Glossary

402 retry logic is the client-side pattern of re-requesting a resource after receiving an HTTP 402 Payment Required response — attaching a signed paym...

Combines Google's Agent-to-Agent protocol with x402 payments — agents communicating via A2A settle payments using HTTP-native x402 flows....

Access control is the security mechanism that determines which entities (users, agents, contracts) are authorized to perform specific actions on speci...

Account funding is the process of depositing money or assets into an account — in crypto, this involves transferring tokens to a wallet address or sma...

ACH (Automated Clearing House) is the US electronic payment system for bank-to-bank transfers — processing payroll, direct deposits, and bill payments...

Address poisoning is a social engineering attack where an attacker sends small transactions from addresses that closely resemble the victim's frequent...

An allowlist is a curated set of approved addresses, contracts, or services an agent can transact with. Anything not listed is blocked — the simplest ...

Agent API consumption refers to the emerging pattern where autonomous AI agents discover, evaluate, negotiate payment for, and consume HTTP APIs witho...

Cryptographic proof of an agent's identity, capabilities, and authorization — issued by a trusted party and verifiable by counterparties for establish...

A chronological record of every financial decision, transaction attempt, policy evaluation, and approval/denial — complete accountability for agent sp...

The degree of independent financial decision-making an agent has — from fully supervised (human approves every transaction) to fully autonomous (withi...

An agent budget is the total crypto allocated to an agent for a specific task, time period, or session — the financial envelope enforced through spend...

A spending or usage ceiling assigned to an individual agent identity, enforced at the proxy layer, that caps the cumulative cost or count of tool invo...

The rate at which an AI agent consumes its allocated budget or credits over time, used to forecast spend exhaustion, trigger alerts, and dynamically a...

Agent checkout is how AI agents autonomously complete purchases — discovering payment requirements, authorizing transactions, and confirming receipt w...

Ensuring AI agent financial activities conform to regulatory requirements, organizational policies, and industry standards — sanctions screening, repo...

The practice of tracing every unit of spend — API calls, tool invocations, token usage, payments — back to the specific agent, task, or workflow that ...

Agent credential theft is stealing the credentials — API keys, tokens, secrets — that an AI agent uses to authenticate with MCP servers or external se...

A prepaid or credit-based funding model where AI agents draw from a balance of consumption units (credits) rather than making individual payment trans...

How an agent's private keys are stored — self-custody (agent holds), managed (service holds), MPC (split across parties), or smart account (programmab...

Agent data purchase is the autonomous acquisition of paid data — market feeds, research reports, analytics, datasets, or real-time information — by AI...

Agent delegation is the process by which one AI agent assigns a task or subtask to another agent, potentially transferring context, authority, and res...

A denylist blocks an agent from transacting with specific addresses, contracts, or services. Any denylisted recipient is immediately blocked regardles...

The gradual divergence of an AI agent's behaviour from its intended purpose over time, potentially caused by context accumulation, model updates, envi...

The emerging system where AI agents are active economic participants — buying services, selling capabilities, earning revenue, and managing finances f...

A mechanism holding funds in a smart contract until conditions are met — delivery confirmation, service completion, quality verification — protecting ...

Agent evaluation is the process of measuring AI agent performance across dimensions like task completion accuracy, efficiency, safety, cost, and relia...

End-to-end visibility into an AI agent's financial activity — from authorisation and spend to settlement and reconciliation — providing the data neede...

The layered infrastructure enabling agents to hold, manage, and spend crypto — wallet infrastructure, key management, policy enforcement, payment prot...

A collection of AI agents operated by a single organization, managed as a group with shared treasury, consistent policies, and centralized oversight. ...

An agent framework is a software library that provides abstractions for building AI agents, handling concerns like tool management, state persistence,...

Depositing crypto into an agent's wallet for transactions — determining amount, source, top-up frequency, and preventing over-funding risk....

Rules for agent gas fee spending — maximum prices, per-transaction limits, total budgets preventing overpayment during network congestion....

A structured set of controls — identity verification, permission scoping, spending limits, audit logging, and kill switches — that ensures AI agents o...

An agent graph is a directed graph representation of an AI agent's workflow, where nodes represent computation steps (LLM calls, tool executions, poli...

Safety mechanisms constraining AI agent behaviour within acceptable boundaries. Guardrails operate at multiple levels — from prompt instructions to in...

An agent handoff is the transfer of control, context, and responsibility from one AI agent to another during a workflow — enabling specialized agents ...

Agent identity is the verifiable attributes uniquely identifying an AI agent in transactions — wallet address, operator credentials, framework metadat...

Agent jailbreaking bypasses an AI agent's safety constraints and operational boundaries through crafted prompts or tool interactions, causing it to ig...

The practice of periodically replacing an AI agent's cryptographic keys to limit the damage from potential key compromise. New keys are issued while o...

The agent lifecycle encompasses all phases of an AI agent's operational existence — from provisioning and configuration through active operation, moni...

The agent loop is the fundamental execution cycle of an AI agent: observe the current state, think about what to do (using an LLM), take an action (ca...

A platform where AI agents advertise capabilities and users can discover, hire, and pay agents for services. Marketplaces enable an open economy of sp...

Agent memory refers to the mechanisms that allow AI agents to store, retrieve, and use information across interactions and sessions — including conver...

Ledger-grade tracking of an AI agent's resource consumption — tokens processed, tools called, payments made — at granularities traditional billing sys...

Infrastructure sitting between an AI agent and external systems (MCP servers, APIs, databases), intercepting and processing requests before they reach...

A proposed economic design from DeepMind research where swarms of AI agents are oriented toward collective, human-centred goals rather than purely opt...

Understanding an agent's behaviour through external outputs — logs, metrics, traces, and audit trails. For MCP-based agents, observability means track...

The process of setting up an AI agent for financial transactions — configuring its wallet, defining spending policies, establishing identity, funding ...

Agent orchestration is the coordination of multiple AI agents working together on complex tasks, managing their execution order, communication, resour...

Google's open standard (AP2) for secure agent-led payments, built on top of A2A, with backing from Salesforce, Mastercard, Visa, and 60+ partners — ha...

Infrastructure and protocols enabling AI agents to send and receive payments — blockchain networks, stablecoins, payment protocols (x402, A2A), and se...

The gradual, often unnoticed expansion of an AI agent's access rights and spending authority beyond its original scope — analogous to privilege escala...

The specific tools and operations an AI agent is authorised to perform — which MCP tools it can invoke, with what arguments, and under what constraint...

An agent persona is the defined identity, behavioral style, and capability set of an AI agent — configured through system prompts, available tools, an...

Agent planning is the process by which an AI agent breaks down a complex goal into a sequence of actionable steps, determines the optimal order of exe...

An agent protocol is a standardized specification for how AI agents communicate, discover capabilities, exchange data, and coordinate actions — enabli...

Restricting the number or frequency of an agent's tool calls within a time window — preventing runaway loops, excessive resource consumption, and deni...

Agent reflection is the capability of an AI agent to evaluate its own outputs, reasoning, and past actions — identifying errors, adjusting strategies,...

Agent reputation is a quantifiable measure of an AI agent's trustworthiness and reliability, based on its history of behavior — including transaction ...

Assigning dynamic risk scores to AI agents based on their behavior, transaction patterns, spending history, and policy compliance — used to adjust spe...

An agent runtime is the execution environment that manages the lifecycle of an AI agent — handling the agent loop, tool execution, state management, c...

