Why Autonomous Agents Haven’t Become Autonomous… Yet

Intelligence scaled faster than authority.
The corporation was built to contain humans. Not machines.

By Patrick Chang
Founder & Managing Partner, Dispersion Capital
June 2026

A year ago, I wrote that the next users of the internet would not be human.

The claim was not that language models would suddenly become intelligent enough to run multinational corporations, nor that software would replace human labor in the abstract. The argument was narrower and more structural: software was beginning to cross a threshold from generating information to participating in economic systems.

For decades, software has helped humans decide. Recommendation engines ranked content. Search engines organized information. Enterprise software accelerated workflows. But software itself remained economically inert. It could calculate, recommend, and optimize, but it could not hold authority, spend capital, enter agreements, or assume responsibility. The moment software begins doing those things, it stops behaving like software in the traditional sense. It becomes an economic participant.

Last year, I argued that the infrastructure required to enable that transition did not yet exist. Identity was immature. Payments were centralized. Execution was difficult to verify. Agents could think, but they could not safely act.

That thesis was organized around a simple, linear assumption: intelligence would naturally seek identity, identity would require payment rails, and those economic primitives would unlock mass participation. We expected that building the transaction infrastructure would automatically create autonomous markets, and that moving money would become the primary friction point. 

We were wrong. Over the last twelve months, the market discovered that the sequence was inverted.

The technical infrastructure accelerated at a pace few anticipated. Yet, if you step back from launch announcements and developer dashboards, deployment and usage tell completely different stories. The infrastructure is live, but the utilization is negligible.

As of June 2026, public disclosures indicate more than 1,000 merchants have enabled agent-facing commerce interfaces, while publicly discussed transacting-agent counts remain materially smaller. These figures will likely change rapidly and should be interpreted as snapshots of deployment readiness rather than durable demand signals. Much of today’s infrastructure buildout is not evidence of demand. It is evidence of strategic positioning. Incumbents have the luxury to build five years too early because their runways are subsidized by core legacy cash flows; their cost of being early is a rounding error, while their cost of being even one year late is catastrophic.

Similarly, as of June 2026, publicly observable x402-linked transaction activity appears measured in the tens of thousands of dollars per day rather than millions, with meaningful uncertainty around how much reflects production versus testing behavior. This number is less important than the order of magnitude.

The obvious explanation was that the underlying cognitive models were still too unreliable or expensive to handle transactions. If models hallucinated less and inference costs dropped, adoption would follow.

We think that explanation is wrong. The friction is not technical; it is institutional. Modern institutions were optimized to contain liability and human risk, not maximize machine autonomy. The corporation was built to contain humans, not machines.

An incremental operational mismatch cannot explain this. Modern economic systems were constructed around the foundational assumption that every meaningful action ultimately traced back to a human principal. If software becomes capable of independently initiating, coordinating, and settling economic activity at scale, we are not introducing a new application category. We are introducing a new participant into the system. Economic systems were never designed with the assumption that non-human actors could initiate, negotiate, coordinate, and settle activity at machine timescales.

The industry assumed that autonomous execution would create autonomous markets. Instead, autonomy increased the demand for control. We expected that more intelligence would equal more autonomy. In practice, the reality appears inverted: more autonomy requires more policy. Software learned to transact. Software still cannot easily obtain authority. We were not wrong that software wants to become an economic actor. We were early on the wrong layer.

Notes on Measurement

The examples represent snapshots captured in June 2026. Agent commerce metrics remain noisy because:

• Many deployments occur inside closed enterprise systems;
• Test traffic and production traffic are difficult to separate;
• Merchant enablement differs from autonomous transaction volume;
• Authorization often occurs off-chain.

Where possible, we emphasize directional signals over absolute values.

Snapshot: June 2026

• Infrastructure Maturity: High
• Production Deployment: Moderate
• Institutional Readiness: Low
• Standardization: Fragmented
• Autonomy Tolerance: Limited

Revisiting the Original Thesis

Publishing a venture thesis only matters if you are willing to look directly at the postmortem. A year ago, we made four explicit assumptions about how autonomous software would interact with market infrastructure. Twelve months of live deployment data have broken some assumptions while validating others.

