Investment Grade

APTO Technical Whitepaper

Protocol Alignment Analysis & Architecture Overview for institutional investors and technical due diligence.

Executive Summary

APTO (Agent Payment Trust Orchestrator) is a production-grade orchestration layer designed to close the "Trust Gap" in autonomous commerce. It is built as a native implementation of the Google Agent Payments Protocol (AP2), a global standard released in September 2025 by Google and 60+ industry partners (including Mastercard, PayPal, and Adyen).

This document provides a technical overview of the APTO architecture and its adherence to global standards to provide investment confidence without the disclosure of proprietary source code.

1. Protocol Alignment: Google AP2 (v1.0)

APTO is not a "wrapper" for existing payment APIs; it is a Protocol-Native Node. It implements the core pillars of the AP2 standard:

A. Verifiable Digital Credentials (VDCs)

APTO utilizes VDCs as the fundamental trust anchor. Every transaction is a cryptographically signed contract that ensures non-repudiation.

  • Cryptographic Standards: Implements Ed25519 and ECDSA P-256 signature algorithms.
  • Integrity: Utilizes deterministic SHA-256 hashing for canonical data structures, ensuring that any tampering with a mandate (even a single character) invalidates the transaction instantly.

B. The Tri-Mandate Architecture

The system natively implements the three core life-cycle mandates of AP2:

  1. Intent Mandate: Specifically designed for Human-Not-Present (HNP) scenarios. It includes "Prompt Playback"—a verification feature where the agent must cryptographically prove its understanding of user instructions before spending.
  2. Cart Mandate: Handles Human-Present (HP) transactions via Dual-Signature logic (Merchant + User), providing the highest level of authorization proof in modern e-commerce.
  3. Payment Mandate: Bridges the gap to traditional financial networks by signaling agentic involvement and risk scoring to issuers and networks (Visa/Mastercard).

2. Competitive Moat: AI Hallucination Defense

The single greatest technical barrier to AI commerce is "Agent Hallucination" (the agent spending on the wrong item due to model error).

APTO’s Solution:

  • AI Risk Engine: A dedicated microservice that performs sub-100ms risk evaluation.
  • Mathematical Guardrails: Uses SBERT Embeddings via Vertex AI to compare the Merchant’s Cart against the User’s original Natural Language Intent.
  • Deterministic Enforcement: If the semantic distance between intent and purchase exceeds a threshold, APTO triggers a Step-Up Authentication or a hard block, protecting the user and the PSP from liability.

3. Enterprise-Grade Architecture

APTO is built for global scale and security "by design":

  • High-Performance Core: Utilization of memory-safe languages (Rust) for the critical transaction path, ensuring zero-cost abstractions and elimination of memory-related vulnerabilities.
  • Database: Utilizes Google Cloud Spanner to ensure "Global Consistency" for cross-border payments, preventing double-spending and ensuring 99.999% availability.
  • Observability: Integrated Vertex AI, Feature Store, and Redis cache for real-time fraud detection without adding latency to the payment flow.
  • The Evidence Store: An immutable, append-only store that generates a "Cryptographic Chain of Evidence" for every transaction. This reduces dispute resolution windows from 30–90 days down to minutes.

4. Commercial Strategy: The B2B2A Model

A-Pay-G operates as B2B Infrastructure (Business-to-Business-to-Agent). We do not sell to end consumers; we sell the "Trust Rails" to the platforms that serve them.

1. AI Platforms (Risk & Liability Sector)

  • Customer Persona: OpenAI, Anthropic, Google DeepMind.
  • Core Challenge: Systemic liability risk. Autonomous capabilities are constrained by the inability to verify "intent vs. hallucination" in financial transactions.
  • APTO Value Proposition: We serve as the Risk & Compliance Layer. By offloading mandate verification to the APTO protocol, platforms can enable commerce features while maintaining a "neutral platform" legal stance.

2. Payment Service Providers (FraudTech Sector)

  • Customer Persona: Stripe, Adyen, PayPal.
  • Core Challenge: Existing fraud models are calibrated for human behavior (device fingerprinting, click velocity) and fail to distinguish legitimate autonomous agents from malicious botnets.
  • APTO Value Proposition: We provide Enterprise FraudTech. The APTO Risk Engine integrates via API to score agentic transaction volume, enabling PSPs to capture new revenue streams without exposing their core rails to bot fraud.

3. e-Commerce Marketplaces (Commerce Enablement)

  • Customer Persona: Shopify, Amazon, Flipkart.
  • Core Challenge: Marketplaces seek to allow "Shopping Agents" to execute autonomous purchases but lack a standardized protocol to verify agent authority.
  • APTO Value Proposition: We provide Protocol Enablement, ensuring that any inbound order from an AP2-compliant agent carries cryptographic proof of user authorization.

Disclaimer

This document is for informational purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any securities. The technical specifications described herein are based on the current implementation of the AP2 Protocol (v1.0) and are subject to change. "Google Cloud Spanner", "Vertex AI", and "Rust" are trademarks of their respective owners. APTO is a proprietary technology of A-Pay-G.

Document ID: APTO-TECH-DD-2026-001CLASSIFICATION: CONFIDENTIAL