Principles, practices, and infrastructure preventing AI agents from causing harm — including system damage through unauthorised tool calls, data exfil...

An agent sandbox is a controlled environment that constrains which tools an AI agent can access and how it can use them — preventing the agent from af...

A bounded execution context where an agent performs a specific task with its own budget, permissions, and time limits. Financial authority expires whe...

The discipline of setting, monitoring, and enforcing financial boundaries on AI agent activity — encompassing budgets, rate limits, approval workflows...

An agent spending limit is a configurable cap on how much crypto an AI agent can spend within a scope — per transaction, per time period, per recipien...

Agent state is the structured data that an AI agent maintains across execution steps — including conversation history, task progress, accumulated resu...

An agent supply chain attack compromises an MCP server, tool package, or agent dependency to inject malicious behaviour that affects all agents using ...

An agent swarm is a collection of AI agents that collaborate through decentralized, emergent coordination patterns — inspired by biological swarms — r...

A systemic trap where an attacker fabricates multiple pseudonymous agent identities to disproportionately influence collective decision-making, voting...

A systematic analysis of threats to an AI agent system: what can go wrong, who might attack it, what assets are at risk, and what controls mitigate ea...

Malicious web content or tool output specifically crafted to hijack an AI agent's behaviour, as defined by Google DeepMind's taxonomy of six trap cate...

The central fund pool for an organization's agent operations — from which individual agent budgets are drawn, with controls on allocation, disbursemen...

An agent wallet is a cryptocurrency wallet controlled by an AI agent rather than a human, holding funds the agent spends autonomously to execute trans...

Agent wallet recovery is the process of restoring access to an AI agent's cryptocurrency wallet after key loss, corruption, or compromise — using back...

The commercial relationship between an AI agent (buyer) and a merchant (seller) — including identity verification, payment authorization, pricing nego...

Agent-to-agent payments are transactions between AI agents where neither party is human. One agent pays another for services — compute, data, API acce...

Google's open standard for AI agent discovery, communication, and task delegation across different frameworks — enabling interoperability in the agent...

A portable, verifiable credential standard (from the NANDA protocol) that AI agents carry across platforms to prove their identity, authority, and com...

AI systems that act autonomously to achieve goals — perceiving environment, making decisions, taking actions without step-by-step human instruction. T...

Agentic commerce is the buying and selling of goods, services, and digital resources by AI agents autonomously — encompassing discovery, negotiation, ...

An open standard co-developed by Stripe and OpenAI that defines how AI agents discover products, initiate purchases, and complete checkout on behalf o...

Stripe's integrated product bundle that enables businesses to sell through AI agents via a single integration — covering product discovery, checkout, ...

Agentic finance refers to the use of autonomous AI agents to execute financial transactions, manage portfolios, process payments, and interact with fi...

Agentic payments are transactions initiated and executed by AI agents autonomously, without per-payment human approval. They include agent-to-service,...

A tokenised payment credential issued by a card network (e.g. Mastercard Agent Pay) that is scoped to a specific AI agent, enabling traceable, governe...

A blockchain wallet controlled or operated by an AI agent, subject to policy constraints (spending limits, allowlists, chain restrictions) enforced at...

An agentic workflow is a multi-step process where AI agents autonomously plan, execute, and adapt their actions to complete a complex task — making de...

The flagship annual conference of the Agentic AI Foundation (AAIF), bringing together the agentic AI ecosystem to discuss open standards, interoperabi...

An AI agent is an autonomous software system that perceives its environment, reasons about it, and takes actions to achieve specified goals — often us...

AI alignment is the challenge of ensuring that AI systems — particularly autonomous agents — act in accordance with human values, intentions, and goal...

Adversarial testing of AI agent systems to find vulnerabilities, policy bypasses, and unintended behaviours before attackers do. Includes testing prom...

A payment transaction that is triggered, authorised, and completed by an AI agent acting on delegated authority, without a human present at the point ...

Alert escalation is the process of routing policy violation alerts to increasingly senior or specialised responders based on the severity, frequency, ...

An alert rule is a rule that triggers a notification when specific policy events occur — such as repeated denials, unusual tool call patterns, or acce...

Allowance revocation is the process of removing a previously granted ERC-20 token approval — setting the allowance back to zero so the spender contrac...

An explicit list of MCP tools an agent is permitted to use. Any tool not on the allowlist is denied by default — the most secure approach to tool acce...

Anti-Money Laundering (AML) refers to the laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as ...

Anomaly detection is the identification of patterns in data that deviate significantly from expected behavior — used in crypto security to flag suspic...

AP2 is a payment protocol for AI agent transactions providing standardized negotiation, authorization, and settlement flows between agents and service...

Approval hijacking is an attack that exploits existing ERC-20 token approvals to drain funds — either by compromising the approved spender contract or...

A rule in a YAML policy that restricts the value of a tool call argument. Argument constraints can enforce regex patterns, allowed enumerations, numer...

Replacing sensitive argument values with masked versions in audit logs — for example, card_number: "****1234". Argument masking preserves auditability...

Completely removing sensitive argument values from logs and audit trails. Stronger than masking — the value is never persisted in any form. Redaction ...

An argument schema defines the expected structure, types, and constraints of arguments for an MCP tool, used by Intercept to validate tool calls again...

Argument validation is the process of checking tool call arguments against policy-defined constraints before the call reaches the MCP server — for exa...

Atomic settlement is a transaction guarantee that ensures an operation either completes entirely or fails entirely — with no possibility of partial ex...

Audit compliance is the practice of maintaining complete, tamper-evident records of all AI agent tool calls and policy decisions to satisfy regulatory...

An audit log is the structured log output from Intercept containing tool call details, matched policies, evaluation results, timestamps, and contextua...

An audit trail is a chronological, immutable record of every tool call, policy evaluation, and decision made by Intercept — essential for compliance, ...

AutoGen is an open-source framework by Microsoft for building multi-agent systems where agents collaborate through structured conversations — supporti...

AutoGPT is an open-source autonomous AI agent that chains LLM calls together to accomplish complex goals with minimal human intervention, pioneering t...

An autonomous agent is an AI system capable of operating independently over extended periods, making decisions and taking actions — including MCP tool...

Autonomous API discovery is the capability of AI agents to independently find, evaluate, and begin consuming new APIs — including paid x402 endpoints ...

A financial transaction initiated, constructed, and executed by an AI agent without human approval — the agent independently decides amount, recipient...

A flow control mechanism where the proxy signals the agent to slow down when downstream MCP servers are overloaded. Backpressure prevents cascading fa...

A smart contract wallet on the Base L2 chain providing programmable transaction validation, session keys, and gas sponsorship — commonly used as the u...

A batch payment is the execution of multiple payment transactions in a single operation — reducing gas costs, simplifying accounting, and enabling eff...

An agent trap that hijacks an agent's capabilities to force unauthorised actions such as data exfiltration, sub-agent spawning, or embedded jailbreak ...

Biconomy is a Web3 infrastructure platform providing account abstraction, gasless transactions, and cross-chain user experience solutions — simplifyin...

The maximum potential damage if an AI agent is compromised or misbehaves. Determined by the agent's tool access, permissions, argument ranges, and the...

A blob transaction (EIP-4844) is a new Ethereum transaction type that carries large data 'blobs' at reduced cost — designed specifically for Layer 2 r...

A bonding curve is a mathematical function that determines a token's price based on its supply — automatically increasing price as more tokens are min...

A bridge exploit is a security breach of a cross-chain bridge protocol — typically resulting in the theft of locked assets that back wrapped tokens on...

