Cryptocurrency exchange OKX has launched Agent Payments Protocol (APP), a new payment protocol that allows AI agents to perform commercial activities.

 

The new payment protocol, according to OKX, is an open standard that defines how AI agents communicate and negotiate, pay for services, and pay each other. It also, for the first time, allows AI agents to move beyond simple payments and into full-scale commerce.

 

 

“In the past few months, AI agents moved from answering questions to running workflows, managing business processes, and acting autonomously on behalf of users,” OKX wrote in a blog post. “The bottleneck shifted from intelligence to commerce - not just paying, but the full cycle of doing business: quoting, negotiating, escrowing funds, metering usage, settling, and resolving disputes.”

 

This existing problem among AI agents is what OKX aims to solve with its new Agent Payments Protocol (APP), allowing agents not only to manage single payment requests but also to manage payment requests across multiple levels.

 

Inside the Agent Payment Protocol

The agent payment protocol (APP) from OKX is an open standard designed to work across all chains, especially the Solana and Ethereum blockchains.

 

APP unlocks new capabilities for AI agents, making it possible for these agents to operate and communicate autonomously across the full commerce lifecycle, pay each other through agent-to-agent payments, and also allowing AI agents to perform upfront and top-up payments, including deductions.

 

At its implementation layer is the payment software development kit (SDK) that makes it possible for developers to accept and make agent payments with just a few lines of code. According to the blog announcement, the agent payment protocol supports a wide variety of payments, including one-time payments, batch payments, pay-as-you-go, and escrow payments, which OKX says is coming soon.

 

Embedded within the payment protocol is the OKX self-custodial agentic wallet, which supports over 20 blockchains. Since the wallet is secured by means of a Trusted Execution Environment (TEE), a hardware-based security environment, the wallet’s private keys and sensitive operations are kept highly secure.

 

Despite its early launch, the OKX agent payment protocol is currently supported by major cloud infrastructure firms, including Amazon Web Services (AWS) and Alibaba Cloud, as well as blockchain companies such as Uniswap, Paxos, MoonPay, Zerion, and Nansen.

 

With the launch of its payment protocol, OKX joins companies such as Coinbase, Stripe, and OpenAI, which have already launched their payment protocols, namely x402, Agentic Commerce Protocol (ACP), and Machine Payments Protocol (MPP), respectively.

 

 

Anthropic built an AI that's great at breaking into software, and doesn’t want to release it. Claude Mythos Preview exists specifically to find and exploit vulnerabilities, and access is locked to a small group of known partners through a program called Project Glasswing. Major companies like Microsoft, Apple, Google, Amazon, Nvidia, Cisco, CrowdStrike, Federal Reserve, and the Linux Foundation are involved in this project.

 

Scott Bessent and Jerome Powell pulled together some of the most powerful names in American banking at Treasury headquarters to talk about what Mythos and models like it mean for the financial system. Citigroup, Morgan Stanley, Bank of America, Wells Fargo, and Goldman were all in the room according to sources who spoke to Bloomberg and the Financial Times. Jamie Dimon was invited but couldn't make it. 

 

Anthropic describes Mythos Preview as its most capable model to date, with a significant jump in coding and security performance over every prior Claude version. In internal and external evaluations, the model autonomously identified thousands of high severity vulnerabilities across every major operating system and browser Anthropic tested, including zero days that had been sitting undetected in production software for decades. To accompany the launch, Anthropic committed up to $100 million in usage credits and $4 million in direct funding through Project Glasswing, available specifically to open source security organizations so they can run Mythos against widely deployed software and close gaps before anyone with bad intentions finds them first.

 

 

In controlled cyber range tests, the model found vulnerabilities together with working exploits, completing full attack simulations that human red teams estimated would take many hours. It found flaws in places where existing automated scanners had run millions of passes and flagged nothing, including in Firefox's JavaScript engine and various multimedia libraries. Fewer than one percent of the vulnerabilities it identified have been fully patched at this point, which gives you a sense of how much ground the security community now has to cover.

 

Most of the infrastructure the crypto industry depends on sits on top of the same Linux and open source stacks that Mythos is now auditing like exchanges, custodians, node operators, rollup sequencers, DeFi backends. The software shared with banks, hospitals, and government systems, turns out to have been carrying serious vulnerabilities for years that nobody caught. A kernel level bug or a flaw in a widely used library isn't an enterprise problem when you're thinking about crypto, but it's a potential entry point into a hot wallet, a key management system, a bridge validator, or an indexing service. Mythos gives defenders a meaningful head start on finding and closing those gaps, but it also surfaces how much risk has been quietly unnoticed.

 

For banks, law firms, and any enterprise with sensitive data, the lesson from Mythos is that proprietary systems are not safe from this. Most critical applications and sensitive datasets run on top of operating systems and open source code, and that software now appears to have been carrying vulnerabilities for decades in some cases. The main risk on an institution's balance sheet might not be a counterparty but its own software stack, and models like Mythos are making this clear.

 

Anthropic framing Mythos as too dangerous to release publicly could just be a marketing stunt. But independent reporting on thousands of real vulnerabilities, bugs with decades of exposure time, and successful end to end attack simulations in controlled environments suggests it’s real. This could be an early version of something much larger, as security researchers broadly expect that within a few years both attackers and defenders will be operating fleets of AI agents 24/7 that test systems continuously, around the clock, at a scale no human team can come close to matching. Systems in both traditional finance and crypto will need AI driven monitoring and response as a baseline and stronger decentralized systems to prevent a single point of failure.