• Prediction 1: Agents require identity before autonomy. Status: Largely correct. Identity evolved from basic credentials into a sophisticated requirement for delegated authority, verifiable intent, and bounded execution. Without a verifiable cryptographic anchor, software remains stuck in read-only environments.
• Prediction 2: Payments are the core unlock. Status: Partially correct. The development of machine-native payment infrastructure accelerated faster than any demand model predicted. The rails were built, but their presence alone did not trigger adoption.
• Prediction 3: Software will become an economic participant. Status: Early but directionally correct. Production deployments increasingly involve software independently initiating work, purchasing services, and coordinating multi-party execution.
• Prediction 4: Economic primitives will automatically create autonomous markets. Status: Wrong. Markets did not reorganize around raw machine autonomy. Instead, existing human institutions forcefully absorbed autonomous software into pre-existing coordination, governance, and compliance structures.

The market did not converge on autonomous agents. It converged on controlled execution. The first successful deployments look less like autonomous corporations and more like constrained execution environments with increasingly programmable authority. That distinction changes how we evaluate the ecosystem. We predicted software would become economic; we did not predict that institutions would respond by embedding governance directly into execution. The first successful agent economies may not emerge where software is most autonomous, but where software is most governable.

Falsifying the Model

This thesis could prove incorrect if agent identity and validation standards become globally unified faster than expected, liability becomes contractually and legally abstracted away from the deploying firm, and corporate institutions begin treating software as a first-class operating principal rather than delegated tooling. If the barrier between code and legal personhood dissolves cleanly through immediate regulatory updates, the institutional brakes we observe today will dissolve with it. For now, the operational data suggests a far more conservative path.

The Next 24 Months

To move past the retrospective analysis of the pilot phase requires staking concrete, falsifiable claims on how human institutions will force the rearrangement of this ecosystem over the next twenty-four months:

• Prediction 1: The Erosion of the Per-Seat Model. By 2027, enterprise agents will begin forcing a structural migration away from seat-based licensing toward value-metric and execution-linked pricing. Software vendors who fail to transition to value-metric or programmatic execution-escrow pricing will see legacy ACV frameworks decay as machine workloads replace human interfaces.
• Prediction 2: Programmability Over Autonomy. The most valuable companies founded in this cycle will not be autonomous agent frameworks. They will be zero-knowledge provenance architectures and verifiable execution primitives that turn trust assumptions into deterministic code. The winners will look less like OpenAI and more like global system validation networks.
• Prediction 3: The Return of the Middle Layer. The prevailing consensus believes AI removes intermediaries. The opposite is true: it introduces entirely new ones. Agent coordination, authorization, verification, and liability management will become the definitive middleware layer of the next decade, aggregating margins that previously belonged to application frontends.

What We Are Not Investing In

If this thesis is correct, it invalidates a massive cross-section of current venture deployment. We are actively avoiding:

• Pure agent wrappers devoid of native authority and governance layers, which will rapidly become features rather than standalone companies;
• Autonomous consumer proxy-commerce startups, which face a psychological and distribution wall they cannot scale;
• Raw, unconstrained cognitive models competing on infrastructure cost, where margins will compress faster than coordination margins.

Transact Versus Authority

The market spent the last year discussing payments because payments are highly visible. Authorization is not.

Consider a corporate treasury function. A human operator may be authorized to move capital within predefined limits, approved counterparties, and documented escalation paths. Replacing that operator with an autonomous system immediately exposes the missing layer. The problem is rarely whether the agent can access the funds or route the transaction. The problem is whether the institution can define, monitor, and revoke the boundaries under which that action remains acceptable. The machine has the capability. It does not automatically inherit the mandate. 

When an autonomous agent places an order, executes a trade, provisions infrastructure, or modifies a production system, the transaction itself is the simplest part of the workflow. The difficult part is establishing that the software had the right to act in the first place. Economic participation is constrained less by payment execution than by delegated authority.

Human organizations already solved versions of this problem long ago through governance. Employees operate under delegated authority. Treasury teams operate under spending policies. Procurement teams operate under approval chains. Portfolio managers operate under strict investment mandates. The financial system does not function because everyone can move money. It functions because authority is continuously constrained, monitored, and revocable. Agent systems inherit the exact same requirement.