An AI autonomously navigating web pages — clicking links, filling forms, executing actions. When accessing e-commerce or financial services, it can in...

A bug bounty program offers financial rewards to security researchers who discover and responsibly disclose vulnerabilities — creating economic incent...

The maximum number of tool calls permitted in a short burst before rate limiting kicks in. Burst limits allow temporary spikes in throughput — accommo...

A Central Bank Digital Currency (CBDC) is a digital form of a country's fiat currency issued directly by the central bank — offering programmable mone...

Chain of Thought (CoT) is a prompting technique where an LLM is guided to show its step-by-step reasoning process before arriving at an answer, signif...

A chargeback is the reversal of a payment by the issuing bank or payment network — a consumer protection mechanism in traditional finance that does no...

CI/CD policy enforcement is the practice of integrating policy validation — linting, testing, and compliance checks — into continuous integration and ...

An automated safety mechanism that halts an agent's tool calls when anomalous patterns are detected — call rate spikes, repeated denied calls, or erro...

Claude is a family of large language models built by Anthropic, designed with a focus on safety, helpfulness, and honesty — widely used for building A...

A coding agent is an AI system that autonomously writes, modifies, tests, and deploys code — going beyond code completion to handle multi-file changes...

An agent trap that corrupts an agent's long-term memory, knowledge bases, and learned behavioural policies — including RAG knowledge poisoning, latent...

Coinbase Commerce is a payment platform enabling merchants to accept cryptocurrency payments — providing checkout widgets, APIs, and automatic settlem...

Cold storage is the practice of keeping cryptocurrency private keys completely offline and disconnected from the internet — providing maximum security...

Compliance automation is the use of software systems to automatically enforce regulatory requirements — sanctions screening, transaction monitoring, r...

A compliance framework is a structured set of guidelines, controls, and best practices — such as SOC 2, GDPR, HIPAA, or PCI DSS — that organisations m...

A compliance rule is a policy rule specifically designed to enforce regulatory or organisational compliance requirements on AI agent tool calls, ensur...

A systemic trap that partitions a malicious payload into semantically benign fragments distributed across multiple agents, which only reconstitute int...

An AI controlling a computer interface — clicking, filling forms, navigating websites. When accessing financial interfaces, these agents can initiate ...

A transaction executing only when specific conditions are met — delivery confirmation, oracle thresholds, time windows, or multi-party approval. Enabl...

A confused deputy attack tricks a privileged AI agent into performing actions it shouldn't by exploiting its access to MCP tools. The agent becomes th...

A systemic trap where an attacker broadcasts signals that synchronise homogeneous agents into exhaustive demand for limited resources — causing denial...

Constitutional AI (CAI) is Anthropic's alignment methodology where AI behavior is guided by a written set of principles (a 'constitution') that the mo...

Container escape in the agent context is when an agent running inside a containerised MCP server breaks out of the container boundary to access the ho...

An agent trap that exploits the gap between human perception and machine parsing, using hidden text, dynamic rendering, or encoding tricks to inject i...

Content monetization for AI is the practice of charging AI agents, crawlers, and automated systems for access to digital content — articles, data, res...

A filter applied to MCP tool inputs or outputs that detects and blocks harmful, offensive, or policy-violating content in AI agent interactions, ensur...

Context poisoning corrupts an agent's context window by injecting misleading information through MCP tool responses, causing the agent to make flawed ...

A context window is the maximum number of tokens an LLM can process in a single interaction, encompassing system prompt, conversation history, retriev...

Contract verification is the process of publicly linking a smart contract's deployed bytecode to its human-readable source code on a block explorer — ...

A mandatory waiting period imposed after a policy violation or rate limit hit before the agent can retry the tool call. Cooldowns prevent rapid retry ...

Agent credential stuffing uses an AI agent's tool access to systematically test stolen credentials against services, leveraging the agent's speed and ...

CrewAI is an open-source framework for orchestrating autonomous AI agents as collaborative teams ('crews'), where each agent has a defined role, goal,...

A cross-border payment is a financial transfer between parties in different countries — an area where crypto and stablecoins offer dramatic improvemen...

Consistent financial rules for an agent across multiple blockchains — preventing circumvention of per-chain limits by spreading transactions....

A cross-server attack is when a compromised or malicious MCP server manipulates an AI agent into performing harmful actions on a different, trusted MC...

A vulnerability where one MCP server's tool descriptions influence or override how agents use tools from other servers, enabling stealthy data exfiltr...

A crypto payment gateway enables merchants to accept cryptocurrency payments through their existing checkout flow — handling wallet interaction, trans...

Custody risk is the possibility of losing cryptocurrency due to failure, compromise, or misconduct of the entity holding the private keys — whether th...

Agent data exfiltration is when an AI agent is manipulated into sending sensitive data — API keys, user data, internal documents — to an unauthorised ...

Data integrity is the assurance that data remains accurate, consistent, and unaltered throughout its lifecycle — a fundamental guarantee provided by b...

Decentralized Identity (DID) is a framework for self-sovereign digital identity where the identity holder controls their own identifier and associated...

A decision log is a specific audit log entry that records why a tool call was allowed or denied, including which policy rule matched, what conditions ...

A policy configuration where all tool calls are rejected unless an explicit allow rule exists, ensuring that newly discovered or unclassified tools ca...

A security strategy that layers multiple independent controls — policy enforcement, argument validation, rate limiting, audit logging, and fail-closed...

Delegated spending authorizes an AI agent to spend crypto on your behalf within constraints — amount, duration, recipients, and token types defined by...

MCP denial of service overwhelms an MCP server or proxy with excessive tool calls to degrade or prevent legitimate agent operations....

A list of MCP tools an agent is explicitly forbidden from using, with all other tools permitted by default. Less secure than allowlisting but easier t...

An attack where an AI agent resolves an MCP server name to a malicious package instead of the intended one, mirroring the dependency confusion attacks...

Policy evaluation that produces identical allow/deny decisions given identical inputs, with no probabilistic reasoning or LLM involvement — ensuring a...

Digital currency is any form of money that exists purely in electronic form — encompassing cryptocurrencies, stablecoins, CBDCs, and digital represent...

Disaster recovery in crypto encompasses the plans and procedures for recovering access to funds and systems after catastrophic events — including key ...

A payment architecture where AI agents can transact on both crypto rails (stablecoins via x402) and traditional fiat rails (cards via ACP/UCP), choosi...

EIP-7702 is an Ethereum improvement proposal (activated in the Pectra upgrade) that allows externally owned accounts (EOAs) to temporarily delegate th...

Embedded finance is the integration of financial services — payments, lending, insurance, banking — directly into non-financial software products and ...

An embedding is a dense vector representation of data in a continuous mathematical space, where semantic similarity is captured by vector proximity — ...

Immediately ceasing all agent financial operations — freezing wallets, revoking tokens, blocking all transactions. The most extreme safety measure for...

Encryption is the process of converting data into an unreadable format using cryptographic algorithms — protecting information confidentiality so that...

The EntryPoint contract is the singleton smart contract at the core of ERC-4337 account abstraction — receiving bundled UserOperations, validating the...

Restricting a tool call argument to a predefined set of allowed values. Enum constraints enforce closed vocabularies — for example, currency must be o...

ERC-6551 (Token Bound Accounts) is a standard that gives every NFT its own smart contract wallet — enabling NFTs to own assets, interact with dApps, a...

Escrow is a financial arrangement where a third party holds funds until predetermined conditions are met — implemented in DeFi through smart contracts...

