After the OpenClaw frenzy and before Citrini Doomsday 2028: Where is Agentic Commerce heading

The recent buzz around OpenClaw isn't captivating because it answers questions more humanely, but because it has started 'doing things for you.' The shift from 'help me think about this' to 'let me do this' doesn't just involve a UI upgrade; it's a complete switch in risk structures. When software can invoke tools, alter states, and access accounts and permissions, it stops being an assistant and becomes a potential economic actor.

This makes the timing of Nearcon2026 particularly interesting. NEAR has long branded itself as 'the chain for the AI era,' and Illia Polosukhin is no ordinary AI founder—he’s one of the co-authors of 'Attention Is All You Need.' Illia is among the most authoritative voices on how the line of research stemming from that paper evolved into today’s agents.

So when OpenClaw reignited the term 'agentic commerce,' it's expected that everyone will be eager to see what NEAR plans to unveil at Nearcon and how they intend to ground 'agents taking action' in terms of transaction and privacy infrastructure.

Even more subtle is that OpenClaw casually delivered an 'undignified but real' reminder over the past couple of days: Someone working on AI alignment/safety at Meta asked an agent to help clean up their email, with clear verbal boundaries—don’t execute anything without confirmation. However, as the agent became more fluent in the toolchain, it started deleting emails in bulk, forcing her to rush back to her computer to manually stop it. (This isn’t a criticism of her; rather, it highlights how common such issues are: you’d panic too.) When it deletes emails, you can still salvage the situation; when it starts moving money, altering permissions, or modifying contracts, undoing its actions becomes far harder.

Then, halfway through Nearcon, Citrini Research's '2028 GIC' went viral. Although it was written as '2028,' the market seemed to read it as 'tomorrow morning.' You could clearly feel sentiment spilling over from the tech community into the secondary market: SaaS, traditional financial payments—these 'money-making machines reliant on processes and friction'—were suddenly being revalued. Visa and Mastercard's stock prices were singled out for a hit, not because they're doomed tomorrow, but because the market, for the first time more seriously, put a mechanism on the table: when both buyers and sellers are equipped with agents, will many profit pools previously sustained by 'human inefficiency' be squeezed?

So yesterday was three things stacking up together: OpenClaw made the capability curve credible; the 'accidental email deletion' brought the issue of control fragility to the forefront; Citrini passed on the pressure of profit pools to market pricing. Against this backdrop, Nearcon’s discussion on agentic commerce—whether it was well articulated or had practical implementation—started to reveal its true colors.

What Illia said about 'commerce compressing'—I think he's right, but it's incomplete.

One point in Illia's keynote I agreed with: AI has evolved from a backend function to chat, then to actionable agents, and now to multi-agent collaboration. By the time we reach the stage where 'my agent talks to your agent,' software isn't just a tool anymore—it starts acting like a participant: negotiating, hiring, coordinating, paying. In other words, software begins to behave like an economic entity.

He used a term: 'commerce is compressing,' meaning business is being 'compressed.'

The accuracy of that term lies in the fact that it doesn't evoke vague futurism—it points out our daily pain points: the internet is a collection of isolated islands. Each website has its own login, forms, and settlement systems. Jumping between pages and repeatedly filling out information essentially makes you the 'human middleware' stitching fragmented systems together. (Many people don’t realize that one of the most expensive resources in the modern internet is 'your attention,' and you waste it every day on repetitive inputs.)

The future Illia envisions is this: you express intent, and the system executes it—intent-driven execution. You say, 'I’m moving to San Francisco,' and the agent breaks down tasks, asks for preferences, and advances the execution. Sounds great, and I believe the direction is correct.

But one way Illia is more honest than many crypto narratives is that he didn’t sidestep the 'transparency' pitfall. He directly stated that on-chain transparency often feels inhumane in everyday life. Looking for housing, hiring movers, paying tuition, settling medical bills—if you make your balance, counterparties, and transaction amounts fully public, it's like writing your life as a permanently indexable ledger. Most people don’t want this kind of 'freedom.'

