The internet was built for humans. Your next user will be an agent.

Most product roadmaps still treat AI as a feature you bolt on: a chat box in the corner, a "summarize this" button, a copilot grafted onto an existing UI. That framing quietly misses what's actually happening underneath.

‍

The deeper shift isn't that software is getting smarter. It's that software's primary user is changing. Increasingly, the thing reading your docs, navigating your app, and consuming your API isn't a human. It's an agent acting on behalf of one.

‍

And most of what we've built isn't ready for that, even as the companies racing to fix it are quietly rewriting the stack underneath us.

‍

The unpriced cost of being human-first

‍

Walk through what happens when an agent tries to use a typical SaaS product today. It hits a marketing page optimized for human conversion psychology. It encounters tutorials written for human attention spans, with screenshots and "now click here" prose. It deals with auth flows wrapped in captchas, cookie banners, and consent modals. It parses dashboards designed to be visually scanned, not programmatically queried.

‍

Every one of these is friction. Each was a perfectly reasonable design choice - for humans. For agents, they're a tax.

‍

The clearest place this shows up isn't shopping or docs; it's observability. Watch a senior SRE work a 3am incident: Grafana in one tab, Datadog in another, CloudWatch logs in a third, deploy timeline in GitHub, runbook in Notion, postmortem template in Confluence. They're correlating signals across five UIs that were each individually well-designed for a human eye. But the underlying job is pattern-matching across machine-generated telemetry which is exactly the kind of work an agent does better, faster, and without burning out.

‍

That's why every major observability vendor has converged on roughly the same product in the last twelve months. Datadog's Bits AI SRE. AWS DevOps Agent. Grafana's Assistant Investigations. incident.io's AI SRE. Open-source projects like OpenSRE. They all share one insight: the dashboard was a translation layer for humans. The metrics, traces, logs, and deploy events were always machine-readable. Once an agent can pull telemetry directly across CloudWatch, Datadog, Grafana, GitHub, and the deploy pipeline, form hypotheses, and rule them out with structured queries, the dashboard becomes one of many ways to display a result and not the primary interface for doing the work.

‍

The dashboards aren't going away. But they're being demoted from "the surface where work happens" to "the human-readable view of work an agent already did."

‍

Multiply that across every category, like payments, ops, support, finance, procurement, and you start to feel the cost. Every dashboard, every step-by-step tutorial, every UX optimization aimed at the human eye is a translation layer that an agent must either parse around or ignore. That's the unpriced cost of being human-first in a world where the most valuable workflows are quietly migrating through agents.

‍

What "agent-native" actually means

‍

It's tempting to read agent-native as "add an MCP server" or "expose an API." Both help. Neither is sufficient.

‍

Agent-native is a design posture, not a checklist. It means treating agents as a first-class consumer and asking, for every interface you ship: can this be operated by something that has no eyes, doesn't get bored, and reads documentation by ingesting it whole rather than skimming it?

‍

In practice that pulls in three concrete shifts, and you can already see leaders in each domain making them:

1. Decompose into sensors and actuators. The Stripe Agent Toolkit is a textbook example: instead of routing an agent to a dashboard, Stripe exposes its primitives as discrete, callable tools: create a payment link, issue an invoice, refund a charge, run a subscription. The PayPal Agent Toolkit takes the same posture: orders, subscriptions, disputes, and shipment tracking exposed as functions, compatible with MCP, OpenAI Agents SDK, LangChain, Bedrock, and Vercel's AI SDK. The agent doesn't navigate a dashboard. It calls a function and reads a structured result.
2. Write docs the agent can act on. Not "click Settings → API → Generate Token." Write the exact prompt, the exact payload, the exact code block. Better still: ship a manifest the agent can ingest directly. The shift from "human-readable docs with code samples" to "machine-readable manifests with optional human prose" is already happening in the agent-toolkit world, and it will spread.
3. Eliminate deployment friction. Service wiring, secret rotation, environment plumbing, dashboard onboarding - this is the long tail of work that exists primarily because a human had to click through a web console somewhere. An agent-native deployment is a single intent translated into action across the stack, with the dashboard generated as a report of what happened, not the interface through which it happened.

‍

A new layer of protocols is being built, and it isn't for you

‍

The strongest signal that this shift is real isn't in any individual product. It's that an entire layer of new protocols is being defined that assumes a human may not be in the loop at all.

‍

Three worth watching closely:

1. MCP (Model Context Protocol). The de facto plumbing for agent-to-tool communication. Lets an agent discover and call capabilities (read inventory, query a database, run a job) through a standardized interface. Most major payment, observability, and developer-tool vendors now ship MCP servers. It's becoming the lowest common denominator for "this thing can be operated by an agent."
2. UCP (Universal Commerce Protocol). An open standard for commerce interoperability, checkout, identity linking, order tracking, payment token exchange, explicitly designed to work "with or without human intervention." The Tech Council now spans Google, Shopify, Amazon, Meta, Microsoft, Salesforce, Stripe, Etsy, Target, and Wayfair, ten of the most consequential companies in commerce and infrastructure aligning on one protocol. Stripe's posture is the tell: it co-built a rival protocol (ACP) with OpenAI, powers Microsoft's Copilot Checkout alongside PayPal, and sits on UCP's council. It isn't picking a winner. It's making sure every winner runs on Stripe.
3. AP2 (Agent Payments Protocol). Proposed by Google in collaboration with PayPal, Mastercard, American Express, and 60+ other launch partners, AP2 extends Agent2Agent (A2A) and MCP with cryptographically signed mandates, verifiable records of user intent. It introduces an explicit "Human-Not-Present" mode: a user pre-approves conditions ("buy these sneakers if the price drops below $X"), and the agent transacts later under that signed authority. Mandates are W3C Verifiable Credentials. Every step is auditable, every transaction has dispute-grade evidence, and the sensitive credentials never touch the agent itself. The coalition has since grown past 100 organizations, which tells you what the card networks already know: this isn't a side experiment, it's the rail being laid.