Excessive agency is when an AI agent has more tool access, permissions, or autonomy than required for its task. It is a core vulnerability that amplif...

Fail-closed is a security posture where if Intercept cannot evaluate a policy — due to a configuration error, crash, or unexpected condition — the too...

A security posture where tool calls are blocked by default when the policy engine or proxy is unavailable, ensuring that enforcement failures never re...

Fail-open is a security posture where if policy evaluation fails for any reason, the tool call is allowed to proceed — prioritising availability over ...

Few-shot learning is a technique where an LLM is given a small number of examples in the prompt to guide its behavior — enabling task-specific perform...

A fiat off-ramp is a service that converts cryptocurrency back into traditional currency — enabling users to realize crypto gains, pay bills, and move...

A fiat on-ramp is a service that converts traditional currency (USD, EUR, etc.) into cryptocurrency — the entry point for new users moving from the tr...

Any mechanism preventing AI agents from causing financial harm — spending controls, budget limits, recipient restrictions, velocity monitoring, circui...

Fine-tuning is the process of further training a pre-trained language model on a domain-specific dataset to improve its performance on particular task...

Fireblocks is an enterprise-grade digital asset custody and operations platform — providing institutional-quality key management, transaction signing,...

Float is the time period during which funds are in transit between sender and receiver — representing temporarily unavailable money that in traditiona...

A policy rule that blocks tool calls containing a specific argument or argument value. Forbidden argument constraints prevent agents from using danger...

Formal verification is the mathematical proof that a smart contract's code correctly implements its specification — providing the highest level of ass...

Function calling is the capability of large language models to generate structured output that specifies which external function to invoke and with wh...

GDPR in an agent context refers to the application of the General Data Protection Regulation to AI agent operations — specifically how agents processi...

GitOps for policy is the practice of using git as the single source of truth for AI agent security policies. All policy changes go through pull reques...

A global policy applies across all MCP servers in an Intercept configuration, enabling universal rules like rate limiting, mandatory audit logging, or...

GPT (Generative Pre-trained Transformer) is OpenAI's family of large language models that have become foundational to the AI agent ecosystem through s...

Grounding in AI refers to techniques that anchor a language model's outputs to verifiable, real-world data sources — reducing hallucination and improv...

In AI, hallucination refers to when a language model generates confident, plausible-sounding output that is factually incorrect or fabricated — a fund...

HIPAA in an agent context refers to the application of the Health Insurance Portability and Accountability Act to AI agents — specifically how agents ...

A honeypot contract is a malicious smart contract designed to appear vulnerable or profitable — luring victims to interact with it, only to trap their...

HTTP 402 is a status code reserved in the HTTP specification for digital payment systems. Defined in HTTP/1.1 but never standardized — until x402 gave...

HITL requires explicit human approval for certain agent actions — particularly high-value or high-risk transactions — providing safety checkpoints wit...

An agent trap that commandeers the agent to attack the human overseer by exploiting cognitive biases — using the agent as a channel to manipulate huma...

An immutable audit is an audit log that cannot be modified or deleted after creation. This tamper-evidence is essential for compliance and forensic in...

A tamper-proof record of all agent spending decisions anchored on-chain or cryptographically secured — entries cannot be modified or deleted after cre...

Incident response is the organized process of detecting, analyzing, containing, and recovering from security incidents — including established procedu...

The process of detecting, investigating, and recovering from security incidents involving AI agents — including policy violations, data breaches, prom...

Malicious instructions embedded in external data sources (websites, documents, APIs) that agents process unknowingly, potentially triggering unauthori...

Indirect tool injection is an attack where malicious instructions are embedded in data returned by an MCP tool, which then influences the AI agent's s...

Inference is the process of running a trained AI model on new inputs to generate outputs — the production phase where models serve real requests, as o...

Infrastructure-as-code (IaC) is the practice of managing and provisioning infrastructure through declarative configuration files rather than manual pr...

The process of cleaning and validating arguments that an AI agent passes to MCP tools before execution, preventing injection attacks, path traversal, ...

MCP tools that ship with permissive default settings — such as unrestricted file access, no authentication, or broad argument ranges — creating vulner...

Instant settlement is the completion of a financial transaction in real-time — a native property of blockchain that eliminates the multi-day settlemen...

Intent fingerprinting creates a cryptographic fingerprint of an agent's stated transaction intent and verifies it against the actual transaction submi...

Intercept is an open-source Go binary (Apache 2.0) that acts as a transparent MCP proxy, sitting between MCP clients and MCP servers to enforce YAML-d...

An interchange fee is the charge that a merchant's bank pays to the cardholder's bank for each card transaction — a major cost of traditional payments...

An invoice is a request for payment specifying amount, recipient, and terms — in crypto, often implemented as on-chain payment requests or structured ...

ISO 20022 is an international standard for financial messaging that defines a common language for payment data — increasingly adopted by banks, SWIFT,...

Crafting inputs that bypass AI safety guidelines and constraints. For financial agents, jailbreaking could override spending instructions and trigger ...

Key management encompasses the practices and systems for securely generating, storing, distributing, rotating, and revoking cryptographic keys — the f...

An emergency mechanism that instantly blocks all agent tool calls — denying every request with a single action for immediate harm cessation when an ag...

The practice of verifying an AI agent's identity, operator, capabilities, and authorization before granting financial access — the agent-era equivalen...

KYAPay (Know Your Agent Pay) is an emerging protocol combining agent identity verification with payment processing, enabling merchants to authenticate...

Know Your Customer (KYC) is the regulatory process of verifying a user's identity before providing financial services — required by law in most jurisd...

LangChain is an open-source framework for building applications powered by large language models, providing abstractions for chains, agents, memory, a...

LangGraph is a framework by LangChain for building stateful, multi-step AI agent applications using directed graphs, where nodes represent computation...

A Large Language Model (LLM) is a neural network trained on vast text corpora that can understand, generate, and reason about natural language, servin...

LayerZero is an omnichain interoperability protocol enabling cross-chain messaging and token transfers between 50+ blockchains — using a modular secur...

The principle that AI agents should be granted only the minimum autonomy required for their task — not just what they can access (least privilege), bu...

Applying the principle of least privilege to MCP tool access: AI agents should only have access to the specific tools and argument ranges required for...

The Lightning Network is a Layer 2 payment channel network built on Bitcoin that enables instant, low-cost Bitcoin transactions — making Bitcoin pract...

An LLM router is a system that intelligently directs AI requests to different models based on task complexity, cost, latency requirements, or domain —...

Log forwarding is the practice of sending audit logs from the MCP proxy to external logging systems — such as SIEM platforms, S3 buckets, or Elasticse...

Log retention refers to policies governing how long audit logs of AI agent tool calls are stored. Different regulations require different retention pe...

Machine-to-machine (M2M) payments are financial transactions initiated, authorised, and settled entirely by software systems — AI agents, APIs, IoT de...

A malicious MCP server is an MCP server deliberately designed to exfiltrate data, execute harmful operations, or manipulate the AI agent through poiso...

A man-in-the-middle (MITM) attack on MCP intercepts and potentially modifies protocol traffic between client and server. This is relevant when using n...

Mastercard's agentic payments system that issues network-level agentic tokens to AI agents, enabling them to initiate and complete card transactions w...

An MCP client is the component within an AI agent or application that connects to MCP servers, discovers available tools and resources, and invokes th...

A protocol-aware intermediary that inspects, transforms, or enriches MCP traffic between clients and servers — performing functions like policy enforc...

