PayPal just turned ‘add to cart’ into ‘chat to purchase’—and developers are orchestrating behaviors instead of coding transactions.
The promise of AI agents autonomously conducting commerce is no longer science fiction—it’s the architecture being built today at PayPal. Two groundbreaking sessions led by Nitin Sharma at PayPal’s Developer Days 2025 revealed the technical underpinnings of this transformation.
In Brief
At PayPal Developer Days, technology leaders unveiled the Model Context Protocol (MCP) infrastructure powering both PayPal and Venmo’s agentic experiences. MCP serves as a standardized “USB interface” for AI agents, enabling seamless connections to enterprise services, particularly in payment processing and social commerce. These implementations underscore PayPal’s strategic investment in what CEO Alex Chriss calls “the third chapter of commerce”—agentic commerce—where AI agents autonomously negotiate, discover, and transact on behalf of users. Amid rising competition from fintech disruptors and tech giants, PayPal’s embrace of MCP uniquely positions it as an architect of AI-driven commerce.
What is MCP?
MCP (Model Context Protocol) is an open standard designed to let AI agents seamlessly connect with external services and data sources. As PayPal explained, MCP functions similarly to the universal adoption of USB—creating a standardized, easily accessible interface where “somebody can plug things into other things without a human chaperone.” The protocol supports two-way connections (local or remote), cross-device compatibility, and multi-agent workflows. Just as USB simplified device connectivity, MCP significantly streamlines AI agent integrations, transforming weeks of custom coding into mere hours of setup.
The Technical Foundation of Agentic Commerce
From Manual Processes to Conversational Commerce The deeply technical main session vividly contrasted pre-AI and post-AI commerce workflows. “Way back when, before there were AI assistants,” Sharma explained, “if a merchant or their agent wanted to do something unique, something specific, the workflow typically required numerous manual steps.” Traditionally, merchants needed to “log in manually to dashboards, complete lengthy forms, customize payment options, then manually send payment links.” Sharma emphasized simplicity: “Plugging into MCP should be as easy as plugging in your phone.”
MCP dramatically simplifies this: now complex workflows become effortless conversations. Demonstrations highlighted merchants creating invoices through simple voice commands or uploading Excel files to instantly generate multiple invoices. The technical backbone is PayPal’s MCP server, described by presenters as being “remotely hosted so merchants can use it as an Enterprise extension with any preferred AI assistant.”
Before MCP:
Custom API mappings
Manual parameter parsing Extensive debugging cycles
After MCP:
Standardized integration
Instant API access
Focused innovation on agent features
Imagine a small business owner effortlessly invoicing an entire month’s sales simply by saying, “Bill my regular clients for March,” without ever touching a keyboard.
Technical Architecture of PayPal’s MCP Implementation
The architecture discussion revealed how PayPal’s MCP implementation reduces development complexity. “Before PayPal MCP,” the speaker explained, “if you wanted to create an agent with payment capabilities, you typically had to build an entire agentic workflow… identifying and invoking the appropriate PayPal APIs, mapping them to the correct APIs based on use cases, parsing parameters from prompts, and handling responses.”
The essential innovation: “Now all you need to do is plug in the PayPal MCP server into your agent. It’s like USB-C—once connected, your agent is fully loaded with PayPal services.”
This architecture allows developers to focus on creating innovative agentic experiences rather than wrestling with integration details. As emphasized in the design principles discussion, “The tool needs to sit in a standard location which is discoverable by agents… a single source of truth implemented as a catalog or service.”
Design Principles for Enterprise MCP Toolkits
Nitin Sharma’s detailed exploration of MCP design principles offered a comprehensive framework for enterprise implementation, organized into three critical categories:
1. Tool Organization & Governance: Who Gets the Keys?
The presenter emphasized that well-designed toolkits require careful organization: “The tool needs to sit in a standard location which is discoverable by agents.” He outlined several key governance considerations:
Access Control: “Not every agent has blanket ability to call it. We need some access control… What environments and what agents should we be whitelisting?”
Unique Identity: Tools must “encode namespace and an upgrade path” with a consistent identity scheme
Schema Validation: “You want to have a very specific schema contract where input and output are explicitly defined”
Policy Guidelines: Define “what should be your rate limit capability… How much rate limiting you want to apply… What are the timeout rules”
Auditing and Traceability: “This ensures observability when external agents call the MCP server… Who were the callers? When did they call? What kind of input/output format?”