The Execution Separation

Production systems increasingly force a separation between decision generation and permission to execute. Under this model, the proposal becomes the economic object. The execution becomes entirely conditional.

Instead of creating novel software layers, technical architecture is conforming to ancient institutional rules. The bottleneck shifted from execution to authorization.

The burden of coordination simply migrated into software. That distinction matters to an infrastructure investor because the permissioning layer competes through trust, not transaction velocity. Payments move value; coordination determines whether value can move. Transaction infrastructure generally competes toward efficiency, meaning its margins compress over a long enough horizon. The systems that survive may not be those that process transactions, but those that determine whether an action is allowed in the first place.

The Friction of the Pilot Phase

The contradiction between infrastructure readiness and actual adoption became obvious during the production pilots of the past year.

When machine-native payment rails and autonomous wallets first shipped, early corporate testing focused on high-volume optimization tasks: automated cloud infrastructure provisioning, API route optimization, and ad hoc data ingestion. On paper, the unit economics closed, and latency dropped.

But the moment these pilots moved out of isolated sandboxes and attempted to plug into live corporate environments, they encountered unexpected structural friction. In these deployments, teams repeatedly discovered that existing approval, accounting, and access-control systems assumed discrete human checkpoints rather than continuous machine execution.

Existing enterprise control systems were built assuming discrete approval boundaries. Purchase orders, invoice matching, SOX compliance, segregation-of-duties frameworks, treasury limits, IAM roles, and ERP reconciliation cycles all assume identifiable human accountability at key checkpoints. In practice, teams often discovered that a machine could technically provision infrastructure in seconds while internal approval chains still required human review cycles measured in days. When an agent proposed executing transactions based on fluid, real-time algorithmic optimizations, the existing corporate compliance architectures lacked the operational and governance primitives to categorize or audit the activity.

Furthermore, to execute an optimized workflow, an agent frequently needs to move laterally across internal silos: querying inventory databases, accessing customer CRM registries, and touching financial ledger balances. In production pilots, security teams routinely refused to grant permanent API access keys or credential handoffs to cognitive models whose inputs and downstream behaviors could not be deterministically predicted.

The friction wasn’t that the machine wallets failed to sign transactions; it was that the existing institutional immune system locked down the access points before the transaction could even be proposed. Enterprise SaaS buyers do not actually want autonomous software; they want predictable insulation from catastrophic failure. The CISO and the general counsel do not care if an agent optimizes cloud infrastructure routing by 40% if that same agent introduces a non-zero probability of an un-auditable regulatory breach. The corporate immune system is not broken; it is functioning exactly as designed.

This explains why the only segment of the agent economy with genuine product-market fit today is developer tooling and automated code generation. Code sandboxes are isolated ecosystems. If an agent generates faulty syntax, the compiler fails safely or the test suite rejects the pull request before any corporate liability is incurred. Outside the developer sandbox, unconstrained autonomous agents are effectively attempting to sell a virus to an organism whose entire evolutionary history is optimized to kill it.

Convergence Without Coordination

One year ago, the dominant assumption was that agent payments would emerge entirely from specialized crypto startups. That is not what happened.

Over the last twelve months, an unusual pattern emerged. Infrastructure providers, payment networks, developer platforms, and crypto protocols independently converged on remarkably similar system designs.

Mastercard introduced Agent Pay for Machines (AP4M), organizing its architecture around credentialing, permissioning, transacting, and controls. Stripe expanded into machine payment protocols via its MPP framework. Kite AI anchored its network around decentralized identity passports and delegated mandates. Coinbase pushed x402 under the Linux Foundation. Alchemy launched AgentPay as a protocol-agnostic translation layer. Meanwhile, infrastructure-first ecosystems like the XRP Ledger shipped targeted AI starter kits explicitly framing agent transactions around deterministic execution, governance, and protocol-level escrow.

The Emerging Economics of Machine Coordination: 

Independent systems increasingly converge toward similar operational primitives.

