Building Blocks for Interoperability and Autonomy in the Agentic Web

Vision

The web of today is:

1. friendly to humans who want to read and act

2. semi-friendly to bots that want to read

3. hostile to bots that want to act

Agents are a new, more powerful class of bot. We think that (2) and (3) will change rapidly to accommodate agent-driven browsing, commerce, and automation. Distinct lanes will emerge for humans, agents, and agents acting on behalf of humans. These changes will enable amazing new products and services, but also create massive disruption to the standards, infrastructure, and economics behind today’s web. How these new dynamics evolve will matter for everyone.

At Mysten Labs, we’re working on building blocks to maximize agent-powered automation by facilitating safe interoperability across trust boundaries, while preserving autonomy through open infrastructure and standards.

Problems of interest

We’re currently exploring several concrete challenges with partners in service of our broader goal:

Agentic commerce

Payments on behalf of users are among the most powerful and risky actions an agent can take—a key step toward unlocking (3) above. This raises pressing questions, including:

• What do agent-friendly paywalls look like?

• How do we make this safe as users delegate more responsibility to agents (e.g., giving an agent access to my funds but capping how much it can spend)?

• Which sites, APIs, and data sources will adopt first—and, conversely, what will agents need seamless ways to purchase in real time?

We see this as a marketplace bootstrapping problem, and are working on the technology required to enable an open marketplace. We think fast and highly programmable payment rails (e.g., compliance, contracts with automated payouts, atomic multi-agent transactions) using stablecoins are a key primitive for balancing automation and security.

Open infrastructure and new standards will be crucial for connecting both sides of the market and maximizing value/quality for both. Our collaboration with Google on programmable stablecoin payments via the Agentic Payments Standard (an extension to A2A) is one example—our demo showcases a client agent performing six separate purchases from three merchant agents in a single atomic transaction on Sui.

Future browsing and content monetization

As more browsing happens through chatbots/agents instead of direct site visits, content creators lose eyeballs, opportunity to connect directly with users, and the ability to monetize. Large entities (e.g., major media companies) are addressing this problem via direct contractual agreements with model providers. This doesn’t work for smaller sites, who are left with a tough choice: set up barriers to keep the agents out (and thus miss out on a promising new growth channel), or let the agents in on their terms (and risk losing eyeballs/revenue as many vacuum out your content for free).

This too is a marketplace problem. Site owners need programmable access-control policies, and agents need ways to automatically discover, license, and pay for content (e.g., via the agentic commerce machinery described above). This should happen through open licensing marketplaces, not closed deals or new middlemen.

Identity, authentication, and user data

Today’s bot identity system (User-Agent headers, IP ranges, and robots.txt) and its honor system enforcement are vastly inadequate even for today’s dynamics. As mentioned above, tomorrow’s web will need cryptographic identifiers for humans, agents, and agents acting on behalf of humans. Your web experience will be highly specialized based on the identity and metadata you bring to the table. Some key questions:

• Can a user have one universal identifier, or must identity/auth be fragmented across multiple services as it is today (potentially frustrating interoperability and reducing automation)?

• Do users own the data associated with their identifier and control whether/when it can be shared across services?

• Can coarse permissions that rely on manual judgment to decide which actions are appropriate be broken into fine-grained identifiers suitable for automated use?

These are (of course) leading questions. Our preferred future centers around context wallets: user-owned, privacy-preserving stores of verified data. **These wallets should let users share context freely across surfaces, maximizing interoperability without sacrificing privacy. By contrast, if providers fight to keep your context inside their walls, interoperability and autonomy suffer.

We think decentralized storage with programmable access control (e.g., Walrus + Seal) are important building blocks for data ownership with strong user control, and zero-knowledge proofs (e.g., as used in zkLogin) are an underutilized technology for allowing services to specialize experiences without requiring users to sacrifice privacy.

How Our Technology Can Help

We’ve spent the last four years designing and building a technology stack for facilitating safe interoperability across trust boundaries. There is no single product or service that can solve the problems above on its own—instead, we work on technical building blocks for folks that want to create products that are highly interoperable. Here are a few that are relevant to the problems above

Fast, highly programmable stablecoin payments with Sui’s programmable transaction blocks

Our founding team came out of the Libra project at Meta. We built Sui as a successor to Libra optimized for performance, including a fast lane (<400ms) for payments and horizontal scalability to handle arbitrary transaction volume. Features like programmable transaction blocks (PTBs) enable on-the-fly batching of multiple payments into a single atomic operation—e.g., as mentioned, our A2A extension demo showcases a client making six separate purchases from three merchants in one transaction. Sui leverages the security-focused Move smart contract language to make further programmability accessible to all.

Data ownership with Walrus and verified provenance with Seal

Walrus is a decentralized blob store that associates every upload with a cryptographic identity and a timestamp. We think this is an important primitive for proving who created content and when. Walrus blobs can be world readable (suitable for public content), or protected with cryptographic access control via Seal, with policies specified in Move smart contracts. For example, a context wallet that stores context from one chatbot in Walrus could use Seal to selectively share context with another. A blogger that wants to allow an agent to purchase a micro-license for a post could store it in Walrus, and use Seal to reveal it only once a payment on Sui has been made.

Privacy-conscious identities with zero knowledge (ZK) proofs and zkLogin

Zero knowledge (ZK) proofs enables access control policies that operate on secret data without revealing it. For example, an agent could use a ZK proof to demonstrate that it is making a query on behalf of a user over the age of 18 in California without revealing the user’s age or address. Move supports working with proofs generated by the groth16 proof system.

In addition, Sui supports zkLogin, a novel mechanism for privately sending transactions from a web account. In essence, zkLogin enables a privacy-preserving conversion from a bot-unfriendly credential (JWT) to a bot-friendly one (Sui address/keypair) that can be assigned permissions and spend money. zkLogin is already the world’s most used application of zero knowledge in terms of proofs generated/checked per day, but it is only scratching the surface of what this powerful cryptographic technique can do.

Collaboration

We’re thinking a lot about how AI will reshape the web. We want to create the building blocks to nudge the evolution toward openness, safe interoperability, and autonomy. If this resonates with you, you’re working on problems that intersect with ours, or you’re building something that crosses trust boundaries, we’d love to chat—email hello@mystenlabs.com, or reach out directly on X.