Today, Azu is not talking about vision, but about failure. Because the most dangerous illusion in the agency era is: thinking that being able to 'call APIs' is equivalent to 'being able to run a business'. Without a dedicated payment and responsibility infrastructure, the most common outcome for agents in companies is not 'smartly making money', but 'reasonably spending money until it's gone', and then everyone sits in the conference room looking at each other, unable to articulate what exactly happened.
The first part of the story takes place in a company engaged in cross-border e-commerce. The boss is very excited, saying they will implement AI agents to automate procurement, advertising, customer service, and translation, with a budget set for it as well. The tech team, as usual, took the simplest approach: giving the agent a company credit card and a few API keys, allowing it to subscribe to tools, purchase data, and run cloud services. The first month seemed to go smoothly; the agent got many things 'running', ads started to be placed, inventory began to be replenished, and they even engaged a new translation service for customer support. In the second month, finance began to raise alarms: the bills were inflating in a strange way. Everyone checked and found that the problem was not a single large expense, but a pile of 'seemingly reasonable small subscriptions' and 'automatically renewing tools'. The agent, in pursuit of efficiency, tried more than a dozen advertising monitoring tools, each of which had a trial period, automatically charging once the trial expired; to reduce latency, it switched cloud services to a higher configuration, resulting in peak pricing even during low nighttime traffic; to 'be more stable', it purchased multiple data sources for cross-validation, ultimately making data costs higher than advertising. The most fatal issue was: all payments occurred on different platforms, with different card deductions, and different API bills, lacking a unified receipt semantics, with no traceable 'which task intention corresponds to this money'; finance could only see a pile of vendor names and deduction amounts, completely unable to replay them into a business chain. When you ask the agent why it made those purchases, it gives you an explanation of 'to optimize results', which also sounds reasonable; when you ask if it can stop, it replies, 'Stopping might affect the metrics.' In the end, the company could only brutally freeze the card, change all the keys, and the business was directly powered down, leaving the agent in the dark. This is not a hacker attack; this is 'automation eating away at the organization's budget discipline.'
The second story takes place in a SaaS company's attempt at 'outsourced finance'. The founder had a beautiful vision: let the agency handle all subscription renewals, cloud bills, travel bookings, generating reports automatically at the end of the month, thus liberating the finance team. However, the reality was that reconciliation became a nightmare. The agency activated multiple instances of the same SaaS with different accounts at different times, some linked to personal emails, some to team emails, and some charged to credit cards while others used corporate accounts; to 'avoid service interruption', it renewed subscriptions in advance, leading to duplicate payments for the same period; it changed plans to save costs, triggering the vendor's billing rules and resulting in a tangle of refunds and recharges. At the end of the month, finance opened the spreadsheet and found multiple different deduction records for the same vendor, with amounts and purposes not matching, and project attributions also unclear. When the auditing colleague asked: Where is the approval for this expense? Who approved it? Corresponding to which contract? Is there a limit? Is there a whitelist? Everyone fell silent because the agency's actions were not executed 'within the company's system', but were running wild 'under internet default rules'. You can't even say it was violating regulations because it simply operated along the shortest path to complete the tasks; it was just that the company did not provide it with the 'budget envelope, approval thresholds, or intent receipts' — the basic framework of modern corporate finance. In the end, you will find that the agency did accomplish tasks for you, but it also created more explanatory costs: you saved operational time but turned reconciliation and auditing costs into exponential growth.
The third story is even harsher, taking place during an external audit. The company claims to be compliant, with clear funding flows and robust internal controls. The auditor is not concerned with how smart your AI is; he only asks four questions: Who can access the funds? Where do the funds flow? Is it in accordance with the pre-approved policies? Who is responsible when problems arise? When you present the agency system, the auditor quickly identifies the pain points: your 'authorization' relies on API keys and account permissions management, not on revocable and layered agency identities; your 'approval' happens in Slack with a simple 'okay', not within a traceable approval trail; your 'payments' are scattered across dozens of platforms, with no unified settlement and receipts; your 'risk control' depends on post-event reports rather than pre-event limits and whitelists. The auditor ultimately gives a very realistic conclusion: you have degraded the control of funds from 'institutionalized' to 'engineer self-discipline', and once personnel changes or agency strategies change, internal controls become ineffective. Even worse, it is also very difficult for you to prove continuous compliance because you do not have a replayable responsibility chain. At that moment, you realize that without dedicated payment infrastructure, the agency system increasingly resembles a huge shadow finance department; it can operate, but it is not constrained by your company's institutional framework, nor does it provide the evidence needed for compliance.
These three failures appear very different, but the reasons for the collapse are consistent: without dedicated payment and authorization infrastructure, the agency's 'execution power' turns into the organization's 'uncontrollable expenditure', and fragmented payments drag reconciliation and auditing into a quagmire. What you lack is not a smarter agency, but three basic foundations: First, payments must be 'intentional', ensuring each transaction has a clear purpose and binding relationship; second, authorization must be 'layered', allowing agencies to only act within budget envelopes, with session permissions revocable at any time; third, receipts must be 'auditable', allowing finance and audit to replay the chain, rather than relying on screenshots and piecing together.
So, using negative contrast to highlight the necessity of KITE, the conclusion is actually quite straightforward: solutions like 'agency-native payment infrastructure' are not about 'enabling the agency to make payments', but about 'bringing the act of agency payments back into the corporate system'. When you can incorporate limits, whitelists, time windows, multi-signatures, and audit trails into the same payment path, an agency upgrades from a 'script that spends recklessly' to a 'digital employee' that can be internally controlled, audited, and held accountable. Without this foundational layer, the agency economy can take off, but it will do so in a way that is unbearable for the enterprise — the faster it runs, the harder it crashes.