2. Tool Behavior & Design
Beyond organization, the presentation detailed behavioral guidelines for MCP tools:
Modularity and Single Focus: “The tool should be doing exactly one thing… a single point of reference for tools and not necessarily have multiple tools that have multiple verbs”
Concise Input/Output: “Schema not too nesting so your observability is at trace and then same evaluation”
Context Requirements: “You want to be able to signal what screen contexts is required upfront or execution”
Latency Awareness: “Do you want your applications to be latency aware… what is the cumulative SLA that is associated with those API calls”
Composability: “You will have agents that potentially be chained… you might have one tool that is chained with another tool”
3. Tool Lifecycle Management
The final category addressed how MCP tools should evolve over time:
Usage Pattern Monitoring: “How do you monitor usage patterns… What are the total number of invocations?”
Validation Checks: “You have CI checks there for schema validation on latency budget”
Maturity Tagging: “You want to be able to differentiate between experimental environments and production… tagging as ‘dev’, ’test’, ‘stable’”
Deprecation Workflow: “Automatically sunset an agent… identify deprecation date and what’s the replacement tool”
Backward Compatibility: “Tool changes should not break existing integrations”
Securing MCP: Protecting Sensitive Data Flows
The presentation extended to critical security considerations, showing examples of insecure versus secure MCP implementations. A single overlooked vulnerability could expose thousands of transactions. MCP addresses this by rigorously encrypting every sensitive data flow. The risk categories identified included:
PII Oversharing: Avoid unnecessary sensitive data in payloads.
Unencrypted Credentials: Eliminate plaintext identifiers.
Replay Attacks: Prevent repeated reuse of transaction envelopes.
Context Enrichment: Ensure proper scoping of contexts per interaction.
To address these risks, the speaker detailed an improved MCP envelope with several security enhancements:
TLS Transport Security: “TLS one MTLS security in transit”
HMAC and JWT Signatures: For authentication and authorization
Schema Validation: “Reject any malformed or oversized schemas”
Field-Level Encryption: “Prevents log credentials to be transmitted and minimizes PII exposure”
PII Tagging: “If there is any data attribute that is PII sensitive… there’s a tag of PII being true and the fact that needs to be encrypted”
Beyond MCP: Complementary Agent Protocols
The forward-looking analysis explored how MCP functions alongside other emerging protocols, particularly looking at Google’s Agent-to-Agent (A2A) protocol. A2A handles the introductions; MCP manages the conversation. Together, they redefine how agents securely collaborate.
“While A2A actually provides dynamic cross-agent discovery and task delegation… it operates at a much higher level of abstraction… the context exchange that happens there is minimal,” Nitin explained. “You’re not sending a ton of context, but you are just allowing discovery capabilities.”
The complementary relationship was illustrated through a flow diagram showing how:
A user calls a merchant’s agent
The merchant agent discovers the PayPal agent via A2A broker
The A2A broker provides an agent card with endpoint, capabilities, trust level
Once the agent relationship is established, MCP handles the detailed function calls
As summarized: “The landscape is complementary… There is a distinct but still interlocking role player… across different HTTP flows.”
Real-World Implementation: Venmo’s MCP-Powered Search Experience
The second presentation by Sharma demonstrated how Venmo has implemented MCP to transform user interactions through natural language processing. This implementation directly aligns with PayPal’s broader agentic commerce vision.
Venmo as a Social Commerce Network
Sharma positioned Venmo uniquely as “a social network built around commerce,” where users interact with friends and acquaintances in a social context while completing financial transactions. The traditional Venmo experience has users “mostly use it to pay and get paid,” requiring them to search for contacts by name or handle.
The transformed vision allows users to interact with Venmo through natural language, asking complex questions like:
“What did I spend on lunch in SF last quarter?”
“Pay my friend Andy $50”
“Schedule my rent payment with my landlord”
“What restaurants in SF are my friends dining at?”
“What handyman services are trending in my neighborhood?”
Venmo’s MCP Toolkit Architecture
The presentation provided a detailed view of Venmo’s MCP implementation, structured around five core toolkit components:
Account Tool: Handles authentication and balance checking
Social Graph Tool: Discerns relationships between users
Funding Tool: Queries available funding instruments
Transaction Tool: Facilitates payment completion
Memo Analysis Tool: Generates filters to search transaction memos using NLP
The demonstration walked through two primary use cases:
Use Case 1: Peer-to-Peer Payment Flow
The first demo showed a user asking: “I want to send $20 to my friend Andy Smith.” The system:
Checked account balance ($180 available)
Located Andy with handle “andysmith993”
Sent $20 and updated the balance
Behind the scenes, this involved:
Client-side LLM interactions to determine appropriate tools
MCP client library calls to the server
Server-side API calls to Venmo’s backend services
Use Case 2: Recurring Payment Scheduling
The second demo illustrated a more complex transaction: “I want to schedule the rent payment to my landlord.” The system:
Generated filters to search transaction memos for “rent” and related terms
Located past landlord payments to identify the recipient
Identified funding instruments (bank account and card)
Confirmed details and scheduled the recurring payment
This workflow utilized additional tools:
Memo Analysis Tool for understanding transaction history
Transaction Analysis Tool for identifying patterns
Risk assessment of funding instruments
Analytics and Insights Use Cases
Nitin also demonstrated analytical use cases, showing how users can ask:
“How much have I spent on food this year?”