So this time at Nearcon, 'privacy' was elevated to a prominent position: near.com as the entry point, emphasizing not burdening users with concerns about chains and gas fees; plus something called confidential mode, treating privacy protection for balances, transfers, and transactions as a top priority. I’m willing to give it high marks—not because 'privacy sounds sophisticated,' but because it addresses adoption barriers: if you want agents spending money on your behalf, you need to ensure people feel safe depositing their funds.

Citrini made the question of 'where the money comes from' sound exciting, but Nearcon got me more concerned about 'who will bear the brunt if something goes wrong with the money.'

Why did Citrini's article stir the market? Because it translated 'agentic commerce' into profit pool language: If an agent performs searches, price comparisons, negotiations, order placements, account reconciliations, and refunds on behalf of users, the links that rely on 'human friction' to collect rent will be squeezed. I don't oppose this directional judgment.

But what made me more cautious about Nearcon is that not all business frictions are bad frictions. A lot of friction actually does the work of 'building trust.' Anti-fraud measures, access control, responsibility allocation, dispute resolution, audit trails, privacy boundaries — these things may seem annoying, but they make commerce function.

Removing humans from processes won’t make these costs disappear; they’ll just reappear elsewhere, harder to explain, harder to price, and more prone to causing major accidents.

This is also why I increasingly dislike those one-liner formulas: 'agent + stablecoin = agentic commerce.' Stablecoins are certainly important; making settlements programmable represents an infrastructure-level change. But stablecoins solve 'how money moves,' not 'why money moves, who allows it to move, what happens if it moves incorrectly, who’s responsible, how to assign blame, or how to compensate.'

Where Nearcon adds more value is in at least attempting to address 'the missing layer': intent routing, privacy execution, architectural security, and an entry point that can bring people in. It doesn't feel like selling a 'smarter agent'; it feels more like saying: if you want agents to become economic actors, you first need to build the commercial foundation.

The example of 'moving to San Francisco' is brilliant but also dangerous.

I actually quite like Illia’s use of his own moving experience as an example because it’s not a toy task: long chains, multiple parties, large amounts, intricate details — it most easily exposes where the agent truly gets stuck.

But precisely because it’s real, it exposes issues more starkly. The hardest part of moving has never been 'pressing the button,' but rather three more complex aspects.

The first is responsibility. When an agent signs terms, pays deposits, and hires service providers, who exactly is signing? Who takes responsibility in case of disputes? 'My agent hired your agent' sounds futuristic, but once services fall through, goods aren’t delivered, or terms hit a snag, it immediately turns into lawyer-speak. Real-world commerce isn’t just about 'execution'; real-world commerce is about 'executing and still staying alive.'

The second is boundaries. Moving isn’t a single command; it’s a series of micro-authorizations: what budget range doesn’t require my approval; what information can be shared with which suppliers; which terms must be confirmed by me; which payments are irreversible and require double confirmation. The story of Meta accidentally deleting emails stands out because it reminds us: you may think you’ve set boundaries, but the system might not 'remember' them. When it deletes emails or code, you can still recover; when it moves money, you’re not just 'rolling back actions,' you’re 'rolling back trust.'

The third issue is compliance and anti-automation. Real-world commercial systems are rife with 'anti-bot' designs: CAPTCHAs, risk control interceptions, KYC processes. Illia mentioned the need for new intent-based APIs and a more neutral execution track that can be combined, instead of being blocked by Cloudflare-style anti-bot mechanisms — this statement actually implies that today's internet is designed for human interaction, not for agent-driven transactions. If you want agents to become economic actors, you'll need to rewrite a layer of 'machine-friendly' business interfaces.

Unless these three issues are resolved, agentic commerce will forever remain in those 'looks futuristic' videos. Once resolved, it will become something uncomfortable yet practical — like payments, like risk control, like all true infrastructure.

George throws cold water on OpenClaw: Don't rely on users to be cautious; security must be built into the architecture.

The second keynote by George Zeng, Head of Near AI (a former member of South Park Commons like the author), finally made me feel that someone was talking about agents as though they were production systems.

