Agentic Payment Fraud
Per-call delegated authority for AI agent payments — proven who delegated, within what scope, and up to what limit.
Who this is for.
Your AI agents have started making payments — for cloud resources, for API access, for cross-agent settlement. The rail works. But the chain of authority behind each payment is held together by an API key and a prompt-engineered guardrail, and you don't yet have a way to prove, after the fact, who delegated what.
-
Security leads at organizations starting to embed AI agents into operational workflows
-
Developers and operators running payments over x402 / MCP / A2A environments
-
Compliance owners responsible for audit and control of agent-driven actions
Hand over the source, or just the facts?
the agent's keys and the intermediate delegation steps
each payment stayed within an authorized delegation
Lemma attaches a Trust402 attestation to every payment an agent issues. Inside the attestation: the principal that delegated the action, the role and scope of the delegation, a per-call spend limit, and any jurisdiction attribute the counterparty needs to verify (e.g. "this agent acts on behalf of a JP-registered entity").
The attestation is a ZK proof, not a bearer credential. The agent never carries the principal's keys. The receiving side — be it a settlement contract, an x402 middleware, or a counterparty's risk engine — verifies the proof before clearing the payment, against an on-chain registry of the principal's delegation policy. Revocation propagates the same way: a single transaction at the principal's level invalidates every downstream attestation that depended on it.
The result is that "who delegated, within what scope, against which jurisdiction" stops being an after-the-fact reconstruction problem and becomes a precondition for settlement.
Choose on three criteria.
Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.
| Method | Pass without exposing | Independent verification | Tamper-proof |
|---|---|---|---|
| Access control only | △ | ✗ | ✗ |
| Masking / anonymization | △ | ✗ | ✗ |
| Encryption only | ✓ | ✗ | ✗ |
| Lemma (ZK proof)the only one with all 3 | ✓ | ✓ | ✓ |
What's next
We enter through agent-payment governance support and a PoC, and stay alongside you through to operations.
- A 30-minute review — identify workflows where agents now settle payments while the scope of authority still rests on an API key and a prompt-side guardrail.
- Narrow to 1–2 decisions (results) to prove — e.g. "within the principal's delegated scope," "within the spend limit," "matches the jurisdiction attribute" — the facts to verify before settlement. Not the originals (production payloads or the principal's keys).
- Design connection and versioning — connection to your payment rail, agent runtime, and x402 / MCP / A2A environment, and version-fixing of the delegation policy.
- Prove one path via a (quote-based) PoC — confirm per-call attestation verification works on one delegation path.
- Hands-on support from rollout through operations — existing plan tiers (Civic / Critical / Compliance) serve only as a cost reference; the setup and pricing are designed together.
Tell us one delegation path where settlement risk is concentrated, in the first 30 minutes. No agent implementation details or production payload required.
The bigger picture
The bigger picture this use case belongs to.
We map use scenarios across industries and workflows by the four axes.
See use scenarios for Agent Authority in Solutions →TRY LEMMA
Run it yourself.
No sales call needed — start hands-on with Lemma's products.