A protocol feature allowing MCP servers to request additional structured input from users during an interaction, creating a dynamic feedback channel t...

An MCP prompt is a reusable, parameterised prompt template exposed by an MCP server that provides standardised workflows and interaction patterns for ...

An MCP resource is a read-only data source exposed by an MCP server that provides context to AI agents — such as files, database records, API response...

An attack where an MCP server silently modifies a tool's description or behaviour after the client has approved it, turning a previously trusted tool ...

MCP sampling is a capability in the Model Context Protocol that allows an MCP server to request LLM completions through the connected client — enablin...

A service exposing capabilities to AI agents via the Model Context Protocol — tools, resources, and prompts that any MCP-compatible agent can discover...

A centralised index of available MCP servers with metadata about capabilities, versioning, and verification status, functioning as the discovery layer...

MCP server spoofing is impersonating a legitimate MCP server to intercept or manipulate tool calls between the client and the real server....

Exploitation of the MCP server distribution chain — through compromised npm packages, malicious SDK updates, or dependency injection — to gain executi...

An MCP tool is an executable capability exposed by an MCP server, described with a name, description, and JSON Schema parameters, that AI agents can d...

Server-declared metadata hints (readOnlyHint, destructiveHint, idempotentHint, openWorldHint) that describe a tool's behavioural properties, introduce...

A JSON-RPC request from an AI agent to execute a specific function exposed by an MCP server, containing the tool name, arguments, and optional metadat...

The uncontrolled proliferation of MCP tools across an organisation, where agents accumulate access to hundreds of tools without centralised inventory,...

The communication layer between MCP clients and servers, currently supporting stdio (local process) and Streamable HTTP (remote services), which deter...

A gateway-configured logical endpoint that exposes a curated subset of tools from one or more upstream MCP servers, scoped by team, use case, or acces...

A Merchant Category Code (MCC) is a four-digit code assigned to businesses by card networks (Visa, Mastercard) that classifies the type of goods or se...

Merchant onboarding is the process of enabling a business or service to accept cryptocurrency payments — including wallet setup, payment integration, ...

Metered API access is a billing model where API consumers pay based on actual usage — per request, per token generated, per byte transferred, or per c...

MiCA (Markets in Crypto-Assets) is the European Union's comprehensive regulatory framework for cryptocurrency — establishing rules for issuers, servic...

Individually authorizing each small agent payment in real-time rather than batch approval. Every micropayment passes through full policy evaluation....

A micropayment is a financial transaction for a very small amount — typically under $1 and sometimes fractions of a cent — enabled by low-fee payment ...

An open standard by Anthropic defining how AI agents connect to external tools and data sources. MCP provides a universal interface for discovering an...

A money API is a programmatic interface that gives software direct access to financial operations — sending payments, checking balances, managing acco...

Money transmission is the regulated activity of transferring funds on behalf of others — requiring licenses in most jurisdictions and a key compliance...

An MPC (Multi-Party Computation) wallet distributes private key material across multiple parties or devices, requiring a threshold of them to collabor...

A multi-agent system (MAS) is an architecture where multiple AI agents collaborate, compete, or coordinate to accomplish tasks that would be difficult...

An AI agent that operates across multiple blockchain networks — holding assets, executing transactions, and interacting with protocols on different ch...

A multi-modal agent is an AI system that can process and generate multiple types of data — text, images, audio, video — enabling richer interaction wi...

A multi-signature (multisig) wallet is a smart contract wallet that requires a minimum number of private key signatures (e.g., 2-of-3, 3-of-5) to auth...

The voluntary standards initiative launched by NIST's Centre for AI Standards and Innovation (CAISI) in February 2026, covering agent authentication, ...

Non-custodial controls enforce spending rules without taking custody of private keys or funds. The control layer validates transactions while the oper...

OFAC compliance refers to adherence to the rules and regulations of the US Office of Foreign Assets Control, which administers economic sanctions prog...

Using smart contracts to verify spending rules on the blockchain — tamper-proof, transparent, and independently verifiable by anyone....

Open banking is a regulatory and technology framework that requires banks to share customer financial data with authorized third parties through APIs ...

An open-weights model is an AI model whose trained parameters are publicly released, allowing anyone to download, run, fine-tune, and deploy it — dist...

The OpenAI Agents SDK is a lightweight, production-focused framework for building AI agents with built-in support for tool calling, agent handoffs, gu...

Operational security (OpSec) in crypto encompasses the practices and procedures that protect private keys, accounts, and systems from compromise — ext...

An oracle feed is a continuous stream of real-world data delivered to blockchain smart contracts — most commonly price data for financial assets, upda...

Oracle manipulation is an attack that corrupts the price data fed to smart contracts — causing DeFi protocols to make incorrect decisions about liquid...

Inspecting and filtering MCP tool responses before they are returned to the AI agent, preventing sensitive data leakage, blocking context poisoning at...

An AI agent configured with access to more MCP tools or broader argument ranges than its task requires, violating the principle of least privilege and...

The Open Web Application Security Project's list of the ten most critical security risks for applications built with large language models. The standa...

Pay-per-inference is a pricing model where each AI model inference request (an LLM completion, image generation, embedding, or classification) is paid...

Pay-per-token pricing is a billing model for large language models and other generative AI services where the consumer pays based on the exact number ...

A pay-per-use API charges per request using crypto micropayments rather than flat subscriptions. With x402, AI agents pay per call using stablecoins i...

A payable endpoint is an HTTP API endpoint that gates access behind an x402 payment — returning 402 Payment Required with structured pricing to unpaid...

A paymaster is a smart contract in the ERC-4337 account abstraction system that sponsors gas fees on behalf of smart account users or agents — enablin...

A payment API is a programmatic interface that enables applications and agents to initiate, process, and manage financial transactions — abstracting t...

A cryptographic proof that an agent payment was authorized and policy-compliant, verifiable by third parties without accessing internal policy configu...

A payment channel is an off-chain protocol that enables multiple transactions between two parties with only two on-chain transactions — one to open th...

Payment compliance is the adherence to legal, regulatory, and industry requirements governing payment operations — including sanctions screening, AML ...

A payment dispute in crypto is a disagreement between parties about whether a payment obligation has been satisfied — handled through smart contract e...

In the x402 stack, a payment facilitator processes and settles agent payments for merchants, handling crypto complexity so merchants don't manage wall...

Payment finality is the point at which a payment becomes irrevocable and the recipient can consider the funds fully received — varying significantly a...

Payment fraud encompasses unauthorized or deceptive transactions designed to steal funds — a major problem in traditional finance that blockchain's cr...

A payment gateway is the technology that securely processes payment transactions between a customer and merchant — in crypto, managing wallet connecti...

A payment intent is a data object representing the intention to make a payment — including amount, currency, recipient, and metadata — created before ...

Payment netting is the offsetting of multiple payments between parties to settle only the net difference — reducing the number and volume of actual tr...

Payment orchestration is the coordination of payment flows across multiple providers, chains, and methods — routing each transaction through the optim...

A payment processor is a service that handles the technical and financial aspects of accepting payments — in crypto, enabling merchants to accept cryp...

A payment protocol is a standardized set of rules and message formats that define how payments are initiated, authenticated, processed, and verified b...

Payment rails are the underlying infrastructure and protocols that facilitate the movement of money between parties — including traditional systems (A...

A payment receipt in crypto is the on-chain transaction record that serves as proof of payment — including sender, recipient, amount, timestamp, and t...