Despite radically different legacy positions, these systems independently described remarkably similar abstractions. They are not mapping a simple path from wallet to payment. Across payments networks, wallets, infrastructure providers, and protocol ecosystems, the labels differ but the sequence increasingly looks the same: establish identity, scope authority, enforce permission, and only then settle value.

Independent actors with different business models, regulatory environments, and technical assumptions repeatedly converged toward identity, delegation, permissioning, and settlement.

This convergence is increasingly visible beyond payment networks. Systems initially framed as transaction infrastructure have drifted toward governance infrastructure, evolving from simple value-transfer mechanisms into systems for constraining authority. Fluxa now anchors this shift, building financial governance infrastructure that defines not just if software can transact, but what it is authorized to do, under what conditions, and on whose behalf. Similarly, architectures like Forte focus on embedding programmable policies and execution boundaries directly into the stack, moving operational constraints from human oversight into deterministic code.

As execution became easier, authority became the definitive bottleneck. The market is signaling that the harder problem is not moving value; it is determining whether that value is authorized to move in the first place.

The infrastructure required to coordinate autonomous systems appears increasingly difficult to vertically integrate into a single closed platform. Identity, execution, settlement, and policy emerge across organizational and network boundaries, making coordination increasingly difficult to treat as an application concern rather than infrastructure. Historically, institutions absorbed fragmentation through hierarchy. Increasingly, software absorbs fragmentation through programmable coordination. Independent convergence across incumbents and startups points toward something deeper: agent payments were never fundamentally a payment problem. They were a trust and authorization problem wearing a payment interface.

The Counterintuitive Outcome

The most counterintuitive reality of this cycle is that the first successful machine economies will look far more bureaucratic, not less. They will demand more approvals, more explicit policies, immutable evidence, and tighter auditability. This is not because the technology failed to deliver autonomy; it is because human institutions successfully enforced containment.

Historically, trust emerged from institutions, contracts, and human oversight. Agent systems increasingly externalize trust into software primitives: identity, policy, provenance, auditability, and verifiable execution. The harder question becomes how all of these protocols are converging toward a shared control plane for machine authority.

Where Autonomy Is Actually Working

While broader enterprise procurement and proxy consumer commerce have encountered institutional brakes, it would be incorrect to say autonomous execution has stalled across the board. In specific environments, machine-to-machine transactions are scaling rapidly.

These environments share one property: outcomes are objectively measurable, liability is tightly bounded, and verification is embedded into execution.

We see this clearly in automated advertising bidding, treasury yield optimization, localized cloud infrastructure routing, high-frequency market making, and automated network observability pipelines. In these domains, the parameters of success and failure are mathematical rather than subjective. An infrastructure routing agent evaluates packet latency; a treasury optimization agent tracks protocol yield percentages.

If an agent executes a sub-optimal route or makes an inefficient trade within these environments, the maximum downside is immediately quantifiable, isolated via cryptographic APIs, and corrected within milliseconds by the next data loop. As a result, the system does not require human legal interpretation, invoice reconciliation, or subjective quality checks. Autonomy scales here because the institutional risk can be entirely written into the code itself, treating execution and verification as an identical, synchronous event. Autonomy scales only where correctness can be verified faster than liability accumulates.

The Proxy Commerce Disappointment

The inverse of this success is consumer-facing proxy commerce. The assumption driving early capital into consumer agents was that autonomous software would excel as personal shoppers: navigating the open web, comparing choices, and executing purchases on behalf of human users.

The model logic worked. The user experience did not.

Real-world deployment revealed that for the vast majority of consumer categories, a conversational text interface is a strict user experience downgrade from traditional e-commerce. Humans shop with their eyes. Choosing clothes, electronics, furniture, or travel requires spatial, side-by-side visual comparison and layout exploration. Replacing a rich, multi-dimensional visual interface with a sequential text thread degrades the experience rather than improving it. When developers attempt to fix this by building complex carousels and product grids inside a chat bubble, they are simply poorly recreating traditional e-commerce frontends inside a more restrictive viewport. Humans rarely want shopping delegated in the abstract; they want to explore.

