Stripe¶

Stripe Engineering (stripe.com/blog) is a Tier-1 source on the sysdesign-wiki. Stripe is a global payments company whose engineering blog documents infrastructure, reliability, and developer-tooling work at payments-grade scale. Wiki coverage spans four complementary axes: (1) load-bearing payments infrastructure (DNS, networking, incident retrospectives) — canonicalised by the 2024-12-12 DNS-infrastructure post; (2) agentic commerce + agent-native payment primitives — canonicalised by the 2026-03-12 "10 things we learned" retrospective on the first six months of production ACP deployments; (3) agent-provisioning as orchestrator — Stripe as the identity + payment attestor for agents provisioning resources at external cloud providers, canonicalised by the 2026-04-30 joint launch of Stripe Projects with Cloudflare; and (4) network-effect fraud detection across payment methods, processors, and merchants — canonicalised by the 2026-05-27 Sessions Radar expansion (cross-payment-method propagation, multiprocessor signal export, custom fraud models, agentic-era abuse vectors, platform-tier merchant-risk signals).

Key systems¶

Infrastructure axis (2024-12-12 canonical)¶

systems/unbound — open-source recursive DNS resolver; Stripe runs it on every host (local caching tier) and on a central cluster of DNS servers. The central cluster forwards by zone: service-discovery queries to systems/consul, Route-53-hosted domains and public Internet to the systems/aws-vpc-resolver.
systems/aws-vpc-resolver — rate-limited to 1,024 pps per network interface; canonical source of the Stripe DNS-packet investigation.
systems/consul — Stripe's service-discovery substrate, fronted by Unbound so application code uses plain DNS to resolve services.
systems/aws-route-53 — host for Stripe's configured private domains.

Agentic commerce axis (2026-03-12 canonical)¶

systems/agentic-commerce-protocol — the Agentic Commerce Protocol (ACP), co-developed with OpenAI in September 2025; four releases to 2026-03-12 (payment handlers, scoped tokens, extensions starting with discounts, built-in buyer auth, native MCP transport).
systems/stripe-agentic-commerce-suite — Stripe's protocol-agnostic commerce product spanning ACP + Google UCP + future standards; catalog syndication + SPT issuance + fraud + onboarding in one layer.
systems/stripe-link — Stripe's digital wallet, repositioned as the agent-friendly returning-customer identity / checkout fast path to close the agent-identity- resolution gap. As of the 2026-04-29 launch of Link's wallet for agents, Link gains a second capability axis — agent- facing programmatic access — described below.
systems/stripe-radar — Stripe's fraud engine, adapted for agentic traffic by substituting Stripe-network-density signals for the human-behavioural fingerprinting that vanishes on agent surfaces.
systems/stripe-paymentintents-api — Stripe's payments API, extended with machine-payment deposit-address generation for x402-mediated agent-to-API per-request stablecoin (USDC on Base) charges.
systems/x402-protocol — open HTTP 402 standard; Stripe's machine-payment rail plugs into x402 on the negotiation side.

Agent-wallet / Issuing-for-agents axis (2026-04-29 canonical)¶

systems/stripe-link-wallet-for-agents — launched 2026-04-29 as the agent-facing wrapper on Link. Consumer grants an agent access via a standard OAuth flow; agent creates a spend request with scope (amount, currency, merchant) + human-readable context; consumer approves or rejects in the Link web / iOS / Android UI; wallet mints a scoped credential (single-use virtual card or SPT) and returns it to the agent for one transaction. Claimed reach: more than 200 million consumers addressable through Link membership. Launch posture: every spend needs human approval; roadmap adds user-set spending limits + autonomy tiers.
systems/stripe-issuing-for-agents — launched 2026-04-29 as the developer primitive underneath Link's wallet for agents. Extends the full Stripe Issuing API surface with agent-specific capabilities: single-use virtual cards, fund storage, spending controls, transaction monitoring, advanced fraud tools. Four use-case shapes enumerated at launch — developer-owned business spend, fintech expense management, vertical-SaaS SMB tooling, marketplace seller tooling. Third parties can build competing wallets on the same primitive.
systems/stripe-issuing — canonical-stub for Stripe's parent card-issuance product (pre-2026-04-29; first wiki home created via this ingest). Substrate for the new agent-specific primitives.

