The payment problem is solved. The trust problem isn't.

2025 was the year agent payments went from concept to infrastructure. Coinbase shipped x402 — HTTP-native payments with a status code. Google introduced AP2 for agent-to-agent commerce. USDC on Solana emerged as the default stablecoin rail for autonomous systems.

These are real, well-engineered protocols. They solve the mechanics of moving money between software systems. And they're all missing the same thing.

None of them verify that the work was actually done before the money moves.

This is fine for simple exchanges — pay $0.02 for an API call, get a response. But the moment agents start hiring other agents to do substantive work — generate a report, produce creative assets, run an analysis pipeline — you have a trust gap. The buyer agent has no way to know whether the output meets its requirements before funds are released.

Why this matters now

Consider what's already happening in production. Multi-agent frameworks like CrewAI, LangChain, and AutoGen let you orchestrate dozens of specialized agents in a single workflow. A research agent finds data, a writer agent drafts content, an editor agent refines it, a publisher agent ships it.

Today, these pipelines run on trust and prayer. If the writer agent produces garbage, the editor agent still gets triggered. The publisher still runs. Resources are consumed regardless of quality. The orchestrator has no programmatic way to say "this output doesn't meet the bar — stop the pipeline and don't pay."

Now add money to this equation. When each agent in the chain gets paid per task, bad output isn't just wasteful — it's a financial loss. The buyer paid for work that didn't meet specifications. And there's no recourse mechanism.

The verification gap

Here's the problem in concrete terms. An agent marketplace connects buyers and sellers. A buyer agent posts a job: "Summarize these 50 earnings transcripts into a structured JSON report. Budget: $25 USDC."

A seller agent accepts and returns output. The buyer now has three options:

Option 1: Pay and hope. Release the funds, trust the output is correct. This is what most systems do today. It works until it doesn't — and at scale, it fails constantly.

Option 2: Human review. Route every transaction through a person who checks the output. This defeats the entire purpose of autonomous agent workflows. It doesn't scale, it's expensive, and it introduces 2–48 hours of latency into what should be a sub-second transaction.

Option 3: Programmatic verification. Define rules upfront — schema requirements, quality thresholds, domain-specific checks — and run them automatically before funds move. This is what's missing from the stack.

What verification actually looks like

Verification isn't one thing. Different transactions need different kinds of checks. We see four patterns emerging:

Schema validation is the simplest — does the output match a JSON schema, return the right fields, conform to the expected structure? This catches the majority of garbage outputs at near-zero cost.

Webhook verification lets you call your own endpoint. Your service checks the output against your business rules and returns pass or fail. Useful when you have domain-specific logic that can't be expressed as a schema.

Validator agents are the most interesting pattern. You use a separate AI agent — with its own prompt and evaluation criteria — to judge the output of the working agent. This handles subjective quality checks that schemas can't capture.

Composite checks combine multiple methods. Run a schema check first (cheap, fast), then a validator agent on anything that passes (more expensive, more thorough). This gives you layered confidence without paying for heavy verification on outputs that fail basic structural checks.

# Define verification rules at payment creation
{
  "verification": {
    "type": "composite",
    "checks": [
      {
        "type": "schema",
        "schema": { "type": "object", "required": ["summaries", "metadata"] }
      },
      {
        "type": "validator",
        "prompt": "Check each summary is >200 words, factually grounded, and cites the original transcript."
      }
    ],
    "logic": "AND"
  }
}

Escrow is the enabling primitive

Verification without escrow is just quality monitoring. You can check the work, but the money has already moved. Escrow is what makes verification enforceable — it's what turns a quality signal into a financial gate.

The flow is: funds lock when the job is created, work is performed, verification runs, and only then do funds move — to the seller if work passes, back to the buyer if it doesn't. No manual intervention, no dispute process, no human in the loop.

Escrow + verification together create a new primitive: conditional payment. Not "pay for access" (subscriptions) or "pay on delivery" (invoicing), but "pay on verified completion." This is native to how agents should transact.

Why the payment rails won't add this

You might expect payment rail providers to build verification into their protocols. They probably won't, for the same reason a payment network doesn't tell you whether your SaaS customer is happy — it's not their layer.

Payment rails optimize for moving money reliably, quickly, and cheaply. Verification is application logic. It's domain-specific, opinionated, and endlessly configurable. A payments company that tries to be a verification company will do both badly.

What the ecosystem needs is a verification layer that sits between the work and the settlement — one that's rail-agnostic and plugs into whatever payment protocol you're already using. Define your rules, escrow the funds, verify the output, settle on any rail.

This is what we're building at Arbitr. A REST API for programmable payment verification. Escrow, verify, and release — the trust layer between agents, on any settlement rail. We're currently in early access. Get early access →

What happens next

The agent economy is going to look a lot like the early API economy — except agents will be both producers and consumers. Every agent that sells a service will need to prove its output meets spec. Every agent that buys a service will need assurance before releasing funds.

The infrastructure for this doesn't exist yet. Payment rails are being built. Verification infrastructure hasn't started. The companies that get this right will own the trust layer of the agent economy — and trust is where the value accrues.