In March 2026, a US federal court ruled in Amazon v. Perplexity that a user’s permission to an AI agent does not constitute the platform’s authorisation.
The ruling was narrow in its legal scope but enormous in its commercial implications: it established, in a jurisdiction that sets global precedent, that the chain of accountability in agentic commerce is not solved by obtaining a user’s consent. The platform, the merchant, and the rail all retain independent liability exposure.
The Agentic Economy Report by blockchain firm Morph, published in Q2 2026, frames this as one of the defining risks of the current technology cycle and makes a pointed prediction: a Fortune 100 company will publicly attribute a major cyber breach to an AI agent before the end of 2028.
Also Read: The US$0.20 payment that could rewire Asia’s financial rails
When that disclosure happens, it will, in the report’s words, “reset the liability map for every merchant and every issuer that depends on one.”
The accountability gap is structural, not incidental
The scale of the attack surface is not theoretical. Citi GPS has tracked deepfake scam growth at more than 2,000 per cent over three years. The public MCP ecosystem — the infrastructure layer through which AI agents discover and invoke external tools and APIs — now exceeds 10,000 servers, each one a potential entry point for a malicious actor or a poorly scoped agent instruction. AP2’s cryptographic mandates were designed precisely because authorisation and accountability remain unsolved at the protocol level.
The problem is architectural. As Dr Changhao Jiang, CTO at Cobo, states in the report: “Prompts are not permissions. The industry’s greatest risk is a failure of architecture: granting agents the power to act without the guardrails to stop them. To bridge the accountability gap, we must decouple an agent’s reasoning from its power to spend through the pact. By replacing ‘assumed trust’ with infrastructure-level enforcement, we ensure that while execution is autonomous, liability is absolute.”
This distinction — between an agent’s reasoning and its power to transact — is the central design challenge that the agentic payment stack has not yet solved at scale. The Mandate layer of the stack (Layer 2 in the Morph framework) attempts to address it through AP2’s Cart and Intent Mandates, which are cryptographic and hardware-backed. But the protocol is voluntary, implementation is uneven, and the legal framework for adjudicating disputes among agents, users, merchants, and issuers has not been tested at commercial scale in most jurisdictions.
Asia’s specific exposure
Southeast Asia and broader pan-Asia face compounded exposure on this question for three reasons. First, the region’s regulatory frameworks for AI liability are nascent compared to those that are taking shape in the EU and the US. Singapore’s Model AI Governance Framework is a voluntary standard; it does not create binding liability rules for agentic transactions. Most of the region’s emerging economies have no comparable framework at all.
Also Read: The invisible shopper rewriting Asia’s e-commerce playbook
Second, Asia is disproportionately exposed to the deepfake and social-engineering threat vectors that feed into agent-based fraud. The Citi GPS 2,000 per cent figure aggregates global data. Still, security researchers have consistently found that Asia-Pacific is the fastest-growing target region for AI-generated fraud, driven by the region’s high mobile penetration, cross-border commerce volumes, and varying levels of digital literacy across income groups.
Third, the region’s super-app and embedded-finance architecture — where a single platform may function simultaneously as a social network, marketplace, logistics provider, and financial institution — creates uniquely complex liability chains. When an AI agent transacts within a super-app ecosystem, determining which layer should bear the loss for a disputed instruction is a question those platforms have yet to answer publicly.
The card networks’ defence and its limits
Visa’s Trusted Agent Protocol (TAP), listed in the Morph report’s standards comparison table, represents the card networks’ primary response to the accountability problem. TAP layers network-level agent identity and fraud-signalling onto card rails, essentially attempting to keep agent traffic inside Visa’s visibility and accountability perimeter. Mastercard has tied its agentic commerce strategy to its 40 per cent tokenised base and global issuer rollout.
The approach has institutional logic. Card networks carry deep fraud-management infrastructure, chargeback mechanisms, and regulatory relationships that open-protocol stablecoin rails do not yet replicate. For regulated, ticket-sized purchases — a flight, a hotel, a large electronics order — the card model retains meaningful advantages even in an agentic world.
But the economics break down at the volume layer. The Morph report’s Prediction 2 holds that most agent-initiated payments, by transaction count, will settle outside traditional card rails — not because card networks lose the high-value category, but because the count of agent transactions is dominated by sub-dollar machine-to-machine calls that the card model was never designed to handle. The liability framework that travels with the card does not automatically extend to x402-settled stablecoin micropayments. That gap is currently uninsured.
The disclosure that changes everything
Jordan Patapoff, VP of Ecosystem at Quicknode, captures the broader stakes in a quote cited by the Morph report: “Every technology wave has a moment when its infrastructure gets defined: TCP/IP, HTTP, OAuth. The agent economy is in that moment right now. The protocols adopted in the next eighteen months are the ones a generation of agents will run on.”
Also Read: Agentic commerce: How autonomous AI is quietly rewriting the payments stack
The liability question is part of that infrastructure definition. Whoever writes the standard for agent accountability — whether it is a protocol consortium, a card network, a central bank, or a regulator — will shape the commercial terms of agentic commerce for the next decade. For Asia’s fintech sector, the risk of arriving late to that standard-setting conversation is not merely competitive. It is the risk of inheriting liability frameworks written by and for markets elsewhere, applied to a region with fundamentally different commerce architectures, fraud profiles, and consumer protection regimes.
The Fortune 100 breach prediction may or may not resolve before 2028. The accountability gap it will expose is already open.
The post Why Asia faces the sharpest agentic fraud exposure appeared first on e27.