Agent-provisioning axis (2026-04-30 canonical)¶

systems/stripe-projects — Stripe's CLI + plugin (open beta at launch 2026-04-30) that plays the orchestrator role in the agent-provisioning protocol co-designed with Cloudflare. Ships with the Stripe CLI; three commands carry the flow — stripe projects init, stripe projects catalog, stripe projects add <provider>/<service>. Holds the user's signed-in identity + payment method; issues payment tokens with scope + cap; stores credentials returned by providers; enforces a default $100/month-per-provider spending cap.
PaymentIntents (extended) — Stripe's payment primitive extended to carry the payment-token rail for agent-provisioning. Composable with both the machine-payment use case (deposit-address generation) and the agent-provisioning use case (scoped token to external cloud provider).

Fraud-detection axis (2026-05-27 canonical)¶

systems/stripe-radar (extended) — Stripe's fraud engine, expanded along four axes at the 2026-05-27 Sessions roundup: cross-payment-method coverage (signals propagate from cards to bank debits / BNPL / wallets / crypto / real-time payments / cash vouchers network-wide; 71% suspected-fraud reduction for businesses using BNPL+wallets alongside cards); multiprocessor signal export (predictive signals as B2B API for non-Stripe-processed transactions; two signals at disclosure — early-fraud-warning likelihood and fraudulent-dispute likelihood); custom fraud models (tenant-private features fused with global network features for per-tenant deployed models; 15% more fraud detected with no false-positive increase for early adopters); and agentic-era abuse vectors (multi-account abuse, pay-as-you-go abuse, bot-score on Stripe Checkout).
systems/stripe-radar-for-platforms — platform-tier variant of Radar; 0-to-100 fraud scores per business and transaction, AI-powered explanations, account-level metrics. Hosts three new merchant-risk signals: fraudulent website (analyses business websites for AI-generated copy / unrealistic luxury pricing / typo-squat URLs as generative-AI-augmented-fraud counter-measure), fraudulent merchant (Stripe-network-wide pattern analysis on bank accounts / business details / transaction activity / disputes), and merchant delinquency risk (forward-looking 60-day-negative- balance prediction).
systems/stripe-smart-disputes — AI-powered dispute management; new at 2026-05-27 are AI-recommended evidence (claimed 3× win rate with AI-suggested evidence vs none) and the evidence library (auto-selecting stored documents based on reason code × network × cardholder claim). Companion to Radar on the post-dispute axis vs Radar's pre-transaction axis.
systems/stripe-checkout — surface for the new bot-score signal on agentic-commerce traffic.
systems/affirm, systems/klarna, systems/cash-app, systems/paypal — non-card payment-method partners named in the 71% cross-payment-method-coverage outcome.
systems/elevenlabs — Stripe Radar customer with disclosed production reference (2,000 users/day blocked from free-tier abuse via multi-account-abuse detection).