A payment splitter is a smart contract that automatically distributes received payments among multiple recipients according to predefined shares — use...

Payment splitting is the automatic division of incoming payments among multiple recipients according to predefined rules — implemented in smart contra...

Payment streaming is the continuous, real-time flow of tokens from one address to another at a defined rate — enabling per-second payments rather than...

A payment token is a digital token specifically designed and used for making payments — distinct from utility tokens (access to services) and security...

Payment verification is the process of confirming that a cryptocurrency payment was executed correctly — verifying the transaction was included in a b...

A payment-aware proxy is a network intermediary that understands x402 payment flows — intercepting 402 responses, applying spending policies, managing...

Crypto payroll is the payment of employee salaries and contractor fees in cryptocurrency or stablecoins — increasingly used by Web3 companies and offe...

PCI DSS in an agent context refers to the application of the Payment Card Industry Data Security Standard to AI agents — specifically how agents makin...

A peer-to-peer (P2P) payment is a direct transfer of funds between two individuals without a financial intermediary — the original vision of Bitcoin a...

Penetration testing (pentesting) in crypto is the authorized simulation of attacks against smart contracts, infrastructure, and operational processes ...

Applying distinct policy rules to individual AI agents or agent identities, ensuring that one agent's permissions, rate limits, and budget constraints...

A rate limit applied to a specific MCP tool rather than globally across all tools. Allows operators to set different throughput ceilings for different...

Rate limits scoped to individual users or agent identities rather than applied globally. Ensures one agent cannot consume another's quota, enabling fa...

The gradual accumulation of MCP tool permissions over time as new capabilities are added to an agent's configuration but old, unnecessary ones are nev...

Permit2 is a token approval protocol by Uniswap that provides a unified, more secure allowance system for ERC-20 tokens — featuring built-in expiratio...

A semantic manipulation attack where a narrative about an AI model's identity is seeded into content that re-enters the agent's context via retrieval,...

A phishing attack in crypto is a social engineering scam that tricks users into revealing private keys, seed phrases, or signing malicious transaction...

Detecting personally identifiable information in MCP tool call arguments or responses to prevent AI agents from inadvertently exfiltrating, processing...

Pimlico is an ERC-4337 infrastructure provider offering bundler and paymaster services — enabling developers to build account abstraction features int...

A point-of-sale (PoS) system for crypto is the hardware and software enabling merchants to accept cryptocurrency payments in physical retail locations...

Policy actions are the three possible outcomes of policy evaluation in Intercept: allow (the tool call proceeds to the MCP server), deny (the tool cal...

A policy condition is a constraint within a policy rule that evaluates tool call arguments against defined criteria (e.g. amount < 1000, branch != "ma...

A policy diff is the comparison between two versions of a policy file to see exactly what changed — which rules were added, removed, or modified. Esse...

A policy dry run is a mode where Intercept evaluates policies and logs the decisions that would be made, but does not enforce them — all tool calls ar...

A policy engine evaluates requests against predefined rules and returns allow/deny decisions. In Intercept, the policy engine evaluates every MCP tool...

The policy evaluation pipeline is the sequence of steps Intercept follows to evaluate every tool call: match server, match tool, evaluate conditions, ...

A policy file is the physical YAML file (e.g. stripe.yaml, github.yaml) that contains policy rules for one or more MCP servers, stored alongside your ...

Policy hot reload is the ability to update policy files without restarting Intercept, with changes taking effect on the next tool call to enable zero-...

Policy inheritance is the mechanism by which tool-level policies inherit from server-level policies, which in turn inherit from global policies, with ...

Policy linting is the static analysis of YAML policy files to catch syntax errors, unreachable rules, conflicting conditions, type mismatches, and oth...

A policy override is a mechanism to temporarily or permanently bypass a policy rule, granting an exception for a specific tool call, agent, or time wi...

Policy priority is the order in which policies are evaluated when multiple rules could match a tool call, with higher-priority rules overriding lower-...

Policy rollback is the process of reverting to a previous version of a YAML policy when a new policy causes issues — such as blocking legitimate tool ...

A policy rule is a single rule within a policy file that specifies an action (allow, deny, or log) for a specific tool or tool pattern, optionally wit...

A pre-built, reusable YAML policy configuration for common agent use cases — such as coding assistants, data analysis agents, or DevOps automation. Te...

Policy testing is the practice of validating policies against predefined test cases before deployment, ensuring they behave as expected — allowing wha...

Policy versioning is the practice of tracking changes to YAML policy files over time using version control (git), enabling audit trails of who changed...

When an AI agent attempts a tool call that violates a YAML-defined policy — calling a denied tool, passing disallowed arguments, or exceeding rate lim...

A policy violation event is emitted when a tool call is denied by policy, signalling that an agent attempted an operation outside its permitted bounda...

Policy-as-code is the practice of defining security and compliance policies as version-controlled, machine-readable code rather than manual configurat...

Expressing MCP tool access rules as version-controlled, machine-readable configuration (typically YAML) rather than UI-configured settings, enabling a...

An agent requests approval before committing funds. The policy engine evaluates and returns an authorization token for the actual payment execution....

The principle of least privilege states that every entity (user, agent, process) should have only the minimum permissions necessary to perform its int...

A private transaction is a blockchain transaction where some or all details — sender, recipient, amount, or data — are concealed from public view whil...

Privilege escalation is a security exploit where an entity gains access to tools or capabilities beyond what was initially authorised — either by expl...

Cryptocurrency with embedded rules governing how it can be spent — enabling conditions like spending limits, approved recipients, and time locks direc...

A wallet with built-in logic enforcing transaction rules — spending limits, recipient restrictions, multi-party approvals — at the wallet level. Smart...

Prompt chaining is the technique of connecting multiple LLM calls in sequence, where each call's output feeds into the next call's input — enabling co...

Prompt engineering is the practice of designing and optimizing input text to guide large language models toward producing desired outputs, including t...

An attack where malicious input manipulates an AI agent's behaviour by injecting instructions that override its programming. Successful prompt injecti...

Tool-layer prompt injection embeds malicious instructions in MCP tool descriptions, schemas, or return values to hijack agent behaviour. It targets th...

Prompt leaking is when an MCP tool or server extracts the agent's system prompt, user instructions, or conversation context through crafted tool inter...

PSD2 (Payment Services Directive 2) is European regulation mandating that banks provide API access to customer accounts for authorized third parties —...

PydanticAI is a Python agent framework by the creators of Pydantic that emphasizes type safety, structured outputs, and production reliability — using...

A cognitive state attack that injects fabricated statements into retrieval corpora so agents treat attacker-authored content as verified fact, corrupt...

Restricting a numeric tool call argument to a minimum and/or maximum value. Range constraints set safe operational bounds — for example, ensuring a tr...

Rate limiting is a security control that restricts the frequency of operations — transactions per minute, API calls per hour, or spending events per d...

Constraining how frequently an AI agent can invoke specific MCP tools within a defined time window. Rate limiting prevents runaway agents, protects do...

A ReAct agent follows the Reasoning + Acting paradigm, alternating between thinking steps (reasoning about what to do) and action steps (executing too...

Real-Time Gross Settlement (RTGS) is a payment system that settles transactions individually and immediately — the backbone of central bank payment sy...

Checking an agent's transaction against all rules at request time — before signing. Decisions in milliseconds for immediate allow/deny....

A reasoning agent is an AI agent that uses explicit step-by-step thinking — such as chain-of-thought or extended thinking — to break down complex prob...

