Field note

Most AI agents never reach production. Payments is where that gets expensive

The widely cited figure is that 88 percent of AI proofs of concept never reach production. Agentic payments inherit that gap, and the teams that cross it are not winning on model selection. They are winning on payments-specific infrastructure that makes an agent idempotent, governable, and rollback-safe at the rail boundary.

May 4, 2026 · Navin Agrawal · AI systems · 4 min read

Most AI agents never reach production. Payments is where that gets expensive

Visual brief

Visual brief

Most AI agents never reach production. Payments is where that gets expensive

As of May 2026

The headline number on AI agents is a failure rate. The widely cited figure is that 88 percent of AI proofs of concept never reach production. Agentic payments do not get a discount on that gap. They pay more for it.

The teams crossing into production are not winning at model selection. They are winning at payments-specific infrastructure that makes an agent observable, governable, and rollback-safe at the rail boundary. The ones still calling this a machine-learning problem will be in pilot when 2027 starts.

The gap is real, the cause is not the model

IDC and Lenovo’s 2025 CIO Playbook put the number plainly: about 88 percent of AI proofs of concept never make it to production, with only four of every thirty-three graduating. That figure is about AI projects in general, and agentic payments inherit it rather than escape it, because a payment agent has to be right about money, not just about language. The traits that separate the teams who ship are familiar enough to list - infrastructure, governance, baseline metrics, and clear ownership. What gets missed is the sequencing. In payments, governance gets written before the eval harness, because regulator-facing scope constrains what you are even allowed to measure. Visa has gone as far as predicting that in 2026 AI agents will complete purchases rather than just assist with them. That is the demand side. The supply side is whether your rails can survive an agent that retries.

What a payment agent breaks that a chatbot does not

A language agent that gets a fact wrong writes a bad sentence. A payment agent that gets the settlement window wrong moves money twice. The blast radius is different, so the controls have to be different.

The production gap

88%

of AI proofs of concept never reach production - four of every 33 graduate (IDC and Lenovo, 2025).

Where the 12% win

Rails work

the agents that ship win on payments-specific infrastructure, not on model selection.

The three fixes

Rollback-safe

idempotency bound to agent identity, settlement-state eval replay, and per-rail rollback paths.

Most AI agents never reach production and payments is where that gets expensive (as of May 2026): about 88 percent of AI proofs of concept never reach production, with four of every 33 graduating, per IDC and Lenovo's 2025 CIO Playbook; the agents that ship win on payments-specific infrastructure rather than model selection; the three fixes are idempotency bound to agent identity, an eval harness that replays settlement state, and per-rail rollback paths; and in payments governance is written before the eval harness because regulator scope constrains what you can measure.
The 12 percent that ship are not better at model selection. They are better at the rail boundary.

The three fixes that show up in production

The agent payment integrations that reach production share three controls, and none of them are about the model.

The first is idempotency bound to agent identity at the rail level. An agent retrying an ACH origination after a timeout cannot be allowed to create a second debit, so the NACHA originator record has to resolve back to the agent that initiated it. The second is an eval harness that replays settlement state, not just message correctness. A payment agent that gets the message right and the settlement window wrong is still a production incident, and a harness that only checks the message will pass it. The third is a rollback path defined per rail. RTP does not reverse the way ACH does, a FedNow Request for Return of Funds is not a wire investigation, and the escalation tree has to know which rail it is standing on before it does anything.

The 12 percent are not winning at model selection. They are winning at payments-specific infrastructure that makes an agent observable, governable, and rollback-safe at the rail boundary.

Was this useful?

Choose once.

Related Posts

View All Posts »
Multi-model is the new multi-rail

Multi-model is the new multi-rail

Every payment system routes across multiple rails - ACH fails, traffic moves to wire, and wire is dear for small amounts so you route to RTP. Most AI systems still call one model and hope it stays up. The LLM gateway is the same routing engine payments has run for decades, and it needs the same three things to count.

AI can suggest a payment, only the control plane completes it

AI can suggest a payment, only the control plane completes it

A payment bot did not go rogue - the architecture did. A timeout produced two valid-looking instructions for the same payout, because a downstream retry never learned the first was already in flight. Mandate-based authorization like AP2 still needs a runtime control plane with real state discipline, not policy in a config file.

Agents do the wiring, architects carry the tradeoffs

Agents do the wiring, architects carry the tradeoffs

AI agents are arriving faster than most banking career ladders can adapt, and the market is already rewarding people who work with them. The career moat was never wiring up another API call. It is the judgment calls agents cannot own - which rail to trust, how much latency to spend, who the regulator will be.

AI agents can buy now, and fraud systems were not built for it

AI agents can buy now, and fraud systems were not built for it

Stripe, OpenAI, and Google shipped protocols that let AI agents complete purchases inside a conversation. The rails are already fast enough. The problem is that fraud detection was architected around a human clicking buy on a trusted surface, and agents break that assumption.