Glossary — Agentic Payments, AI Agent Wallets, Secure Elements and the Machine Economy

Agent commerce: Commercial transactions initiated and completed by AI agents acting on behalf of human or organisational principals. Distinct from human commerce in cadence (machine-speed), value (sub-dollar), and trust model (no chargebacks).
Agentic payments: Payments where one or both transacting parties are AI agents. The category includes agent-to-merchant, agent-to-agent (M2M), and machine-to-machine flows. Ledgerless is built specifically for the agent-to-agent and machine-to-machine subset.
AI agent: Autonomous software that perceives an environment, decides on actions, and executes them on behalf of a principal — typically a human or organisation. Modern AI agents combine LLMs, tool use, memory, and authority over real-world resources including funds.
AI agent wallet: A cryptographic key store an AI agent uses to authorise and sign payments. Agent wallets need spending controls that the agent itself cannot remove, which is the problem Covenant solves at the hardware layer.
AI guardrails: Constraints on what an AI agent can do — spending limits, allowlists, rate limits, approval requirements. Software guardrails can be bypassed by a compromised or jailbroken agent; hardware guardrails (see Covenant) cannot.
AI safety: The practice of designing AI systems so their behaviour stays aligned with their principal's intent. In the payments context, AI safety reduces to: ensuring an autonomous agent cannot spend funds, contact parties, or take actions outside its authorised envelope, even if compromised.
AP2 (Agents-to-Payments Protocol): Google's protocol for AI agents to initiate payments through existing rails. AP2 standardises the interface; the actual settlement still occurs over card networks or blockchains. Solves the API problem, not the rail problem.
Attestation: Cryptographic proof that a secure element is genuine and running unmodified firmware. In Ledgerless, attestation lets a receiver verify that an incoming payment came from a real Ledgerless chip rather than a software impersonator.
Blockchain: A distributed ledger maintained by a consensus network. Solves double-spend prevention through global agreement on transaction order. Excellent for permissionless value transfer; suboptimal for direct machine-to-machine payments because every payment requires a global write.
Bridge (Ledgerless): The interoperability layer between the off-chain Ledgerless secure-element world and on-chain settlement. Lets balances move between hardware-tracked Ledgerless funds and stablecoin / blockchain custody when needed.
Card networks: Visa, Mastercard, and similar payment networks. Built for human consumers, with chargeback dispute systems, KYC requirements, and per-transaction fees in the 2-3% range plus a fixed minimum. Architecturally wrong for AI agents that transact in cents.
Chargeback: A reversal of a card payment initiated by the cardholder's bank, typically after a dispute. A useful consumer protection mechanism for humans, but an existential risk for autonomous machine payments where there is no human-side identity to dispute on behalf of.
Chip-to-chip payment: A direct payment between two secure elements with no intermediary network. The defining transaction primitive in Ledgerless: the sending chip debits its own balance and signs; the receiving chip verifies and credits. No blockchain, no server, no consensus.
Consensus: The process by which distributed nodes agree on a single version of state. Used by all blockchains for double-spend prevention. Ledgerless does not need consensus because double-spend is prevented at the hardware layer.
Covenant: Ledgerless's policy enforcement protocol. Hardware-enforced spending limits, allowlists, rate limits, and approval rules that live inside the secure element and cannot be bypassed by the agent software running on the host. The AI-safety layer of the stack.
Double-spend prevention: The technical requirement to ensure the same funds cannot be spent twice. The only hard problem in payments — everything else is accounting. Historically solved by trusted third parties (banks) or consensus networks (blockchains); Ledgerless solves it with tamper-resistant hardware.
Hardware security module (HSM): A tamper-resistant cryptographic device. Secure elements are a small, embedded form of HSM. HSMs are the foundation of modern banking key infrastructure and the substrate Ledgerless builds on.
Lightning Network: An off-chain payment layer for Bitcoin using payment channels. Achieves sub-second, low-fee Bitcoin payments but still depends on persistent network connectivity and on-chain settlement for channel open/close. See the comparison page for how Lightning differs from Ledgerless.
Local payment: A payment that completes between two devices in physical or local-network proximity, with no routing through the public internet. Critical for machine economies where devices may be offline or operating in poor-connectivity environments. Ledgerless is one of the few protocols that supports true local payments.
Machine economy: The emerging economy in which AI agents and autonomous devices transact directly with each other — paying for API calls, compute, bandwidth, data, physical services, and micropayments to other machines. Forecast at $30 trillion by 2030.
Machine-to-machine (M2M) payment: A payment between two autonomous machines without human involvement in the transaction loop. Examples: an electric vehicle paying a charging station, an AI agent paying another agent for a sub-task, a sensor paying for data egress.
MPP (Machine Payments Protocol): Stripe's protocol for AI agents to initiate payments through Stripe's payment processing. Like AP2, MPP solves the interface but still settles on Stripe's underlying card and ACH rails.
Off-chain: Any transaction that does not require writing to a blockchain. Ledgerless payments are off-chain by default — settlement happens entirely between the two devices' secure elements, with no global state involved.
On-chip policy enforcement: Enforcing rules inside the secure element itself, rather than in software running on the host. The mechanism Covenant uses to ensure that even a fully-compromised agent cannot bypass its spending limits.
Peer-to-peer payment: A direct payment between two parties without an intermediary. True peer-to-peer requires that neither party — nor any third party — can unilaterally reverse or block the transaction. Ledgerless is the first peer-to-peer payment protocol that also requires no network.
Policy guardrails: Rules constraining what an agent or wallet can do: maximum spend per day, allowed counterparties, required human approvals, time-of-day restrictions. Covenant implements these as hardware-enforced invariants rather than software promises.
Secure element: A tamper-resistant chip that stores cryptographic keys and runs isolated code that cannot be inspected or modified by the host system. Secure elements are the substrate of modern banking (every payment card), telecom (every SIM), and identity (passports). Ledgerless places fund balances inside the secure element.
Settlement: The point at which a payment becomes final and irreversible. Card networks settle in 1-3 days. Bitcoin in ~60 minutes. Solana in ~400ms. Ledgerless settles instantly — the moment the sending chip signs, the payment is final by hardware invariant.
Stablecoin: A blockchain token pegged to a fiat currency, typically USD. USDC and USDT are the largest. Stablecoins make on-chain agent payments practical by removing currency volatility, but they still inherit the fees, latency, and network dependency of their underlying blockchain.
Tamper-resistant hardware: Hardware designed to resist both software intrusion and physical attack. Tamper-resistant chips can detect probe attempts, voltage glitches, and side-channel attacks, and erase their secrets when compromised. The physical foundation of Ledgerless's double-spend guarantee.
Trusted execution environment (TEE): A secure region of a CPU that isolates code and data from the rest of the system. Examples include Intel SGX, ARM TrustZone, and Apple's Secure Enclave. TEEs offer software-rooted isolation; secure elements offer hardware-rooted isolation. Ledgerless uses secure elements for strongest tamper resistance.
x402: Coinbase's revival of HTTP status code 402 (Payment Required) as a protocol for inline machine payments over HTTP. x402 standardises the request/response shape; actual settlement happens on the underlying chain (typically Base / EVM). See /compare for how x402 and Ledgerless complement each other.

More depth in the manifesto, the M2M Payments protocol, or Covenant.

The agentic payments glossary