A recurring payment is an automated, periodic transfer of funds — such as subscriptions, rent, or salaries — that in crypto requires specific smart co...

A reentrancy attack exploits a smart contract vulnerability where an external call allows the attacker to re-enter the contract before the first execu...

Using regular expressions in YAML policies to validate tool call argument values before they reach the MCP server. Regex constraints can enforce email...

Regulatory compliance is the adherence to laws, regulations, and industry standards governing cryptocurrency operations — including KYC/AML requiremen...

Reinforcement Learning (RL) is a machine learning paradigm where an agent learns optimal behavior through trial and error, receiving rewards or penalt...

Remittance is the transfer of money by a foreign worker to their home country — a massive global market ($650B+ annually) where crypto stablecoins off...

A replay attack on tool calls captures and re-sends a valid MCP tool call to execute it again, potentially duplicating financial transactions, destruc...

A policy rule enforcing that a specific argument must be present in a tool call. Required argument constraints prevent tools from being called with mi...

Agent resource exhaustion is when an AI agent consumes excessive compute, memory, API calls, or tokens — either through manipulation or runaway behavi...

Inspecting and modifying MCP tool responses before they reach the agent. Response filtering can strip sensitive data, block certain patterns, redact i...

Checking MCP tool responses against expected schemas or patterns before passing them to the agent. Response validation catches malformed, unexpected, ...

The practice of developing and deploying AI systems in ways that are safe, fair, transparent, and accountable. For AI agents, this includes enforcing ...

Retrieval-Augmented Generation (RAG) is an architecture that enhances LLM responses by retrieving relevant documents from an external knowledge base a...

Reinforcement Learning from Human Feedback (RLHF) is a training technique that aligns LLM outputs with human preferences by training a reward model on...

An AI agent that has deviated from its intended behaviour — whether through prompt injection, misconfiguration, or emergent behaviour — and is now per...

Role-Based Access Control (RBAC) is a security model that assigns permissions to roles rather than individual entities, and then assigns roles to user...

Safe (formerly Gnosis Safe) is the most widely deployed smart contract wallet platform, providing multi-signature authorization, modular extensions, a...

Sanctions screening is the process of checking cryptocurrency addresses and transactions against sanctions lists maintained by authorities like OFAC, ...

A framework from Google DeepMind's 'Virtual Agent Economies' paper describing the emergent economic layer where AI agents transact autonomously, chara...

Sandbox escaping is when an AI agent or MCP tool breaks out of its intended execution environment to access system resources, files, or networks it sh...

A scoped token grants an AI agent limited, time-bound spending permission — restricting amount, recipient, duration, and token type unlike unrestricte...

Scanning MCP tool responses for accidentally exposed secrets — API keys, passwords, tokens, private keys, and connection strings — before they enter t...

A security audit is a comprehensive review of a system's security posture — examining code, architecture, access controls, and operational practices t...

The logical perimeter around an AI agent's permitted operations, defined by which MCP servers it can connect to, which tools it can invoke, and what a...

Self-custody is the practice of holding and managing your own cryptocurrency private keys, maintaining direct, exclusive control over your digital ass...

Semantic Kernel is Microsoft's open-source SDK for integrating LLMs into applications — providing abstractions for AI plugins, memory, and planning th...

An agent trap that manipulates input data distributions to corrupt an agent's reasoning without issuing overt commands — using biased phrasing, author...

Semantic routing is the technique of directing requests, queries, or tasks to the appropriate handler (agent, tool, or model) based on the semantic me...

A server-level policy applies default rules to all tools on a given MCP server, establishing baseline permissions that can be overridden by more speci...

A temporary cryptographic key granting an AI agent limited, time-bound permission to sign transactions from a smart account. Session keys expire autom...

Settlement is the final, irrevocable transfer of asset ownership between parties — the point at which a transaction is fully completed and can no long...

An unauthorised AI agent operating within an organisation, connecting to MCP servers without IT or security team oversight. The agent equivalent of sh...

MCP servers deployed by employees without IT oversight, giving AI agents ungoverned access to production systems, databases, and APIs — the 2026 equiv...

SIEM integration is the process of connecting MCP proxy audit logs to a Security Information and Event Management system for real-time threat detectio...

A rate limiting approach that uses a rolling time window rather than fixed intervals. Instead of resetting a counter every minute on the minute, it co...

A smart account is a blockchain account implemented as a smart contract rather than a simple key pair (EOA), enabling programmable transaction validat...

A smart contract audit is a professional security review of smart contract code to identify vulnerabilities, logic errors, and potential exploits befo...

A smart contract exploit is the use of a vulnerability in smart contract code to steal funds or manipulate protocol behavior — one of the primary secu...

A smart wallet is a user-facing cryptocurrency wallet built on smart contract technology (account abstraction) that provides enhanced features like so...

SOC 2 is a compliance framework developed by the AICPA for service organisations, focused on five trust service criteria: security, availability, proc...

Social engineering in crypto is the manipulation of people into performing actions or divulging confidential information — exploiting human psychology...

A spend card (or crypto debit card) enables users to spend cryptocurrency at traditional merchants by automatically converting crypto to fiat at the p...

Spend management tracks, controls, and optimizes AI agent crypto spending — budgeting, policy enforcement, real-time monitoring, analytics, and report...

Data-driven insights into agent financial activity — patterns, cost per task, budget utilization, violation trends, and ROI across an agent fleet....

An agent spending pattern that deviates significantly from established baselines — unusual amounts, unexpected recipients, abnormal timing, or velocit...

A hard upper limit on total agent spending within a scope — per transaction, hour, day, contract, or session. Once reached, all transactions blocked u...

Spending controls are programmable rules limiting how, when, and where an AI agent can spend crypto — per-transaction limits, rolling budgets, recipie...

Tracks how spending authority flows from operator through intermediate agents to the final spender, ensuring delegated authority never exceeds origina...

A specialized language for defining agent spending rules — readable, auditable, and composable without general-purpose code....

A verifiable record of an authorized agent transaction — policy evaluation result, parameters, approval status, blockchain confirmation. Proof of poli...

A structured summary of AI agent financial activity over a time period — total spend, transaction count, policy compliance rate, budget utilization, a...

The rate at which an agent spends — transactions per minute, dollars per hour. Monitoring velocity detects anomalies like runaway loops or compromised...

Stablecoin micropayment rails are the combination of dollar-pegged stablecoins (primarily USDC) and low-cost Layer 2 blockchain networks (primarily Ba...

Using price-stable cryptocurrencies (USDC, USDT) pegged to fiat for transactions. Preferred by agents for predictable value, instant settlement, and p...

Stablecoin settlement is the finalization of a payment using stablecoins on a blockchain — where the transaction is confirmed in a block and the recip...

A state channel is an off-chain protocol that enables multiple state transitions between parties with minimal on-chain interaction — generalizing paym...

A deliberately designed marketplace for AI agent services where incentive structures, safety mechanisms, and policy guardrails are built in from the s...

Restricting the length of a string argument in a tool call. String length constraints prevent excessively long inputs that could be used for prompt in...

Stripe Crypto is Stripe's suite of cryptocurrency-related products — including fiat-to-crypto on-ramps, USDC payouts, and crypto payment acceptance th...

Structured output refers to LLM responses formatted in machine-readable schemas like JSON or typed objects, enabling reliable integration with downstr...

A sub-cent transaction is a financial payment worth less than one US cent ($0.01), made economically viable by Layer 2 blockchain networks where trans...

A subscription payment is a recurring automated charge for ongoing access to a service — a payment model that requires specific smart contract pattern...

