Agentic wallets explained: AI payments in Singapore (2026 guide)

Cherie Foo
Growth Content Manager

Key takeaways
An agentic wallet lets AI agents make payments on your behalf, within rules you define. Human approval is not needed for each transaction.
It works through three layers: an intent layer (the AI decides), a policy layer (rules are enforced), and a settlement layer (payment executes and is logged).
Airwallex's Airi gives you one-click checkout today and is being built into a full agentic wallet — so you're ready when your customers start buying through AI agents.
Agentic wallets are changing how payments happen by allowing AI agents to complete transactions on a user's behalf, within limits the user has already approved.
Instead of asking you to confirm every purchase, an agentic wallet lets an AI agent pay automatically while enforcing spending rules, merchant restrictions, and other safeguards behind the scenes.
For businesses, understanding how agentic wallets work is becoming essential as AI agents start participating directly in online commerce.
This guide explains what an agentic wallet is, how it works, and what local merchants need to know before AI-initiated payments become the norm.
We'll also show you how Airi works today, and how it'll grow into a wallet that lets customers send AI agents to shop with your business safely and securely.
Quick answer: What is an agentic wallet?
An agentic wallet is a digital payment infrastructure layer that lets AI agents access payment capabilities and execute payments autonomously, without requiring a human to approve each transaction.
It holds payment credentials, issues scoped authorisation tokens to specific AI agents, enforces spend limits and merchant restrictions, and gives users full visibility and revocation rights.
Unlike traditional digital wallets like Apple Pay or Google Pay, which require a human tap or click to pay, an agentic wallet delegates bounded payment authority to an AI agent operating within pre-set rules.
Key controls include merchant allowlists, per-transaction spend caps, time-bounded sessions, and a full audit trail.
Understanding agentic wallets and the AI-driven economy
The way payments get made is changing. For decades, every purchase required a human to initiate it: tap a card, click "buy now," approve a transfer. But with AI agents, that’s no longer the case.
An AI agent is a software process that perceives its environment, makes decisions, and takes actions to complete a goal.
When that goal involves spending money, such as reordering stock, renewing a subscription, or paying for API usage, the agent needs a way to pay. Traditional payment methods weren't built for this.
Why stored cards and standard APIs fall short
A card saved in an app works fine when a human is deciding what to charge it to. But when an AI agent is the buyer, the problems stack up quickly.
A stored card gives the agent access to the full card limit, with no merchant restrictions, no per-transaction caps, and no audit trail tied to the agent's actions. If the agent misbehaves or gets hijacked, the exposure is broad.
Standard payment APIs have the same problem. They authenticate the application, not the agent within it. There's no way to say "this specific agent can spend up to S$500 at approved vendors this week" using a conventional card-on-file setup.
The merchant problem
Merchants face their own challenge. When a payment arrives from an AI agent rather than a human, how do you verify the agent is authorised? How do you handle disputes?
Without an identity and authorisation layer purpose-built for agents, reconciliation, fraud liability, and compliance all get harder.
How an agentic wallet works: the three-layer model
An agentic wallet sits between an AI agent and the payment rails it needs to access. Its architecture breaks down into three layers:
1. The intent layer
This is where the AI agent operates. Based on instructions from the user, the agent decides what to buy, when to buy it, and from whom. That decision gets passed to the policy layer before anything happens. The agent never touches payment credentials directly.
2. The policy layer
This is the enforcement layer. Before any payment is authorised, the wallet checks the request against a set of hard rules the user has defined:
Is this merchant on the approved list?
Does the transaction amount fall within the spend cap?
Is the agent's authorisation window still active?
If the answer to any of these is no, the payment is blocked. Critically, this layer is deterministic: it doesn't rely on AI reasoning, which means a prompt injection attack or a hallucinating model can't talk its way past it.
3. The settlement layer
Once the policy layer clears a transaction, payment executes and every detail is logged, including the agent identity, merchant, amount, timestamp.
The user can review the full audit trail at any time. If something looks wrong, they can revoke the agent's access instantly, without cancelling the underlying payment credential.
What Airi does: Airwallex's agentic wallet
If you want to accept payments from AI agents (not just human shoppers), you need checkout infrastructure that's built for both. Airi is Airwallex's answer to that.
Today, Airi is a consumer wallet that makes one-click checkout faster and higher-converting. Over time, it'll evolve into a full agentic wallet, so when customers start delegating purchases to AI agents, those payments can flow through just as smoothly as any other checkout.
How Airi works now
Customers create an Airi account once and save their payment details. From then on, they check out in a single click at any Airi-enabled merchant, including yours. Here’s what you get with Airi1:
Access to shoppers across 170+ countries
Up to 3x faster than standard card checkout
Lifts conversion by up to 14%
No extra fees (standard Airwallex payments pricing applies)
Built into Airwallex Payments, minimal setup required
For merchants selling internationally, Airi also recognises trusted customers across its merchant network, helping more cross-border transactions clear without unnecessary friction.
