Market Pulse

Market Pulse

The Middle Case

Visa's new agentic commerce rules hold cardholders responsible for agent-initiated payments "as if the Cardholder initiated the Transaction." The procedural furniture is all in place: identity verification, consent, token provisioning. But Visa's public dispute categories still don't include an agent-specific reason code. If you want to contest something an agent did on your behalf, the challenge has to fit into language that predates the thing it's describing. Payments are where this surfaces first, because the challenge machinery there is most mature. The same gap, though, shows up wherever agents act on behalf of people.
The Middle Case
Visa's new agentic commerce rules hold cardholders responsible for agent-initiated payments "as if the Cardholder initiated the Transaction." The procedural furniture is all in place: identity verification, consent, token provisioning. But Visa's public dispute categories still don't include an agent-specific reason code. If you want to contest something an agent did on your behalf, the challenge has to fit into language that predates the thing it's describing. Payments are where this surfaces first, because the challenge machinery there is most mature. The same gap, though, shows up wherever agents act on behalf of people.

The Domain That's Ready

Most domains deploying agents are discovering the same problem: the agent completes the task, the output is contestable, and there's no workflow for contesting it. Security operations is the interesting exception. SOC workflows have always assumed that technically correct outputs can be operationally wrong, and they built accordingly.
False positive classification, severity reassignment, escalation queues, evidence timelines. These predate any agent. When Microsoft's Dynamic Threat Detection Agent generates an alert at 80.1% precision across tens of thousands of Defender customers, that alert flows into an existing incident queue with existing triage vocabulary. A miscategorized finding already has a name and a correction path.
The phishing-triage RCT showed something subtler: analysts spent 53% more time on malicious emails when agent-augmented, not less. The queue shaped attention rather than replacing judgment. The middle case had somewhere to land, so it landed well.
NIST 800-61 Rev. 3 names the two hardest detection problems as volume and false-positive adjudication. SOC built its operational grammar around those problems decades before agents arrived. Every other domain deploying agents is now trying to invent that grammar on the fly.
Further Reading




Past Articles

Researchers at UC Davis watched seven commercial browsing agents navigate an instrumented website this spring. A behavio...

Across the agent ecosystem, multiple players are simultaneously shipping the same category of development: admin console...

Companies with governance tooling deploy twelve times more AI projects to production. Only 4 of 13 frontier-autonomy age...

Anthropic's Dynamic Workflows can now orchestrate a thousand subagents in parallel. The showcase was a Bun runtime port:...