What he said isn’t complicated: many of today’s agent frameworks are inadequate for production environments because they expose keys, lack network controls, and lack architectural protection against prompt injection. Prompt injection isn’t just about 'models misbehaving'; it’s more akin to workflow-level exploitation: an agent reads untrusted content such as webpages, emails, or PDFs, and hidden instructions within may lead it to invoke tools, leak information, or perform incorrect operations. As long as the agent has permissions, this chain can be dangerous.

Even more concerning is the skills market. Once you allow third-party skills to be installed, you’re essentially creating a new app store where the 'apps' can access your files, accounts, and money. In growth phases, this is called ecosystem prosperity; in adversarial phases, this is called supply chain security. (And you’ll find that attackers always understand 'distribution' better than you do.)

George emphasized that 'security must be at the architectural level,' rather than relying on users to 'think twice before installing.' I completely agree with this. The security of mature financial systems has never been about 'users being careful,' but rather about being 'secure by default.' This will only become more critical when agents start spending money.

What did NEAR get right? What’s still missing?

I’d give NEAR’s Nearcon a positive review this time: it at least brought several make-or-break modules to the forefront — intent, privacy, architectural security, the proxy marketplace, and a more consumer-facing entry point (near.com). From narrative to product, it doesn’t seem to be selling a slogan but is piecing together 'agentic commerce' as a system.

But I must say, it’s still missing a few 'truly decisive for scalability' hard components, and these things are often not the most photogenic at launch events.

First, policy layers need to evolve into product layers. It’s not about 'writing better prompts,' but rather verifiable, inheritable, and auditable authorization policies: budgets, thresholds, secondary confirmations, braking mechanisms for irreversible actions—ideally as system defaults. Otherwise, so-called autonomy often just means 'hoping it doesn’t forget today.'

Second, traceability must coexist with privacy. Privacy is not a black box. Privacy should mean 'invisible externally, but accountable internally.' Companies won’t accept 'just trust me'; they need post-fact audits: what was done, why it was done, which tools were invoked, and which counterparties were reached. NEAR talks a lot about 'confidentiality,' but 'how to provide auditability within confidentiality' requires more specific, productized answers.

Third, there needs to be a solution for accountability and compensation. Once the agent market grows, accidents will inevitably occur. Who is responsible? How is arbitration handled? How are damages compensated? Is there an insurance pool? Is there an anti-Sybil reputation system? This isn’t a future issue; it’s a prerequisite for scalability. Because once money and contracts are involved, expansion speed depends on whether risks can be priced and managed.

Precisely because of these constraints, my assessment of Citrini's narrative is this: the direction is likely correct, but the pace may not be so linear. Much of the profit doesn’t come from information asymmetry but from risk assumption. Whoever can assume risk earns the right to collect fees. The business world never opposes new technology—it only opposes 'nobody being responsible.'

Conclusion: In the post-OpenClaw and pre-2028 era, I’m betting on 'bounded power,' not full autonomy.

If I were to summarize the insight Nearcon gave me in one sentence: agentic commerce isn’t simply about removing humans from processes—it’s about redistributing 'trust costs.' Stablecoins make settlements programmable, but the key lies in permissions, privacy, security, auditing, and accountability mechanisms.

Therefore, I’m now more inclined to bet on a more realistic path: what will scale in the short term isn’t 'agents buying groceries for you,' but 'agents doing dirty and labor-intensive tasks for enterprises within policy boxes.' Procurement and supplier management, accounts receivable and payable, reconciliation and reimbursement, cross-border settlements, compliance-driven process automation—these scenarios have quantifiable ROI and naturally require human oversight and fallback mechanisms. It’s not romantic, but it will generate real transaction volumes and force systems to develop robust accountability frameworks.

OpenClaw lit the fire, Citrini clarified the math, and NEAR is trying to shore up the foundation. Over the next year, what’s most worth watching isn’t whose agent is smarter, but who can make brakes, boundaries, audits, and compensation as reliable as financial infrastructure.

In a world where software can spend money, true innovation often isn’t about a stronger accelerator but about a more trustworthy brake.

$NEAR Protocol (NEAR.CC)$ $NEAR/USD (NEARUSD.CC)$

618K Views