Learn more about Airi or sign up to get access to it now.
The agentic wallet roadmap
Airi is being built for the shift to agentic commerce. The agentic wallet capability — where shoppers authorise AI agents to transact on their behalf using their saved Airi credentials, without ever exposing sensitive payment data — is coming soon.
On the merchant side, Airwallex's Agentic Commerce Suite will give businesses the infrastructure to accept and manage agent-initiated payments with the same security as any other transaction.
Together, Airi and the Agentic Commerce Suite are designed to close the full loop: the shopper's agent pays through Airi; the merchant receives it through the Agentic Commerce Suite.
Consumer control and the audit trail
One concern with any autonomous payment system is visibility. If an AI agent is spending on your behalf, how do you know what it bought, where, and when?
A well-designed agentic wallet keeps control with the user at every step. The key controls are:
Spend limits: Every agent operates within a maximum transaction amount you set. It can't exceed that ceiling regardless of what it decides to buy.
Merchant restrictions: Agents can only transact with merchants on an approved list. A vendor outside that list is blocked at the policy layer, not left to the agent's discretion.
Time-bounded sessions: Authorisations expire. An agent given access for a specific task or time window loses that access automatically when the window closes.
Revocation: If something looks wrong, you can withdraw an agent's access instantly, without cancelling the underlying payment credential or disrupting other agents.
Audit trail: Every transaction is logged with enough detail to reconstruct exactly what happened: which agent acted, which merchant was paid, how much, and when.
Security architecture: how agentic wallets stay safe
Autonomous payments introduce security risks that traditional wallets weren't designed to handle. An AI agent making decisions independently creates new attack surfaces and new failure modes. Here's how agentic wallet architecture addresses them.
Tokenization and scoped permissions
Payment credentials in an agentic wallet are tokenized: agents never see raw card or account numbers. Every authorisation is scoped to specific merchants, maximum transaction amounts, and time windows.
Even if an agent's token is compromised, the exposure is narrow: an attacker can only use it within the boundaries already set.
Protecting against AI-specific threats
Three risks are unique to agentic payments:
Prompt injection: a malicious instruction embedded in a webpage or data feed tries to hijack the agent's behaviour. Because the policy layer is deterministic, any instruction that falls outside the authorised parameters is blocked regardless of what the agent was told to do.
Model degradation and hallucinations: AI models can behave unpredictably. Hard spend caps and merchant allowlists act as a safety net, ensuring that even an unreliable model can't cause disproportionate financial damage.
Know Your Agent (KYA): analogous to Know Your Customer (KYC) for humans, KYA verifies that the agent requesting payment is the authorised agent, not an impersonator or a hijacked process.
Together, these controls mean the security of an agentic payment doesn't rely on the AI behaving correctly — it relies on the policy layer, which doesn't reason, negotiate, or make exceptions.
Agentic wallets in Singapore: the local landscape
Singapore is unusually well-positioned for agentic payments. The regulatory infrastructure, the density of digitally-native businesses, and the Monetary Authority of Singapore's (MAS) active approach to payment innovation all point in the same direction.
How agentic wallets sit alongside Singapore wallets
Singapore's leading consumer wallets — DBS PayLah!, GrabPay, and ShopeePay — are built for human-initiated payments. They weren't designed for agent delegation, scoped permissions, or machine-to-machine authorisation.
An agentic wallet doesn't replace them. It operates as a separate layer, sitting between an AI agent and existing payment rails.
For Singapore merchants, this distinction matters. Accepting AI-initiated payments through infrastructure designed for humans creates reconciliation, fraud, and liability risks that an agentic wallet layer is specifically built to eliminate.
MAS and the regulatory backdrop
MAS has been deliberately building the conditions for programmable, AI-compatible payments. Here are two initiatives worth knowing:
AIRG (AI Risk Management Guidelines) — MAS's framework for managing AI risk shapes how responsible agentic payment infrastructure should be designed: with clear accountability, auditability, and human oversight built in.
BLOOM — MAS's initiative to develop programmable digital money, including tokenised bank liabilities and regulated stablecoins, is helping develop programmable settlement infrastructure that could support future agentic payment systems.
Emerging protocols powering agentic payments
Agentic payments don't run on a single standard — yet. Several protocols are emerging that define how AI agents identify themselves, request authorisation, and complete transactions. eCommerce developers and merchants building for agentic commerce should know the main ones.
The protocols to know
Here are the protocols to familiarise yourself with:
x402 (Coinbase) — a payment protocol built on HTTP, designed to let AI agents pay for API access and digital resources natively, without a human checkout flow.
AP2 (Google) — Google's agent payment protocol, designed to standardise how agents authenticate and transact across services within Google's ecosystem.
ACP (OpenAI) — an emerging protocol designed to standardise how AI agents communicate with merchants and payment providers to complete commerce transactions.
