P3 · Agent Authority Proof

Agentic Payment Fraud

Per-call delegated authority for AI agent payments — proven who delegated, within what scope, and up to what limit.

AI agent operations · Financial services · Crypto exchanges · API-based payment platforms 5 min read
live in production since 2025 · Public-infrastructure PoC in production · ETHGlobal AI Agents 2026 Finalist
01 · WHO IT'S FOR

Who this is for.

Your AI agents have started making payments — for cloud resources, for API access, for cross-agent settlement. The rail works. But the chain of authority behind each payment is held together by an API key and a prompt-engineered guardrail, and you don't yet have a way to prove, after the fact, who delegated what.

  • Security leads at organizations starting to embed AI agents into operational workflows

  • Developers and operators running payments over x402 / MCP / A2A environments

  • Compliance owners responsible for audit and control of agent-driven actions

02 · THE SHIFT

Hand over the source, or just the facts?

Without Lemma
Hand over the raw source

the agent's keys and the intermediate delegation steps

↓ all of it reaches the AI / outside
With Lemma
Share only the proven facts

each payment stayed within an authorized delegation

✓ ZK VALID
↓ only the necessary facts

Lemma attaches a Trust402 attestation to every payment an agent issues. Inside the attestation: the principal that delegated the action, the role and scope of the delegation, a per-call spend limit, and any jurisdiction attribute the counterparty needs to verify (e.g. "this agent acts on behalf of a JP-registered entity").

The attestation is a ZK proof, not a bearer credential. The agent never carries the principal's keys. The receiving side — be it a settlement contract, an x402 middleware, or a counterparty's risk engine — verifies the proof before clearing the payment, against an on-chain registry of the principal's delegation policy. Revocation propagates the same way: a single transaction at the principal's level invalidates every downstream attestation that depended on it.

The result is that "who delegated, within what scope, against which jurisdiction" stops being an after-the-fact reconstruction problem and becomes a precondition for settlement.

See the technical details ↗
03 · HOW TO CHOOSE

Choose on three criteria.

Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.

Method Pass without exposing Independent verification Tamper-proof
Access control only
Masking / anonymization
Encryption only
Lemma (ZK proof)the only one with all 3
04 · HOW IT WORKS

How it works

Tell us where your agent operations are concentrating settlement risk today — which delegation paths, which counterparties, which jurisdictions. We'll explore together whether Trust402's per-call attestation could fit. No agent implementation details or production payload required.

05 · RELATED

Related use cases

The bigger picture

The bigger picture this use case belongs to.

We map use scenarios across industries and workflows by the four axes.

See use scenarios for Agent Authority in Solutions →

TRY LEMMA

Run it yourself.

No sales call needed — start hands-on with Lemma's products.

Try Seal → Trust402 reference implementation →