“Give me a three-month summary of transactions and volume on my business account”
These interactions leverage the Transaction Analysis Tool to aggregate data by merchant category codes (MCCs) and provide business insights.
Developer Reactions and Q&A
The Q&A sessions revealed key technical challenges and insights:
Tool Selection and Determinism
One developer asked about ensuring the correct tool gets called consistently. The response indicated that tool selection reliability “depends from LLM to LLM and model to model… All the tool picking is reliable on the LLM,” noting that “most of the bigger LLMs, well-trained LLMs, have a 100% probability of picking the right tool.”
Backward Compatibility Challenges
Another participant raised concerns about maintaining backward compatibility when signatures change. The speaker acknowledged this as an evolving area: “When you release your first few tools, you start organizing them behind toolkits, and then you’ll certainly go through some version controls.”
The solution involves careful lifecycle management: “You still keep one or two past versions active so that way there is sufficient fallback.”
Agentic Experience UX Challenges
A developer asked about security during conversations and handling dynamic customer preferences. The speaker emphasized the importance of chain-of-thought reasoning: “A lot of it goes back to just the chain of thought reasoning all the stack, and then make sure that becomes explained.”
Multi-Entity Payment Handling
A question about handling payment splitting across multiple friends highlighted the challenge of compound queries. Sharma detailed: “Compound verbs like… I want to split payment between multiple entities… you are still finishing a payment transaction, but you’re abstracting it at a higher level.”
The key insight: “The backend APIs stay the same. And you figure out a lot of the processing up front… The LLM does some heavy lifting upfront.”
Trust in Cross-Agent Transactions
The final question addressed trust in agent-to-agent interactions outside established networks. The presenter elaborated that the A2A protocol includes trust attributes: “A2A protocol actually has agent card has an attribute that is identified as trust level… protocol owners actually own the trust attribute there.”
The Path Forward: Key Takeaways for Technical Leaders
Both presentations revealed critical insights for organizations implementing agentic commerce capabilities:
From PayPal’s MCP Implementation
Standardized Orchestration: Create consistent patterns for agent interactions
Out-of-Box Implementation: Make toolkits ready without extensive integration
Rapid Agent Assembly: Enable quick use of MCP-compliant patterns
Modular Observable Design: Build governance into the system architecture
Cross-Agent Discovery: Create networks that could be decentralized
From Venmo’s Implementation
Modular Tool Abstraction: “Wrapping Venmo’s API in a shown tool and the flows are reusing the tools instead of duplicating the logic”
Post-UX Design: “Users speak and play in English and automatically intent parsing and follow-ups happen through LLM prompting”
Generalized LLM Orchestration: “Running the model on the MCP server with consistent versioning and logging”
Robust Fallback and Validation: “Built-in balance checks… prompt back to the user”
Extensibility: “Extend the current tool framework and add more functions on top of it”
The Future of Agentic Commerce Infrastructure
As PayPal builds out the infrastructure for Alex Chriss’s vision of agentic commerce, these technical implementations demonstrate how the theoretical becomes practical. The platforms being built today at PayPal and Venmo will enable AI agents to negotiate, discover, and transact on behalf of users, creating entirely new commerce paradigms.
For technical leaders, the path forward requires careful consideration of several questions:
How will your organization’s APIs evolve to support agent-based discovery and interaction?
What governance frameworks will ensure security while enabling innovation?
How can you balance deterministic functionality with the probabilistic nature of LLMs?
What new user experiences become possible when natural language replaces traditional interfaces?
At the intersection of commerce and artificial intelligence, PayPal is not just theorizing about the future—it’s building the protocols, standards, and implementations that will power the next generation of commerce experiences. The emerging field requires “standardized orchestration… out of box implementation… rapid agent assembly… modular observable design… and cross-agent discovery.”
The infrastructure of agentic commerce is being assembled today, one protocol at a time.
References:
PayPal MCP & Agent ToolKit: paypal.ai
PayPal REST API: developer.paypal.com/api/rest
Google A2A: google.github.io/A2A
Venmo API: venmo.com/docs/overview