And in the specific categories where delegation does genuinely improve the experience, such as high-frequency, routine replenishment or administrative automation, the market dynamics reject startup insertion. Routine food ordering or supply restocking are already owned by massive incumbent platforms with stored credentials, native identity systems, and deeply entrenched consumer trust.

The merchant side appears increasingly prepared for agents. Consumer behavior does not yet justify the readiness. The supply side of proxy commerce is fully built. The demand side is constrained by human psychology and institutional distribution.

The Market Structure Paradox

The mismatch between infrastructure readiness and institutional adoption becomes even more striking when viewed through current market structure data. As of June 2026, Artemis tracked 183 companies in agentic commerce:

• 40 agent framework and tooling companies
• 27 payment infrastructure providers
• 21 wallet providers
• 22 facilitators
• 18 identity and trust systems

The exact counts will change. The point is not precision; the point is structure. A market with this specific profile does not have an infrastructure scarcity problem. It has an authorization and demand-formation problem. The category is no longer starved for infrastructure; it is saturated with it.

The industry built mechanisms for moving value under the assumption that payments were the primary bottleneck. In reality, moving value is increasingly commoditized. Developers deploying high-velocity API agents simply bypassed the need for real-time streaming payments through basic pre-funding models, topping up centralized balances once a month with traditional corporate cards to absorb flat processing fees across thousands of aggregated machine requests.

Major software vendors depend on predictable, multi-year ACV commitments, creating a structural resistance to unbundled, per-cent pricing models that allow users to churn dynamically.

The absolute consensus in Silicon Valley right now is that value will accrue to the cognitive model layer or the application frontend. This is a fundamental miscalculation. Models are racing toward zero-margin commoditization, and proxy-commerce applications face a distribution wall they cannot climb. Value in the machine economy will structurally favor the permissioning layers that hold the legal and programmatic keys to authorization. The core of enterprise commerce has absorbed machine activity into existing human-centric governance systems rather than rebuilding financial infrastructure from scratch.

Verification and Settlement

An extension of the authorization gap is the tendency to treat payment and settlement as interchangeable concepts. They are not.

Payment vs. Settlement

• Payment answers: Did money move?
• Settlement answers: Did the intended outcome occur?

Traditional human commerce compresses these concepts because humans naturally absorb uncertainty and latency. We use the legal system, manual audits, and corporate relationship equity to smooth over partial performance. Machines cannot absorb uncertainty. Software requires explicit, deterministic completion conditions.

A procurement agent cannot assume shipment equals delivery. A treasury agent cannot assume execution equals compliance. A compute marketplace cannot assume a completed container runtime equals correct, uncorrupted output. Autonomous systems appear to require clear evidence of authority, evidence of execution, and evidence of completion before a workflow can truly close.

Compute markets illustrate the distinction clearly. Purchasing compute is straightforward. Verifying that the returned output was correct, complete, and generated inside the agreed execution boundary is materially harder. Payment closes the transfer. Verification closes the workflow.

Emerging implementations increasingly converge on governable execution and delegated authority patterns. These frameworks are designed to enable users to approve an operational boundary upfront rather than handing an agent raw account credentials or forcing manual approvals for sub-cent API interactions.

Architectures such as Primus are driving this evolution. By pairing cryptographic attestation of external data via zkTLS with confidential execution primitives, these systems prove computation occurred correctly without revealing proprietary state. This is more than a privacy play; it is a fundamental shift in asset creation.

For instance, Primus is currently building a zkTLS product with Brevis for LLM verification. By delivering a plugin that cryptographically authenticates interactions between users and frontier models, they allow individuals to turn accumulated workflows into verifiable digital assets. An investor with a proven track record can now package, price, and sell their “cognitive capital” the specific dialogues and decision-making judgments authenticated by the model itself.

This creates the “bridge” institutions require: it provides objective evidence of authorization, execution, and boundary adherence. If this category matures, the institutional control surface will no longer force a choice between confidentiality and auditability; agent systems will require both simultaneously.

