SoK: Security of Autonomous LLM Agents in Agentic Commerce

Cong Ma; Jiaqi Yan; Jiaxin Wang; Li Zhu; Qian'ang Mao; Ya Liu

arxiv: 2604.15367 · v2 · submitted 2026-04-15 · 💻 cs.CR · cs.MA

SoK: Security of Autonomous LLM Agents in Agentic Commerce

Qian'ang Mao , Jiaxin Wang , Ya Liu , Li Zhu , Cong Ma , Jiaqi Yan This is my paper

Pith reviewed 2026-05-10 13:52 UTC · model grok-4.3

classification 💻 cs.CR cs.MA

keywords LLM agentsagentic commercesecurity frameworkcross-layer attacksautonomous agentsSoKtransaction securityregulatory compliance

0 comments

The pith

Securing autonomous LLM agents in commerce requires coordinated controls across LLM safety, protocol design, identity, market structure, and regulation.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper systematizes security risks for large language model agents that autonomously negotiate, purchase, manage assets, and transact in commerce and finance. It groups threats into five dimensions and extracts twelve cross-layer attack vectors from a broad review of papers, protocols, reports, and incidents, showing how issues in an agent's reasoning or tools can reach custody problems, market harm, and regulatory violations. Current payment protocols for agents leave gaps in authorization and trust that allow these propagations. The work proposes a layered defense structure to coordinate responses across the dimensions. This framing implies that isolated fixes in any single area will leave agent-based systems exposed as they scale.

Core claim

A unified security framework organizes threats along five dimensions: agent integrity, transaction authorization, inter-agent trust, market manipulation, and regulatory compliance. From a curated corpus of academic papers, protocol documents, industry reports, and incident evidence, the analysis derives twelve cross-layer attack vectors that demonstrate propagation from reasoning and tooling layers into custody, settlement, market harm, and compliance exposure. A layered defense architecture is outlined to close authorization gaps in existing agent-payment protocols. The overall result establishes that securing agentic commerce is inherently a cross-layer problem requiring coordinated action

What carries the argument

The five-dimensional threat model combined with the twelve cross-layer attack vectors extracted from the reviewed corpus of papers, protocols, reports, and incidents.

Load-bearing premise

The systematically gathered collection of papers, protocol documents, industry reports, and incident evidence is complete and representative enough to produce a stable set of twelve cross-layer attack vectors.

What would settle it

A documented real-world incident or new protocol in which an autonomous LLM agent suffers a security failure that cannot be classified under any of the twelve attack vectors and does not propagate across the five threat dimensions.

Figures

Figures reproduced from arXiv: 2604.15367 by Cong Ma, Jiaqi Yan, Jiaxin Wang, Li Zhu, Qian'ang Mao, Ya Liu.

read the original abstract

Autonomous large language model (LLM) agents such as OpenClaw are pushing agentic commerce from human-supervised assistance toward machine actors that can negotiate, purchase services, manage digital assets, and execute transactions across on-chain and off-chain environments. Protocols such as the Trustless Agents standard (ERC-8004), Agent Payments Protocol (AP2), OKX Agent Payments Protocol (APP), the HTTP 402-based payment protocol (x402), Agent Commerce Protocol (ACP), the Agentic Commerce standard (ERC-8183), and Machine Payments Protocol (MPP) enable this transition, but they also create an attack surface that existing security frameworks do not capture well. This Systematization of Knowledge (SoK) develops a unified security framework for autonomous LLM agents in commerce and finance. We organize threats along five dimensions: agent integrity, transaction authorization, inter-agent trust, market manipulation, and regulatory compliance. From a systematically curated public corpus of academic papers, protocol documents, industry reports, and incident evidence, we derive 12 cross-layer attack vectors and show how failures propagate from reasoning and tooling layers into custody, settlement, market harm, and compliance exposure. We then propose a layered defense architecture addressing authorization gaps left by current agent-payment protocols. Overall, our analysis shows that securing agentic commerce is inherently a cross-layer problem that requires coordinated controls across LLM safety, protocol design, identity, market structure, and regulation. We conclude with a research roadmap and a benchmark agenda for secure autonomous commerce.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This SoK gives a five-dimension taxonomy and 12 attack vectors for LLM agents in commerce, but the corpus curation behind them lacks the methodological transparency needed to make the cross-layer claims fully reliable.