‍

Underneath these protocols are new payment primitives engineered for the same world. Stripe's Shared Payment Tokens (SPTs) let an agent initiate a payment scoped to a specific seller, bounded by time and amount, revocable at any moment, observable end-to-end, without ever exposing card credentials. Stripe's Link, originally a one-click human checkout wallet, is being purpose-rebuilt for agentic commerce: the same wallet, but now preserving identity and purchase history across AI surfaces, with native controls for spending limits and per-agent permissions. PayPal's Agent Ready does the equivalent on its rails, with Store Sync making product catalogs natively discoverable in Copilot, Perplexity, and ChatGPT.

‍

The pattern is consistent: humans aren't in the loop for every authorization. They're in the loop for the policy, and the agent executes within it. That's a fundamentally different trust model than "verify CVV at checkout," and the rails to support it are being laid right now.

‍

The two-layer problem nobody talks about

‍

For the next several years, you have to maintain both layers. Humans still read your docs. Customers still want a UI. Compliance still wants a person in the loop. And yet your power users are increasingly piping your product through agents.

‍

The naive response is "we'll add an API." The serious response is rethinking your primitives so the human UI and the agent surface are both projections of the same underlying capability graph. 

‍

Stripe is the clearest example: the dashboard, the Agent Toolkit, and the raw API are three renderings of one set of primitives, not three products glued together. That's an architecture decision, not a sprint.

‍

Teams that build clean abstractions across both layers will compound advantages the rest spend the decade trying to retrofit.

‍

Where the new surface area opens up

‍

Once agents become primary consumers, entirely new categories of problem appear; with them, entirely new product categories:

‍

Trust and verification 

‍

When my agent transacts with your agent, what's the equivalent of a signed contract? AP2's mandates are an early answer, but the broader questions of agent identity, delegated authority, dispute resolution when an agent acts at scale - is wide open. Whoever builds the canonical trust layer will sit underneath a meaningful share of agent commerce.

‍

Brand control inside an agent surface

‍

When a buyer asks ChatGPT "find me a couch under $1,500," whose brand wins? Stripe explicitly designed the Agentic Commerce Suite so businesses remain merchant of record rather than getting intermediated. PayPal's Store Sync lets merchants control what shows up across AI channels. This isn't a footnote but the next decade of distribution being negotiated in real time.

‍

Disambiguation at machine speed

‍

Humans tolerate ambiguity because we ask follow-up questions and shrug. Agents don't, or they ask the wrong ones. Interfaces will need to expose constraints, preconditions, and intent in ways human UIs never had to. Schemas will get richer. Errors will get more semantic.

‍

Discoverability without SEO

‍

SEO optimized for human eyeballs and click-through rates. The new question is what wins when an agent is deciding which of three vendors to recommend to its principal. Whoever defines the protocol there will own the next decade of attention real estate.

‍

Provenance and auditability

‍

When an agent took an action on my behalf, I need a traceable, queryable record of what it did and why. AP2 mandates point at this; observability vendors are circling it from another angle. The companies that build this layer well become the substrate for everything else.

‍

These aren't future problems. They're shipping right now, in messy half-built form, and the teams figuring them out are quietly accumulating moat the market hasn't priced in yet.

‍

The role of the human shifts, but doesn't shrink

‍

There's a comforting narrative that agents do the work and humans just write better prompts. That's not quite right.

‍

The work that actually moves up the stack is judgment, taste, and architectural intent. What should we build? Why is it worth doing? What's the right shape for this primitive so that it composes well three years from now? Which of these five plausible-looking outputs is actually correct?

‍

Agents are excellent at the part of the work that has clear verification: running the test, refactoring the boilerplate, finding the typo in the config, correlating telemetry across five tools at 3am. They are spectacularly bad at the part that requires you to know which problem is the right one to solve in the first place.

‍

Information processing gets cheap. Understanding does not. You can hand off the typing. You cannot hand off knowing what you're trying to build, and that bottleneck (the human one) is where the leverage actually lives.

‍

What to do this week

‍

You don't need to refactor your entire stack tomorrow. But you can start asking sharper questions:

• If a sophisticated user piped my product through an agent today, where would it break first? 
• Which of my docs assume a human will fill in the gaps? 
• What's the highest-leverage action a customer wants to take, and is it one prompt away or twelve clicks deep? 
• Could I expose my core capabilities through an MCP server this quarter? What's stopping me? 
• If I'm in payments, commerce, or financial services, am I implementing for SPTs, AP2, UCP, or am I betting my next decade on humans clicking checkout buttons? 
• When my product errors out, does the error message help an agent recover, or just blame the user? 
• If two of my customers' agents wanted to coordinate through my platform, could they?

‍

The companies that compound here won't be the ones that announced an "AI strategy." They'll be the ones who quietly rebuilt their primitives so that agents - whether their customers' agents, their employees' agents or their own internal ones - can actually get work done without a human babysitter.

‍

The internet was built for humans; the next era is being built for everything else acting on their behalf.

‍

The question isn't whether to build for agents. It's whether you noticed that you already are.

‍

Guy Fighel is Partner & Head of Data Program (SPARQL) at Hetz Ventures.

‍