Agent Disputes
Agent disputes
When an AI agent buys something on a cardholder's behalf and the cardholder calls fraud, two questions land on the merchant's desk at once. Did the agent have authority to spend? Did it stay inside the scope it was given? Receipts and OAuth tokens answer the first one. They cannot answer the second.
Receipts aren't enough.
May 2026: the dispute gap
"Dispute management simply does not appear" in agentic-commerce reports.
Three weeks earlier, AWS shipped AgentCore Payments with per-session spending caps and observability hooks. Visa shipped Token Authentication for agent payments. Mastercard shipped Verifiable Intent. None of those four touch what happens after the charge clears.
Two scenarios on AgentLair's live demo make the gap concrete. Same agent class, same merchant, same cardholder. Opposite outcomes. The audit chain is the only thing that decides which is which. See the full four-layer authorization stack.
How do you dispute an AI agent purchase?
Today the merchant gets a chargeback notice and a transaction receipt. That used to be enough when the buyer was a human typing a card number. With an agent in the loop, the cardholder's real claim is rarely "I didn't authorize this." It is usually "I didn't authorize this much, this often, or at this merchant."
You need three things the receipt does not contain. The scope the agent committed to. The actions the agent actually took. A way for a third party to compare them.
What AgentLair adds: a Behavioral Commitment Credential issued at session start, an audit log of every tool call mid-session, and a public verify endpoint at the end. See the live dispute resolution demo at github.com/piiiico/agentlair-dispute-resolution-demo.
What evidence does a merchant need to defend a chargeback when the buyer was an agent?
Card networks already accept device fingerprints, IP addresses, and 3-D Secure tokens. None of those describe what an agent did. They describe who held the keys. That distinction breaks chargeback defense for any merchant accepting agent traffic.
The new evidence works differently. A signed credential commits the agent to a price cap and a merchant whitelist before the session starts. Every tool call lands in a replayable record. Two scenarios on the live demo make the difference concrete.
- A $95 leather bag inside the agreed scope produces a REJECTED dispute.
- A $20-over-cap purchase produces an UPHELD dispute.
Same agent class. Different evidence. Verify the in-scope BCC at bcc_m6891bdxjGULqMCb4wK0.
Does AWS AgentCore Payments cover dispute resolution?
AgentCore Payments shipped in preview on May 7, 2026. It gives merchants per-session spending limits, observability hooks, and an audit feed. That is real progress at L3 governance. It is not a dispute layer.
What it doesn't do: when the dispute lands, AgentCore can confirm the agent paid. It cannot tell the issuing bank whether the agent was inside the scope the cardholder delegated. The behavioral evidence sits in your logs, not in a credential a third party can verify on its own. Did you expect AgentCore to close the dispute loop? It doesn't. That is the layer AgentLair fills. See how AgentLair compares.
What about disputes under Visa Token Authentication?
Visa TAP authenticates the agent's payment token at the moment of charge. The cardholder consented to delegate. The token is bound. The gate is closed.
What it doesn't do: TAP closes the gate when the agent walks through. Whether the agent stayed inside the cardholder's intent three hours later, on the seventh purchase, at a different merchant, is not in scope. That second question is what dispute resolution requires. Mastercard Verifiable Intent narrows the same gap on the consumer side and has the same boundary: it captures intent at the front, not behavior throughout.
Can I prove an agent acted within scope?
Yes, when scope was committed before the action, behavior was streamed during, and both anchored to a verifiable credential. Without those three pieces, you can't.
Concrete: issue a Behavioral Commitment Credential at session start with a price cap, a merchant whitelist, and a time window. Stream tool calls to the AgentLair audit log as the session runs. On dispute, pull the BCC, replay the chain, and let the issuer compare.
Two BCC IDs run on the live demo right now:
- bcc_m6891bdxjGULqMCb4wK0 — Scenario A, in-scope, dispute REJECTED.
- bcc_FkXFSLuwdlMVwNiMKxeU — Scenario B, over-cap, dispute UPHELD.
How does behavioral commitment evidence work in chargebacks?
Three steps. The agent issues a BCC committing to scope before the first transaction. Every action inside the session anchors to an audit log on AgentLair. When a dispute opens, the issuing bank or the merchant pulls the BCC and the replay together.
The chain decides. Same agent class, same merchant. Opposite outcomes when the behavior diverges from the commitment. The reviewer does not have to trust the agent's vendor. They verify the credential against AgentLair's DID and read the audit chain themselves.
What is an AgentLair behavioral commitment credential?
A W3C-verifiable credential issued under the BCC-Claims profile and signed with eddsa-jcs-2022. Anchored at the issuer DID did:web:agentlair.dev. Verifiable from any third party (bank, merchant, regulator) without a call to AgentLair's API.
Verify the live one yourself: agentlair.dev/v1/bcc/bcc_m6891bdxjGULqMCb4wK0/verify. Returns valid:true and the full evidence chain.
Identity at the gate is solved.
What happens after isn't.
Dispute resolution is the layer the May 2026 agentic-payments stack still doesn't touch. AgentLair sits exactly there.