Sapiom CEO: Software is becoming the ‘customer' of the Internet
For twenty years, the Internet economy has been designed for humans. We built interfaces for human eyes, authentication for human devices, and financial, fraud, and risk models that assume a person is present to sign up, manage credentials, and approve spend.
That assumption is broken.
This is the opinion of Ilan Zerbib, founder & CEO of Sapiom, a company known for its financial infrastructure platform that enables autonomous AI agents to securely access, provision and pay for APIs, compute, and third-party services without human intervention or manual onboarding.
Economic activity is shifting from human-to-business to machine-to-business. Agents will go beyond simply chat UIs and will start to act. They’ll provision compute, purchase data, call paid APIs, and coordinate complex workflows.
Sapiom now has financial support from Accel, with participation from Gradient, Array Ventures, Okta Ventures, Menlo Ventures, Anthropic, Coinbase Ventures, Formus Capital and Operator Collective. The company also works with “strategic angels” from Shopify, OpenAI, Vercel, GitHub, Circle and Mercury – operators who understand payments, infrastructure… and (according to many) where AI is headed next.
Zerbib says his firm is building Sapiom on a simple premise: AI agents are already capable of doing real work, but they’re blocked from accessing the real economy.
Intelligence without access
Over the last decade, billions have gone into scaling model intelligence and almost zero into scaling access. Yet, the agentic era cannot progress until AI agents can autonomously access and operate across real-world systems and services.
The result is a paradox: agents are brilliant, but powerless.
“Today, AI agents can write code, but they cannot buy the infrastructure to run it. They can plan a marketing campaign, but they cannot pay for the SMS API to send it. They can design a landing page, but they cannot pay for the image generation to populate it. And they can build an app with user accounts, but they cannot provision the authentication service to secure it,” notes the company, in a press statement.
The company says money is the universal API key.
If an agent can safely spend, it can access anything – compute, data, inference, messaging and the long tail of specialised services – without waiting for pre-built integrations or vendor-by-vendor onboarding.
“Sapiom is making that possible today. We turn spend into a developer primitive, something software can do safely under policy – like any other call in the stack. We abstract the complexity of identity (KYA), wallets, policy enforcement, risk controls, metering, billing and multi-rails settlement behind a single integration,” notes the firm.
Each transaction through Sapiom creates verifiable context – agent identity, policy, vendor and outcome – that strengthens controls and risk management as usage grows. That feedback loop is what makes autonomous systems scalable and trustworthy for enterprises.
New primitives
“I’ve spent the last decade operating at the bleeding edge of the current financial stack – first as a founder at Earny (acquired in 2021), then at Shopify, where I spent nearly five years leading engineering in payments, scaling Shop Pay to over $100B in GMV and building Shop Cash from the ground up,” said Zerbib. “That experience taught me a fundamental lesson: you can’t force infrastructure built for one era to serve the next.
We spent years optimising the card-not-present stack for humans, but as AI agents began to emerge, it became obvious that human-centric rails would never support machine-centric commerce.”
History is consistent: every generational shift in commerce requires a new infrastructure layer.
- In-Person Commerce needed plastic cards (Visa/Mastercard).
- Internet Commerce needed developer payment APIs (Stripe).
- Machine Commerce needs a way for software to spend across the API economy.
AI agents aren’t just software – they are becoming economic actors. Zerbib thinks they will provision infrastructure, negotiate with vendors, allocate capital and operate continuously across trillions of dollars in activity. That future cannot run on rails built for humans clicking BUY.
The shift to machine commerce is happening now. In the near future, software will negotiate, procure and settle value at a scale that dwarfs human commerce.
Zerbib says The equation for this era is simple:
Reasoning × Access = Capability
The CEO says we don’t need a new model to create a step-function increase in capability. We need a new way for software to safely access the real economy. By making paid access programmable, the company aims to unlock the latent intelligence of the models you’re already paying for.
The Computer Weekly Developer Network (CWDN) spoke to Zerbib for more.
CWDN: This paradox you talk about, where agents are “brilliant but powerless” – how can we define the key technical or security roadblocks that currently prevent a high-reasoning model from interacting with legacy financial rails?
Zerbib: Legacy financial systems assume a human is always present. Identity, authentication and authorisation are built around verified people, persistent accounts and explicit approvals. That doesn’t map to agents, which are programmatic and task-driven.
Agents lack a trusted identity layer and a clear way to express bounded intent. If an agent initiates a payment, there’s no native way to verify it’s acting within policy or hasn’t been compromised. So teams either route everything through a human or rely on brittle API key setups. Neither scales and both introduce risk. Until identity and authorisation are rebuilt for agents as first-class actors, they remain locked out of real economic systems.
CWDN: Sapiom has said that “spend” can now be viewed as a developer primitive… how do you handle concurrency and rate-limiting for machine-to-machine transactions?
Zerbib: Traditional fraud systems flag high-frequency activity because it doesn’t look human. But for agents, that’s normal. We attach policy and context to every transaction: which agent is acting, under what rules, within what budget and time window. That lets us distinguish legitimate execution from anomalous behaviour.
On concurrency, we treat spend like any system resource: rate limits, quotas and backpressure enforced at the platform level. Agents can execute at scale, but always within defined boundaries. The shift is from detecting fraud after the fact to enforcing policy upfront, so machine-scale activity is both safe and predictable.
CWDN: How do you verify the identity and “intent” of an autonomous agent – and detect compromise or hallucination?
Zerbib: KYA means treating agents as first-class identities with defined permissions and policy boundaries. Each agent is tied to context: who created it, what system it belongs to and what it’s allowed to do.
Intent is enforced through policy. Every action is evaluated against constraints like spend limits, allowed services and rate thresholds before execution. When something goes wrong, it shows up as a deviation. Because every action is logged with context, you can detect and contain abnormal behaviour quickly.
The goal isn’t zero failure. It’s making failures bounded, visible and recoverable.
CWDN: How do you guard against “agentic inflation” – agents endlessly transacting without real value?
Zerbib: That happens when agents optimise for activity instead of outcomes. Policy enforcement prevents it. Agents operate within defined budgets, permissions and goals, tying execution back to business intent.
Attribution is equally important. When you can trace spend to a specific agent or workflow, you can evaluate whether it’s producing value and adjust if it’s not. Machine commerce doesn’t remove accountability; it shifts it. Humans define the constraints. Agents execute within them. With the right governance layer, you get efficiency – not runaway activity.
Zerbib: We treat spend like any system resource: rate limits, quotas, and backpressure enforced at the platform level – agents can execute at scale, but always within defined boundaries.