A supply chain attack compromises software by targeting its dependencies, build tools, or distribution channels — injecting malicious code through tru...

A system prompt is a privileged instruction set provided to an LLM that defines the model's role, behavior, constraints, and output format — serving a...

An agent trap that seeds the environment with inputs designed to trigger macro-level failures via correlated agent behaviour — including congestion tr...

A systemic trap where environmental signals act as correlation devices, synchronising anticompetitive agent behaviour — such as coordinated pricing or...

Task decomposition is the process by which an AI agent breaks a complex goal into smaller, manageable sub-tasks that can be executed sequentially or i...

Threat modeling is a structured security analysis process that identifies potential threats to a system, evaluates their likelihood and impact, and de...

A threshold signature scheme (TSS) is a cryptographic protocol where a signing key is split into n shares, and any t (threshold) of those shares can c...

Deliberately slowing down agent tool call throughput rather than hard-blocking. A softer alternative to outright denial that allows agents to continue...

A token allowance is the maximum amount of ERC-20 tokens that a specific spender address (typically a smart contract) is authorized to transfer from a...

A rate limiting algorithm where tokens are added to a bucket at a fixed rate. Each tool call consumes a token; calls are denied when the bucket is emp...

Token exfiltration is extracting authentication tokens, session tokens, or API tokens from an AI agent's environment through malicious tool calls or p...

Tokenization in AI refers to breaking text into smaller units (tokens) that a language model can process — typically subword pieces that balance vocab...

A tokenized deposit is a bank deposit represented as a digital token on a blockchain — maintaining the regulatory protections of traditional banking w...

Enforcing a maximum number of tool invocations within a time window, applied per-tool, per-agent, or globally, to prevent runaway execution, cost over...

Tool calling is the mechanism by which a large language model generates structured requests to invoke external tools, APIs, or functions — enabling th...

A discrepancy between what a tool's metadata claims it does and what the underlying code actually executes, found in approximately 13% of MCP servers ...

When an AI agent invokes a legitimate tool in an unsafe way — through ambiguous prompts, manipulated input, or unexpected tool chaining — causing data...

Tool name collision occurs when multiple MCP servers expose tools with the same name, creating ambiguity about which tool the AI agent actually invoke...

Tool poisoning is an attack where a malicious actor manipulates an MCP tool's description, schema, or metadata to trick an AI agent into performing un...

A classification label (Read, Write, Execute, Destructive, Financial) assigned to an MCP tool based on its potential impact, used to enforce graduated...

Tool shadowing is an attack where a malicious MCP server exposes a tool with the same name as a trusted server's tool, silently intercepting calls the...

Tool squatting is registering an MCP server with a name deliberately similar to a popular, trusted server to intercept agent tool calls. It is the MCP...

Tool use refers to an AI agent's ability to interact with external systems — calling APIs, executing code, querying databases, writing files, or perfo...

A tool-level policy targets a specific MCP tool (e.g. create_payment_intent on the Stripe server) rather than an entire server, providing the most gra...

A configurable workflow determining how agent transactions are authorized — auto-approval for low-risk, multi-step human review for high-value or unus...

Transaction monitoring is the ongoing surveillance of cryptocurrency transactions to detect suspicious patterns, policy violations, and anomalous beha...

A transaction policy is a declarative rule set defining valid agent transactions — specifying allowed amounts, recipients, tokens, contract interactio...

Transaction signing is the process of using a private key to generate a cryptographic signature that authorizes a blockchain transaction, proving the ...

Transaction simulation is the process of executing a blockchain transaction against the current state without actually committing it — previewing the ...

A Transformer is the neural network architecture underlying all modern large language models, using self-attention mechanisms to process sequential da...

The Travel Rule is a regulatory requirement that financial institutions share sender and recipient information for transactions above certain threshol...

Treasury management is the strategic management of an organization's financial assets, liquidity, and risk — in crypto, this includes managing token h...

A boundary in a system where the level of trust changes. In MCP architectures, trust boundaries exist between the agent and each MCP server, between I...

Visa's open framework, co-developed with Cloudflare, that cryptographically verifies an AI agent is legitimate and acting on a user's behalf before au...

Turnkey is a non-custodial key management platform that provides secure, programmatic access to private keys through Trusted Execution Environments (T...

Two-factor authentication (2FA) is a security measure requiring two different verification methods to access an account — typically combining somethin...

An enforcement pattern where the proxy atomically reserves a budget or counter increment before forwarding a tool call, then commits on success or rol...

Google's open standard for agentic commerce that provides common primitives for product discovery, negotiation, and checkout across AI agents, merchan...

A verifiable credential (VC) is a tamper-evident, cryptographically verifiable digital claim made by an issuer about a subject — following the W3C sta...

Vibe coding is the practice of building software by describing desired behavior to an AI coding assistant in natural language, iterating through conve...

The emergent economic system in which autonomous AI agents produce, consume, and exchange value at scales and speeds beyond direct human oversight, as...

A virtual card is a programmatically generated payment card number with configurable spending limits, merchant restrictions, and expiration — used for...

A wallet drainer is malicious software that exploits token approvals, signed messages, or compromised keys to transfer all assets from a victim's cryp...

A wire transfer is a direct bank-to-bank electronic transfer of funds — the traditional method for large domestic and international payments, increasi...

x402 auto-policy is the automatic creation of spending policies when an agent encounters a new x402-enabled endpoint for the first time — applying con...

An x402 circuit breaker is a safety mechanism that automatically halts all x402 payment activity for an agent or agent fleet after detecting repeated ...

x402 domain pinning (also called recipient pinning) is a security control that associates specific payment recipient addresses with specific domains —...

The exact payment scheme is the first and primary payment scheme in the x402 protocol. It transfers a specific, predetermined amount of tokens from cl...

An x402 facilitator is a server in the x402 protocol that handles payment verification and on-chain settlement on behalf of resource servers. It expos...

The x402 Foundation is the governance organisation co-founded by Coinbase and Cloudflare to steward the x402 open payment protocol — promoting adoptio...

x402 payment headers are the HTTP headers that carry payment negotiation data in the x402 protocol. The server sends payment requirements via the PAYM...

x402 payment streaming is the pattern of continuous or high-frequency resource consumption paired with periodic x402 settlement — using schemes like d...

x402 payment verification is the process by which a resource server (or its facilitator) confirms that a client's signed payment payload is valid — ch...

x402 pricing negotiation is the process by which a resource server communicates its accepted payment terms — including amounts, tokens, networks, and ...

x402 is an open protocol built by Coinbase that enables AI agents to make payments over HTTP using the 402 Payment Required status code. Agents autono...

An x402 resource server is any HTTP server that requires payment for access to its resources using the x402 protocol. It responds with HTTP 402 and pa...

The x402 settlement flow is the multi-step process by which a client's payment payload is verified, the requested resource is served, and the payment ...

A YAML policy is a declarative configuration file that defines rules governing what an AI agent can and cannot do with MCP tools, specifying allowed a...

A security model where no AI agent, tool call, or MCP server is inherently trusted. Every tool invocation is verified against policy regardless of its...

A zero-knowledge proof (ZKP) is a cryptographic method that allows one party to prove knowledge of information to another party without revealing the ...

Zero-shot learning is an LLM's ability to perform a task with only instructions and no examples — relying entirely on the model's pre-trained knowledg...

ZeroDev is a smart account infrastructure platform that provides the Kernel smart account (a modular ERC-4337 account), along with bundler, paymaster,...