Recent articles¶

2026-05-27 — Expanding Stripe Radar to protect more of your business. Stripe Sessions feature-roundup announcing the "biggest expansion ever" of Stripe Radar across four axes: (1) cross-payment-method coverage — Radar now protects all supported payment methods globally (bank debits, BNPL via Affirm / Klarna, digital wallets via Cash App / PayPal, crypto, real-time payments, cash vouchers); a fraud signal detected on a card transaction (IP, device fingerprint) propagates as a flag against the same actor on every other payment method; canonicalises cross- payment-method signal propagation and the cross-payment- method fraud network pattern. 71% suspected-fraud reduction over five months for BNPL+wallet+card combos. (2) Multiprocessor signal export — Radar exposes two predictive signals as a B2B API usable on non-Stripe-processed transactions: early-fraud-warning likelihood (paired with the preemptive refund pattern) and fraudulent-dispute likelihood; canonicalises concepts/multiprocessor-fraud-signal-export and the patterns/multiprocessor-signal-as-api pattern; positions Radar as fraud-detection-as-network-API decoupled from payment processing, so the Stripe-network signal density is monetisable independent of acquiring relationships. (3) Custom fraud models — tenants pass private features (product catalog data, loyalty status, behavioural metrics, any structured metadata); Stripe fuses with global network data and deploys a per-tenant model; canonicalises the tenant features + network data hybrid pattern (distinct from pure-shared, pure-per-tenant-from-scratch, and federated learning); claimed 15% more fraud detected with no false-positive increase for early adopters. (4) Agentic-era abuse vectors — three new fraud-class primitives debut: multi-account abuse detection at sign-up using device fingerprints / IP / email-domain network signals ("more than 1 in 6 sign-ups at AI companies are linked to multi-account abuse"; production reference ElevenLabs 2,000 users/day blocked); pay-as-you-go abuse prediction-as-usage-accumulates (intervene before billing rather than chase nonpayment after the fact); agentic-commerce bot score on Stripe Checkout (canonicalises the score-not-decision pattern; addresses the agentic-commerce hard problem that legitimate AI agents and malicious bots are both nonhuman traffic, so the classifier is authorised-agent-vs-malicious- bot not human-vs-bot — sibling-clusters with the 2026-03-12 Radar adaptation that substituted network- density signals for vanished human-behaviour fingerprints, with this post adding the inverse classifier on the same surface). Platform tier: [[systems/stripe-radar-for- platforms]] hosts 0-100 fraud scores per business + transaction, AI-powered flag explanations, account-level metrics + three new merchant-risk signals — fraudulent website (LLM-era counter to gen-AI-augmented merchant fraud: detects AI-generated copy / unrealistic luxury pricing / typo-squat URLs), fraudulent merchant (Stripe-network-wide pattern analysis on bank account / business details / transaction activity / disputes), and merchant delinquency risk (forward-looking 60-day-negative- balance prediction; distinct from current-state fraud risk). Smart Disputes: systems/stripe-smart-disputes introduces AI-recommended evidence (claimed 3× win rate vs no evidence) and the evidence library with three-key auto-selection (reason code × network × cardholder claim) per the evidence- library auto-selection pattern. Wiki pages created (4 systems + 4 partner stubs + 12 concepts + 6 patterns): 4 first-class systems (systems/stripe-radar-for-platforms, systems/stripe-smart-disputes, systems/stripe-checkout, systems/elevenlabs); 4 BNPL/wallet partner stubs (systems/affirm, systems/klarna, systems/cash-app, systems/paypal); 12 concepts (concepts/multi-account-abuse, concepts/pay-as-you-go-abuse, concepts/free-trial-abuse, concepts/agentic-commerce-bot-score, concepts/multiprocessor-fraud-signal-export, concepts/early-fraud-warning, concepts/fraudulent-dispute-prediction, concepts/merchant-delinquency-risk, concepts/fraudulent-website-detection, concepts/fraudulent-merchant-detection, concepts/network-effect-fraud-detection, concepts/cross-payment-method-signal-propagation, concepts/evidence-library-for-disputes); 