---
id: "framework-agentic-tech-stack"
type: "framework"
source_timestamps: ["§ The Technology Stack That Makes Agents Real Buyers"]
tags: ["infrastructure", "tech-stack", "payments"]
related: ["concept-commerce-protocols", "entity-shopify", "entity-visa"]
speakers: ["Kartik Hosanagar"]
steps: ["\\\"The Protocol Layer: Agents need to talk to each other (e.g.", "UCP", "ACP).\\\"", "The Commerce Layer: Agents need places to actually shop (machine-accessible back doors).", "\\\"The Governance and Payments Layer: Agents need to trust each other (liability", "authorization", "fraud prevention).\\\""]
sources: ["geo"]
sourceVaultSlug: "hbr-seg-geo"
originDay: 3
articleStem: "hbr-tier2-05-market-to-ai-customer"
sourceUrl: "https://hbr.org/2026/06/how-do-you-market-to-an-ai-customer"
sourceTitle: "How Do You Market to an AI Customer?"
---
# The Technology Stack That Makes Agents Real Buyers

[[entity-kartik-hosanagar]] outlines a **three-layer infrastructure** required to enable autonomous AI shopping. Without these layers, agentic commerce stays impractical or highly vulnerable to fraud and fragmentation.

**1. The Protocol Layer — agents need to talk to each other.**
Common standards (like UCP and ACP, see [[concept-commerce-protocols]]) so agents can communicate across platforms without merchants building thousands of bespoke integrations. Prerequisite: [[prereq-api-protocols]].

**2. The Commerce Layer — agents need places to actually shop.**
Retailers must open **machine-accessible back doors** letting agents query inventory and transact. Platforms including [[entity-shopify-d5]], **Etsy**, and **Salesforce** are enabling this. Baseline action: [[action-structure-machine-readable-data]].

**3. The Governance and Payments Layer — agents need to trust each other.**
The trust mechanism. Banks must verify whether a user actually authorized an agent; merchants need liability frameworks for misbehaving agents; and payment networks — [[entity-visa]], **Mastercard**, **American Express**, **Discover** — must distinguish **compliant agents from malicious bots** and defend against **prompt-injection attacks** and high-volume fraud.

*Enrichment note:* this framing aligns closely with industry classifications. PayPal categorizes agentic standards into **commerce**, **payment & trust**, and **infrastructure** protocols; Google's UCP materials emphasize a commerce-coordination layer plus payment providers with delegated-payment security. Adjacent bodies of work: delegated authority, tokenized credentials, strong customer authentication, and prompt-injection / multi-agent safety research.


## Related across articles
- [[concept-commerce-protocols]]
- [[concept-trust-layer]]
- [[framework-conditions-for-agentic-scale]]