MCP (Anthropic) — Anthropic's Model Context Protocol, which governs how AI models interact with external tools and data sources, including payment infrastructure.
What this means for merchants
The practical implication for Singapore merchants is to build on payment infrastructure that isn't locked to one protocol, and to watch this space closely.
The merchant that can accept agent-initiated payments across multiple protocols will have a structural advantage as agentic commerce scales.
Getting started: what merchants and businesses should do now
Agentic payments aren't fully mainstream yet, but the infrastructure decisions you make now will determine whether you're ready when they are. Here's where to start.
Audit your current payment setup
Check whether your existing checkout infrastructure can handle agent-initiated payments. Key questions to ask:
Can your checkout identify and authenticate an AI agent, not just a human?
Do you have reconciliation processes that work when the "buyer" is a software process?
Are your fraud rules calibrated for machine-generated payment patterns, or only human ones?
What to look for in an agentic wallet provider
When evaluating providers, prioritise:
Credential security — are payment credentials tokenized, with agents never accessing raw card data?
Token scoping granularity — how precisely can you define merchant, spend, and time restrictions?
Audit trail completeness — can you reconstruct exactly what each agent did and when?
MAS compliance posture — is the provider licensed and operating within Singapore's Payment Services Act framework?
Get started with Airwallex
If you're selling online in Singapore, the simplest first step is turning on Airi. It makes checkout faster for your customers today, and it'll help you handle agent-initiated payments in time to come. Sign up for an account to get started.
Frequently asked questions (FAQs)
What is an agentic wallet?
An agentic wallet is a payment infrastructure layer that lets AI agents make purchases on a user's behalf, within rules the user defines. It stores payment credentials, enforces spend limits and merchant restrictions, and logs every transaction — without requiring a human to approve each payment individually.
How is an agentic wallet different from Apple Pay or Google Pay?
Apple Pay and Google Pay require a human to initiate every payment — a tap, a click, a face scan. An agentic wallet delegates that authority to an AI agent, within boundaries you set in advance. The agent can pay; it just can't pay more than you allow, or to merchants you haven't approved.
What is "Know Your Agent" (KYA)?
KYA is an identity verification framework for AI agents, similar to how Know Your Customer (KYC) works for humans. It confirms that the agent requesting a payment is the authorised agent — not an impersonator or a hijacked process. As agentic payments scale, KYA may become more widely adopted as an industry security and governance practice.
Is an agentic wallet safe from prompt injection?
A well-designed agentic wallet uses a deterministic policy layer to enforce spend rules — it doesn't rely on AI reasoning. That means a malicious instruction injected into an agent's input can't override the wallet's controls. If the instruction falls outside the authorised parameters, the payment is blocked regardless of what the agent was told to do.
How does MAS regulate agentic payments in Singapore?
MAS doesn't yet have rules specific to agentic payments, but existing frameworks apply. The Payment Services Act governs payment infrastructure providers operating in Singapore. MAS's AI Risk Management Guidelines (AIRG) shape how AI should be deployed responsibly in financial services. The BLOOM initiative is building the programmable settlement layer that agentic wallets will eventually run on.
What is Airi and how do I get access?
Airi is Airwallex's consumer wallet, built into Airwallex Checkout and Payment Links. It gives your customers one-click checkout across a network of 170+ countries, with no extra fees or complex setup. It's also the foundation of Airwallex's agentic wallet roadmap. If you're selling online in Singapore, the simplest first step is turning on Airi — you can do that by opening an Airwallex Business Account.
Sources
airwallex.com/en-sg/payments/airi
This publication does not constitute legal, tax, or professional advice from Airwallex, nor does it substitute seeking such advice, and makes no express or implied representations / warranties / guarantees regarding content accuracy, completeness, or currency. If you would like to request an update, feel free to contact us at [[email protected]]. Airwallex (Singapore) Pte. Ltd. (201626561Z) is licensed as a Major Payment Institution and regulated by the Monetary Authority of Singapore.
The material presented here is for informational purposes only and does not constitute legal, regulatory, taxation, or investment advice. Readers should engage their own advisors or counsel for advice unique to their circumstances.

Cherie Foo
Growth Content Manager
Cherie is a Growth Content Manager at Airwallex, where she develops content for businesses in Singapore and across Southeast Asia. She focuses on turning complex topics like cross-border payments, business accounts, and spend management into clear, practical guides that help founders and finance teams make confident decisions.
Posted in:
Online paymentsShare
- Quick answer: What is an agentic wallet?
- Understanding agentic wallets and the AI-driven economy
- How an agentic wallet works: the three-layer model
- What Airi does: Airwallex's agentic wallet
- Consumer control and the audit trail
- Security architecture: how agentic wallets stay safe
- Agentic wallets in Singapore: the local landscape
- Emerging protocols powering agentic payments
- Getting started: what merchants and businesses should do now