6 patterns (patterns/cross-payment-method-fraud-network, patterns/tenant-features-plus-network-data-fraud-model, patterns/preemptive-refund-on-early-fraud-warning, patterns/bot-score-on-checkout, patterns/multiprocessor-signal-as-api, patterns/evidence-library-with-auto-selection). Wiki pages extended: systems/stripe-radar (substantially rewritten — four-axis structure replaces the prior single-axis agentic-commerce stub). Cross-source continuity: direct sequel and complement to the [[sources/2026-03-12-stripe-10-things-we-learned-building-for-the-first-generation-of-agentic-commerce|2026-03-12 Stripe Radar agentic-commerce adaptation]] — that post substituted Stripe-network-density signals for vanished human-behaviour fingerprints (let legitimate agents in); this post adds a malicious-bot-score classifier on the same checkout surface (keep illegitimate bots out). Together the two pieces are complementary halves of agentic-commerce fraud detection. Sibling to the broader Stripe agentic- commerce ecosystem (2026-04-29 Link wallet + Stripe Issuing for agents, 2026-04-30 Stripe Projects) — fraud detection is the defensive layer under the offensive agentic-commerce + agent-wallet + agent-provisioning rails. Caveats (extensive — see source page): announcement- shape post not architecture deep-dive; no model class disclosed; no QPS / latency / training-data scale; no multi-account-abuse signal-fusion mechanism; no pay-as-you- go-abuse prediction-horizon / precision-recall; no bot-vs-legitimate-agent disambiguation signals named; 71% baseline unstated; 3× dispute-win compares to no evidence not human-curated; no PCI / privacy posture for multiprocessor signal export. Return contract: ingested: wiki/sources/2026-05-27-stripe-expanding-stripe-radar-to-protect-more-of-your-business.md — 30 wiki pages touched
2026-04-29 — Giving agents the ability to pay. Launch of Link's wallet for agents (consumer product) + the underlying Stripe Issuing for agents (developer primitive). Canonicalises the agent-wallet-over-raw-credential-issuance architecture: agent interacts with a wallet endpoint ("give me a scoped credential for this cart"), wallet mints a one- time-use virtual card or a SPT backed by the consumer's Link-vaulted funding instruments, agent never sees the raw card. Three protocol load-bearing primitives: (1) standard OAuth flow for the initial access grant (canonicalises patterns/oauth-granted-access-to-user-wallet); (2) spend-request API with structured scope + human- readable context (CLI shape: link-cli spend-request create --payment-method-id csmrpd_12345 --merchant-name "Powdur" --merchant-url "https://powdur.com" --amount 3500 --context "..." --request-approval); (3) per-transaction human approval as the launch-default hard gate before any credential is released (canonicalises concepts/per-transaction-human-approval-for-agent-spend and the composing pattern). Claimed distribution: 200 million+ Link consumers. Roadmap: user-set spending limits + autonomy tiers so agents can act without per-transaction approval below a user-defined threshold (Stripe's agentic-commerce-altitude analogue of the budget-cap primitive that Stripe Projects already ships at the agent- provisioning altitude). Stripe positions the launch explicitly as a bridge-to-existing-rails: "while machine payments protocols are still gaining adoption, agents need to work with the payment options sellers and consumers use today" — referencing but not requiring the Machine Payments Protocol (MPP) at stripe.com/blog/machine-payments-protocol (sibling on the machine-payment altitude, not ingested here). Four use-case shapes disclosed for the developer-facing Issuing-for-agents primitive: (a) developer-owned business-spend automation, (b) fintech expense-management with agent-issued cards, (c) vertical-SaaS SMB tooling under the platform's brand, (d) marketplace seller tooling automating supplier / logistics payments. Wiki pages created (5 new systems + concepts + patterns): 3 systems (systems/stripe-link-wallet-for-agents, systems/stripe-issuing-for-agents, systems/stripe-issuing stub), 3 concepts (concepts/agent-wallet-over-raw-credential-issuance, concepts/single-use-virtual-card-for-agents, concepts/per-transaction-human-approval-for-agent-spend), 2 patterns (patterns/spend-request-approval-before-credential-issuance, patterns/oauth-granted-access-to-user-wallet). Wiki pages extended: systems/stripe-link (second capability axis: wallet-for-agents + 200M consumers + iOS/Android apps), concepts/shared-payment-token (new wallet-for-agents issuance path distinct from ACP checkout path), concepts/payment-token-over-credit-card-sharing (third-instance-shape at the wallet altitude), concepts/machine-payment (explicit MPP reference + bridge-to-existing-rails posture), concepts/agentic-commerce (consumer-wallet-altitude instance of agentic commerce), concepts/agent-identity-resolution-gap (consumer-side identity-anchor mitigation via Link membership). Cross-source continuity: consumer-altitude sibling to the same-day 2026-04-29 Databricks / Lakebase / Stripe Projects launch — both 2026-04-29 Stripe-ecosystem posts together position Stripe's agent-payment stack as covering both consumer-facing commerce (this post) and developer-facing infrastructure provisioning (Databricks). Direct sequel to the 2026-03-12 agentic-commerce retrospective — that post canonicalised SPT + Link's returning-customer fast path; this post operationalises both as a runtime issue-me-a-scoped-credential endpoint accessible via OAuth + per-spend approval. Consumer-altitude complement to the [[sources/2026-04-30-cloudflare-agents-can-now-create-cloudflare-accounts-buy-domains-and-deploy|2026-04-30 Cloudflare + Stripe Projects]] one-day-later agent-provisioning launch — the two posts together canonicalise Stripe's three-altitude taxonomy of agent-initiated money movement (agentic commerce + agent provisioning + machine payments) across two consecutive days, with the Link wallet (this post) and Stripe Projects (2026-04-30) as the two product-shipped altitudes and MPP / x402 / stablecoins as the still- maturing third. Caveats: no production numbers (latency, throughput, approval-cycle-time); OAuth scope schema not disclosed; credential-type selection heuristic (card vs SPT) not disclosed; spending-limit cap-magnitude / period not disclosed; approval-UI anti-phishing measures not disclosed; funding flow mechanics not disclosed; refund / dispute routing not disclosed.
2026-04-29 — Databricks and Stripe Projects: Infrastructure Built for Agents (Databricks-co-authored companion launch post). Announces Databricks as the second launch-partner for Stripe Projects alongside Cloudflare (whose canonical launch post ships 2026-04-30). Adds serverless Postgres databases (Neon, under the Lakebase architecture name) as a second resource class in the Stripe Projects catalog beyond Cloudflare's domain / Workers compute. Discloses the first wiki operational datum for the protocol: <350 ms agent-driven provisioning time for a production-ready Neon Postgres, "without any human interaction." Introduces concepts/agent-provisioned-database as a new database-tier concept, sibling of concepts/agent-provisioned-account — specialises the agent-provisioning protocol to data-bearing resources with three substrate pillars: sub-second provisioning + scale-to-zero economics + compute-storage separation. Third canonical cross-source confirmation of compute-storage separation as Lakebase's load-bearing property — with a new axis (per-request compute lifecycle at agent-initiated cadence) beyond the previous CMK and bursty-workload axes. Adds Databricks/ Neon as third known-use of patterns/partner-managed-service-as-native-binding (after Cloudflare/PlanetScale + Fly.io/Tigris) and first agent-as-customer instance of that pattern with a payments-platform orchestrator. Announced alongside but distinct from the separate Stripe Data Pipeline × Databricks Marketplace zero-ETL integration. Tier-3 short post, ~300 words, ~40% architectural content; ingest-threshold passes