Viewed through this lens, payments become downstream of coordination. The real bottleneck is not moving value; it is proving that value was created under valid authorization. To understand how the institutional burden of proof has rearranged itself under this new paradigm, we have to look at the structural difference between human and machine agency across the core operational pillars of commerce:

To understand how the underlying institutional burden of proof has rearranged itself under this new paradigm, we have to look at the structural difference between human and machine agency across the core operational pillars of commerce:

Liability Architecture: The Final Frontier

The ultimate barrier to the agent economy is the containment of systemic liability. When an enterprise deploys hundreds of coordinated agents operating autonomously across inventory, cloud infrastructure, and treasury management, the surface area for catastrophic failure expands exponentially. When execution detaches from legal personhood, it introduces questions that current institutional infrastructure is entirely unequipped to answer.

The architectural core of the firm was designed around the structural reality of human error, human limitation, and human malfeasance. Limited liability legal wrappers, bankruptcy protections, and corporate insurance pools exist to allow humans to take economic risks within bounded parameters. The entire machinery of corporate administration optimizes for auditability, accountability, bounded downside, and continuity over speed or absolute optimization. Every internal process is an intentional friction point designed to isolate liability.

Autonomous execution expands operational leverage to machine speed while removing human review. This structural detachment breaks the traditional legal framework. Under current doctrines, software is treated as a tool, not a person. Liability falls either on the developer who built the code or the operator who deployed it. Autonomous agents completely blur this boundary. If an operator configures an agent correctly, defines reasonable boundaries, and the agent executes an unpredictable, emergent action due to an underlying model weight update or an adversarial environment, both traditional frameworks fail.

Can an enterprise legally delegate its corporate liability to an algorithm? If an agent commits a firm to a toxic contract, the counterparty will sue the corporation, not the model. Because liability cannot be delegated away from the legal entity, how does an institution safely define its appetite for unconstrained agent execution? Furthermore, as agent architectures mature, efficiency gains occur through recursive delegation: software authorizing other software to perform sub-tasks. With each degree of separation from the human principal, the clarity of intent and liability degrades. In software, we have no equivalent framework for tracking the degradation of responsibility across automated recursion. If responsibility decays across agent chains, who absorbs the residual risk?

Because the liability surface area is currently unquantifiable, traditional commercial insurance providers lack the actuarial data to price risk. Existing actuarial frameworks struggle to price autonomous software execution because historical risk distributions and accountability boundaries remain poorly defined. This institutional vulnerability is precisely why traditional payment networks are stepping in to claim the trust layer. Mastercard’s recent launch of Agent Pay for Machines is a prime example of an incumbent building defensive rails. By enforcing credentialing, Verifiable Intent parameters, and multi-rail settlement rules, legacy networks are attempting to bring traditional risk and fraud controls to machine-driven commerce before it scrambles consumer identity profiles entirely.

Programmatic containment forces us to ask whether we need an entirely new institutional abstraction for machine activity, whether through programmatic agent insurance pools or unalterable execution barriers built directly into software runtimes. Until these legal wrappers catch up to the technical primitives, the deployment of agents will remain strictly limited by an enterprise’s willingness to absorb unhedged, automated losses on its core balance sheet.

The Rearranged Hierarchy

Venture investing requires separating defensive corporate positioning from genuine market traction. Startups do not have that luxury. We have to map the market based on structural realities, not launch announcements.

The industry assumed that autonomous execution would create autonomous markets. Instead, autonomous execution increased the demand for coordination infrastructure.

We predicted software would become economic; we did not predict that institutions would respond by embedding governance directly into execution. The market did not converge on autonomous agents. It converged on controlled execution. The reality is that more autonomy requires more policy. Agent adoption is currently constrained less by technical capability and far more by delegated authority.

The market has officially moved past the naive sandbox era of agent capability. The baseline infrastructure is built, the rails are live, and the superficial hype has cleared. The unresolved question is no longer whether software can think, but whether our legal frameworks can absorb the speed of machine execution. Investors who continue to fund raw, unconstrained cognitive autonomy are funding a structural impossibility. The next decade will not reward the firms that maximize autonomy; it will reward the firms that make autonomy insurable. The future belongs entirely to the control planes, the verification architectures, and the coordination primitives that govern machine authority. Choose your side of the ledger.

Original thesis (June 2025):
Building the Next User: Autonomous Agents

Original discussion and community responses:
LinkedIn discussion