the control plane routes 50-80% of flows and captures just 10-25 bps (far below Stripe’s base 2.9% + $0.30 card fee), the take rate for that product alone could reach as high as $10B annually.

The more important point here is where margins stay durable. Thin protocol tolls may compress as open standards for machine payment commoditize. But, platforms that bundle MoR, tax, fraud, disputes, customer support, etc. are not charging just for the routing – they’re also selling managed risk and operational complexity. Stripe and Circle’s managed payments products are examples of this, pointing to defensible economics likely sitting not in basic routing, but in bundled compliance, trust, and conversion layers wrapped around it.

The settlement math above excludes Discovery and Authorization, which could be large revenue pools in their own right even if they are harder to size today. Discovery may monetize routed demand through ranking, preferred placement, referral economics, and telemetry on pricing, conversion, and reliability. Authorization may look more like software or compliance revenue tied to agent accounts, identity, credentialing, policy controls, and spend governance. The strongest businesses will therefore likely monetize across the stack. While it’s still too early to draw direct comps, adjacent businesses such as Google and Visa show that discovery surfaces and transaction authorization systems can scale from single-digit billions to tens of billions in annual revenue when the network is big enough.

The remaining question is where control (and value) consolidates. The same value pool can be captured through very different market structures: at discovery, at checkout, or in accounts and policy. Over the coming years, we will see these different control points battle to become the default coordination layer for agent commerce flows.

• Scenario 1 – Directory-first: An index like x402 Bazaar or a future MPP-equivalent becomes the primary discovery layer for payable tools and services. It could monetize via sponsored ranking, telemetry and data products, and potentially facilitator or settlement fees. As UCP/ACP/AP2 standardize payment interactions, basic routing may commoditize, shifting value toward ranking, compliance, audits, and data services. In this outcome, the control point looks less like a consumer app store and more like a machine-readable registry + ranking, verification, and trust layer in the agent request path. Its position is strongest when paired with payment facilitation, verification, and policy controls rather than operating as a standalone directory.

• Scenario 2 – Checkout-first: Standardized cart + checkout flows such as UCP and ACP become the default, with AP2 mandates providing auditable authorization while merchants and PSPs continue to process payment. The “winner” may be whoever owns a major checkout surface (Shopify, Stripe, Amazon, etc.), with value concentrated in MoR functions, KYC/compliance, dispute handling, and unified billing and reporting – similar to products like Stripe Connect and Managed Payments. In this outcome, the control plane becomes more about payment orchestration and compliance services.

• Scenario 3 – Account-first: Agent wallets + policy engines become the lock-in (ATXP/Sponge/Catena model). Agents fund a single account and access services via that account under predefined budgets, permissions, and controls. The control plane is essentially the wallet provider combined with a policy engine. In this outcome, the business resembles a wallet provider combined with a risk and compliance stack. Over time, this layer could evolve to look like a financial institution for agents.

Importantly, x402/MPP can benefit in any of these scenarios if it’s the underlying settlement mechanism adopted by the directory, checkout, or account provider. What matters is whether they become the common settlement layer across the control plane.

My base case is split consolidation rather than winner takes all. Checkout-first is most likely in consumer shopping (esp with incumbent gating); account-first in enterprise and autonomous spend (where control and policy matters most); and directory-first persists across both as the routing and telemetry layer rather than sole point of control.

The real battle is not over agent “app stores” per se. It is over the coordination layers that decide what agents can discover, what they are allowed to do, and how money moves. Skill code is easier to replicate than trusted routing, policy, and settlement infrastructure. Open protocols will expand what agents can do, but they do not eliminate the control points. They shift value toward the platforms that sit in the flow: the ones that control distribution, permissions, payment operations, and the data those interactions produce.

That is why a thin “agent app store” is unlikely to win on discovery alone. The stronger position is more vertical – controlling the workflow end-to-end and becoming the default trusted path for agent spend. In practice, the advantage comes from creating demand, defining what is allowed, and realizing intents via payments in one surface, with as little friction as possible. Durable advantages will come from bundling these functions in a way that works across open protocols while still integrating with incumbent distribution.

Special thanks to Kevin, Sam, James, and Francesco for the review and feedback.

Disclaimer

This article is prepared for general information purposes only. This post reflects the current views of its authors only and is not made on behalf of Lemniscap or its affiliates and does not necessarily reflect the opinions of Lemniscap, its affiliates or individuals. The opinions herein may be subject to change without this article being updated.

This article does not constitute investment advice, legal or regulatory advice, investment recommendation, or any solicitation to buy, sell or make any investment. This post should not be used to evaluate the making of any investment decision, and should not be relied upon for legal, compliance, regulatory or other advice, investment recommendations, tax advice or any other similar matters.

All liability in connection with this article, its content, and any related services and products and your use thereof, including, without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement is disclaimed. No warranty, endorsement, guarantee, assumption of responsibility or similar is made in respect of any product, service, protocol described herein.