on architectural-density minimum + new operational datum + first wiki record of a second launch-partner in the protocol + new agent-provisioned-database concept. Caveats: spend-cap / rate-limit / fraud-heuristic / orphan-cleanup policies not disclosed; <350 ms number is end-to-end-through-CLI not Lakebase-internal; Lakebase ↔ Neon branding collapsed in this post. Introduces concepts/agent-provisioned-database. Extends systems/stripe-projects, systems/lakebase, concepts/scale-to-zero, concepts/compute-storage-separation, concepts/database-branching, concepts/copy-on-write-storage-fork, patterns/agent-provisioning-protocol, patterns/partner-managed-service-as-native-binding. Cross-source continuity: one-day-earlier companion to sources/2026-04-30-cloudflare-agents-can-now-create-cloudflare-accounts-buy-domains-and-deploy — the two launch posts together canonicalise the agent-provisioning protocol as a two-provider / two-resource-class ecosystem from day one rather than a one-off Stripe↔Cloudflare bilateral.
2026-04-30 — Agents can now create Cloudflare accounts, buy domains, and deploy. Joint Cloudflare + Stripe launch of Stripe Projects as an orchestrator for agent-driven provisioning at external cloud providers, with Cloudflare as the first launch partner. Introduces a new protocol composing discovery (provider JSON service catalogs aggregated by stripe projects catalog), authorization (OAuth for existing accounts; auto-provisioned accounts via Stripe-attested identity for new users), and payment (payment tokens over raw card data; default $100/month/provider cap). Canonicalises patterns/agent-provisioning-protocol and the patterns/orchestrator-provider-agent-trust-triangle role topology — and extends Stripe's taxonomy of agent-initiated money movement from two altitudes (agentic commerce + machine payments) to three with agent-provisioned accounts / persistent cloud-resource lifecycle. Stripe Atlas incorporations come with a promotional $100k in Cloudflare credits via this protocol. Formal specification forthcoming. Wiki pages touched: 2 systems created (systems/stripe-projects + systems/cloudflare-registrar on the Cloudflare side), 4 concepts (concepts/agent-provisioned-account, concepts/provider-service-catalog-api, concepts/agent-payment-budget-cap, concepts/payment-token-over-credit-card-sharing), 2 patterns (patterns/agent-provisioning-protocol, patterns/orchestrator-provider-agent-trust-triangle).
2026-03-12 — sources/2026-03-12-stripe-10-things-we-learned-building-for-the-first-generation-of-agentic-commerce|10 things we learned building for the first generation of agentic commerce. Stripe's agentic-commerce retrospective, framed as a 10-item listicle lessons-learned post but nesting real architectural disclosures: the ACP four-release cadence; the Shared Payment Token (SPT) primitive as the agent-initiated payment-vault shape; patterns/protocol-agnostic-commerce-layer (Stripe's Agentic Commerce Suite covering ACP + Google UCP + future standards); the agent-identity gap and Stripe Link's response; catalog-syndication as the dominant up-front cost in concepts/product-catalog-syndication; phased SKU rollout with URBN's dresses-and-denim worked example; and the machine-payment primitive on top of PaymentIntents + x402 + USDC on Base for agent-to-API per-request payments.
2024-12-12 — The secret life of DNS packets: investigating complex networks. Investigation of hourly SERVFAIL spikes on internal DNS requests. Root cause: a Hadoop job reverse-resolving IPs in Cloudflare's 104.16.0.0/12 block saturated the AWS VPC resolver's 1,024-pps-per-ENI cap on the central DNS server cluster. Retries at client + local-resolver + cluster-resolver levels amplified traffic ~7×. Fix: distribute reverse-lookup forwarding from the central cluster to each host's local systems/unbound (the AWS cap is per-ENI, so N hosts = N× the effective ceiling). Canonicalises the VPC-resolver packet-rate-limit concept, DNS request amplification via retries concept, request-queue-depth metric concept, iptables-packet-counter-for-rate-metric pattern, and time-bucketed-tcpdump-capture pattern.

