This is a submission for the Google I/O Writing Challenge
Google I/O 2026 said the word "agent" more than any other noun across both keynotes. Agents that code. Agents that research. Agents that plan your day. The dev community wrote about Antigravity, Gemini Spark, managed agents, agentic search.
But here's what nobody asked: how does an AI agent actually buy something?
Not "recommend a product." Not "show a link." Actually complete a purchase. Add to cart, select shipping, pay, confirm. On behalf of a human, talking to a merchant's backend, without ever loading a webpage.
Google shipped the answer at I/O. It's called the Universal Commerce Protocol. Almost nobody in the developer community noticed.
The problem UCP solves
Today, when you ask an AI assistant to buy you running shoes, it shows you a link. You click it. You land on a website. You add to cart, enter your address, fumble with Google Pay, and check out yourself. The "agent" was just a search engine with better grammar.
That's not agentic commerce. That's a recommendation engine.
Real agentic commerce means the agent talks directly to the merchant's system, builds a cart, applies shipping, and completes the transaction. No browser. No webpage. No human clicking through a checkout flow.
The blocker was always: there's no standard way for an AI agent to interact with a store programmatically. Every store has a different checkout API (if they have one at all). Most stores don't have one. They have HTML forms.
UCP fixes this. It's a REST API specification that turns any online store into a service an AI agent can call.
What UCP actually is
Universal Commerce Protocol is an open standard, open-source on GitHub, co-designed by Google and Shopify. It defines how AI agents discover products, build carts, handle shipping, and complete checkout.
It's already live. If you use AI Mode in Google Search (which crossed 1 billion monthly users at I/O), you've seen UCP-powered "Buy on Google" buttons. Those aren't just links. They're agent-initiated checkout sessions running over this protocol.
The three-sentence version: A merchant implements three REST endpoints. Google's agent (or any agent) calls them to create, update, and complete checkout sessions. The merchant stays in control of pricing, inventory, and fulfillment. The agent never touches payment credentials.
The checkout flow, step by step
Here's how a purchase works when Gemini Spark (Google's personal agent) buys shoes for you:
1. Agent builds the session.
The agent calls POST /checkout-sessions with the product IDs and a partial shipping address (city, state, zip). The merchant responds with prices, tax estimates, and shipping options.
{
"line_items": [
{ "item": { "id": "product_12345" }, "quantity": 1 }
],
"fulfillment": {
"methods": [{
"type": "shipping",
"destinations": [{
"address_locality": "Sunnyvale",
"address_region": "CA",
"postal_code": "94089",
"address_country": "US"
}]
}]
}
}
2. User reviews in a Google UI.
The agent hands control to a Google-rendered checkout page. The user sees the items, total, and shipping options. They select a payment method (Google Pay). The agent is not involved in this step. It never sees the credit card.
3. Google completes the session.
Once the user taps "Pay with GPay," Google calls POST /checkout-sessions/{id}/complete with the tokenized payment credential. The merchant processes the charge and returns an order confirmation.
That's it. Three endpoints: create, update, complete. A merchant who already has a checkout backend can implement this in a few days.
Why this matters more than another model announcement
Every I/O post I read this week talks about agents in the abstract. "Agents will change everything." "The agentic era is here." Cool. But an agent that can research and plan yet can't transact is just a chatbot with a longer context window.
Commerce is where agents become economically real. The moment an agent can spend money on your behalf (with your permission, within your budget), the business model for AI shifts from "subscription to a chat interface" to "commission on transactions completed." That's a different industry.
UCP is the plumbing that makes that shift possible. And the design choices are interesting:
The agent never handles payment. This is deliberate. The moment you hand sensitive data to an autonomous agent, you inherit liability nightmares. UCP sidesteps this by routing payment through a Google-controlled UI. The agent builds the cart. Humans authorize the money.
The merchant stays Merchant of Record. Google doesn't intermediate the transaction the way Amazon does. The merchant keeps their customer data, their relationship, their fulfillment. UCP is a protocol, not a marketplace.
It's compatible with MCP, A2A, and AP2. You can expose your checkout endpoints as MCP tools, use A2A for agent-to-agent negotiation, or plug into the Agent Payments Protocol. UCP doesn't lock you into Google's ecosystem. It defines the commerce primitives. The transport layer is your choice.
What this means if you build e-commerce
If you run a Shopify store, this is coming to you automatically. Shopify co-designed the protocol.
If you run a custom e-commerce backend, here's the integration surface:
-
POST /checkout-sessions(create a session from line items) -
PUT /checkout-sessions/{id}(update shipping, recalculate tax) -
POST /checkout-sessions/{id}/complete(process payment, return order) -
POST /checkout-sessions/{id}/cancel(cancel)
Google provides Python and JavaScript SDKs, plus a conformance test suite to validate your implementation. The SLO expectations are reasonable: 95% availability, p50 latency under 1 second for session creation.
The payoff: your products become purchasable directly inside Google Search AI Mode, the Gemini app, and (soon) anywhere an agent speaks UCP. No affiliate links. No "visit our website." Direct checkout inside the AI conversation.
The part nobody is talking about
UCP is expanding to lodging and food. Google has waitlists open for both verticals. That means hotel booking and restaurant ordering get the same treatment: an agent calls your API, the user confirms in a Google UI, the transaction completes without a website visit.
Think about what this does to SEO-driven e-commerce. If an agent can buy directly from a merchant's API during a Search conversation, the website becomes optional for the transaction. Discovery still happens (through product feeds in Merchant Center), but the conversion doesn't require a click-through anymore.
That's a structural change to online commerce. Not "AI will change shopping someday." It's live, it has SDKs, and merchants are integrating right now.
The skeptic's questions
"Is this just Google capturing more of the transaction?"
They'd argue no, because the merchant stays Merchant of Record. But Google does control the surface (Search, Gemini) and the payment layer (Google Pay). Draw your own conclusions on where the power concentrates over time.
"Will other platforms adopt UCP?"
It's open-source and Shopify co-designed it. That's meaningful. Whether Amazon, Meta, or Apple adopt it or build their own competing protocol is the billion-dollar question. Interoperability with MCP and A2A suggests Google wants this to be a lingua franca, not a walled garden. Time will tell.
"Do consumers actually want agents buying things for them?"
Probably not yet for expensive purchases. But for replenishment (toothpaste, dog food, contacts), routine bookings (same hotel, same rental car), and low-stakes impulse buys? The friction reduction is real. Google's Gemini Spark starts with a "check with you before taking major actions" guardrail for a reason.
Try it yourself
- Read the UCP documentation
- Browse the open-source spec on GitHub
- Grab the Python SDK or JS SDK
- Run the conformance tests against your endpoints
- Join the waitlist if you're a merchant
The protocol that lets AI agents spend money exists, is open, and is already processing transactions in Google Search. That's not a keynote prediction. It's infrastructure you can build on today.