Themes¶

Incident investigation at the DNS layer. Stripe's debugging tool chain for DNS involves systems/tcpdump time-bucketed pcap captures, Unbound's dump_requestlist control interface, and systems/iptables packet counters re-used as a DNS-rate-metric source. The stack composes built-in Linux kernel primitives into a rate-observability substrate without deploying a new agent.
Per-ENI rate limits as architectural constraints. AWS infrastructure rate limits are often per-interface; fixing saturation by distributing load across more interfaces rather than raising the limit is a recurring Stripe-style pattern — documented here as patterns/distribute-dns-load-to-host-resolver and analogous in shape to other per-ENI limits (e.g. EC2's per-ENI packet-per-second network performance, per-ENI egress bandwidth).
Retry amplification as a first-class failure mode. Layered resolvers (client, local Unbound, cluster Unbound) each apply their own timeout + retry logic; when the bottom-of-stack upstream fails or slows, the amplification compounds multiplicatively rather than additively. Canonical concepts/dns-request-amplification-via-retries.
Protocol-agnostic commerce layer as vendor hedge against standards churn. ACP shipped four releases in its first six months; Google's UCP is in parallel development. Stripe's response is to absorb the protocol churn at the vendor layer — seller integrates once with Stripe, Stripe presents a stable seller-facing API and keeps the agent-facing protocol-translation layer current. Canonical pattern patterns/protocol-agnostic-commerce-layer.
Agent-initiated payments need a new credential primitive. The SPT inserts the agent as a first-class initiator role distinct from both buyer and seller, scoping the payment-credential authority to the agent's current intent (cart + amount window). Classical token-vault systems don't model an agent initiator — SPTs do.
Machine payments are a structurally different domain from agentic-commerce checkout. "A checkout session with shipping, loyalty, and a human confirmation step" vs "a fast, programmatic payment inside an HTTP call." Different primitives: ACP + SPT + card settlement for the former; x402
PaymentIntents + stablecoin for the latter. Both are "agentic" but solve non-overlapping problems — see the concepts/agentic-commerce ↔ concepts/machine-payment concept boundary.
Phased SKU rollout for new channels. Stripe explicitly recommends starting new channels with narrow, ship-direct-to- home SKU sets; the URBN case disclosed in the 2026-03-12 post is a textbook instance. Pattern shape generalises beyond commerce to any new distribution-surface launch — see patterns/phased-sku-rollout-for-new-channel.
Agent-initiated money movement as a three-altitude taxonomy. With the 2026-04-30 launch, Stripe canonicalises three structurally distinct shapes: (a) agentic commerce (human buyer's money → seller, checkout-granularity, ACP rails); (b) machine payments (agent's own budget → API, per-call-granularity, x402 + stablecoin rails); (c) agent-provisioning (human user's money → service provider, subscription-granularity, payment-token + orchestrator-capped rails). Each has its own primitives, caps, fraud surfaces, and failure modes. See patterns/agent-provisioning-protocol.
Orchestrator role as a new platform primitive. Stripe Projects positions Stripe as the "identity + payment" attestor for agent sessions that provision resources elsewhere. This is a deliberately generic role — "any platform with signed-in users can integrate with Cloudflare in the same way Stripe does" — suggesting Stripe expects competitors and peers to adopt the orchestrator shape rather than settle into a Stripe-owned standard. Canonical pattern patterns/orchestrator-provider-agent-trust-triangle.
Network-effect fraud detection across three axes. Stripe Radar's value compounds along three orthogonal axes: payment-method coverage (signals propagate from cards to BNPL / wallets / bank debits / etc.), merchant coverage (a fraud actor seen at one Stripe merchant is flagged at every other), and transaction-processor coverage (signals exposed as B2B API for non-Stripe transactions). Each new payment method, merchant, and multiprocessor customer enriches detection on all the others. The 2026-05-27 expansion is the first wiki disclosure of all three axes simultaneously. Canonical concept concepts/network-effect-fraud-detection.
Agentic-era fraud is a distinct fraud-class taxonomy. The 2026-05-27 Radar disclosure introduces three first-class detection primitives for LLM-economy abuse vectors: concepts/multi-account-abuse at the sign-up surface, concepts/pay-as-you-go-abuse at the consumption-billing surface, concepts/agentic-commerce-bot-score at the checkout surface. Each targets a different abuse stage (account creation, usage accumulation, transaction authorisation) and requires its own detection primitives. The umbrella claim is that pre-2026 fraud taxonomies (stolen cards, account takeovers, chargebacks) miss the abuse vectors that LLM-economy agentic-commerce introduces.
AI-vs-AI defence at the platform tier. systems/stripe-radar-for-platforms's fraudulent- website signal explicitly counters generative-AI- augmented merchant fraud: when fraud actors can generate plausible storefront copy at scale, the platform's defence must use AI to detect at the same scale. The architectural claim is that manual review can't keep pace with gen-AI-augmented fraud production. Sibling signals on the same surface (fraudulent merchant and merchant delinquency risk) extend the same logic to network- pattern-based and forward-looking-financial detection respectively.
Custom fraud models as tenant-features-plus-network- data hybrid. The 2026-05-27 custom-fraud-models disclosure canonicalises a hybrid ML pattern distinct from federated learning (no cryptographic protocol) and from per-tenant-from-scratch (no network signal density): tenants explicitly send features to a central pipeline that fuses with network features and deploys a per-tenant model. The architectural payoff is that most prediction power comes from network features, with tenant features adding the last-percent of accuracy on tenant-specific cases. Canonical pattern patterns/tenant-features-plus-network-data-fraud-model.