read the letter

The main thing to know is that the paper pulls together threats to autonomous LLM agents handling payments and assets into five dimensions—agent integrity, transaction authorization, inter-agent trust, market manipulation, and regulatory compliance—and derives 12 specific cross-layer vectors from protocols like ERC-8004, AP2, x402, ACP, ERC-8183, and MPP plus related papers and incidents. It shows how reasoning or tooling failures can reach custody, settlement, and market harm, then sketches a layered defense that targets gaps in current agent-payment standards. That synthesis is the useful part because the area is new and the pieces have been scattered until now.

Referee Report

1 major / 2 minor

Summary. This SoK paper develops a unified security framework for autonomous LLM agents in agentic commerce. It organizes threats along five dimensions (agent integrity, transaction authorization, inter-agent trust, market manipulation, and regulatory compliance), derives 12 cross-layer attack vectors from a systematically curated corpus of academic papers, protocol documents (e.g., ERC-8004, AP2, x402, ACP, ERC-8183, MPP), industry reports, and incidents, demonstrates propagation from reasoning/tooling layers into custody/settlement/market harm and compliance exposure, proposes a layered defense architecture to address authorization gaps, and concludes that securing agentic commerce is inherently cross-layer, requiring coordinated controls across LLM safety, protocol design, identity, market structure, and regulation, along with a research roadmap and benchmark agenda.

Significance. If the derivation of the 12 vectors holds and the cross-layer propagation analysis is representative, the work would offer a timely systematization for an emerging domain where LLM agents are transitioning to autonomous commercial actors. It usefully highlights gaps in existing agent-payment protocols and provides a research roadmap that could help prioritize efforts in multi-layer security for agentic systems.

major comments (1)

[Methods / Corpus Curation] The methods description of corpus curation (referenced in the abstract as 'systematically curated public corpus' and used to derive the exact count of 12 vectors across the five dimensions): without explicit search strings, inclusion/exclusion criteria, database sources, or sensitivity analysis, it is impossible to evaluate whether the corpus is exhaustive or biased toward early-stage protocols. This directly affects the stability of the 12-vector set and the central claim that failures inherently propagate across the claimed layers, as an overlooked protocol or incident could alter the vector count or require additional dimensions.

minor comments (2)

[Abstract] The abstract introduces 'OpenClaw' as an example agent without a brief definition or citation; adding one sentence of context would improve accessibility for readers new to specific LLM agent implementations.
[Threat Dimensions] The five dimensions are listed clearly, but the mapping of the 12 vectors to these dimensions (and to specific protocols) would benefit from a summary table for quick reference.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive and positive assessment of our SoK paper. The feedback on corpus curation methods is well-taken and highlights an area where greater transparency will strengthen the work. We address the comment below and will revise the manuscript accordingly.

read point-by-point responses

Referee: [Methods / Corpus Curation] The methods description of corpus curation (referenced in the abstract as 'systematically curated public corpus' and used to derive the exact count of 12 vectors across the five dimensions): without explicit search strings, inclusion/exclusion criteria, database sources, or sensitivity analysis, it is impossible to evaluate whether the corpus is exhaustive or biased toward early-stage protocols. This directly affects the stability of the 12-vector set and the central claim that failures inherently propagate across the claimed layers, as an overlooked protocol or incident could alter the vector count or require additional dimensions.

Authors: We agree that the current manuscript lacks sufficient methodological detail on corpus curation, which limits reproducibility and makes it harder to assess potential bias or exhaustiveness. The abstract and text refer to a 'systematically curated public corpus' of academic papers, protocol documents (ERC-8004, AP2, x402, ACP, ERC-8183, MPP), industry reports, and incidents, but do not list explicit search strings, inclusion/exclusion criteria, database sources, or sensitivity analysis. In the revised version we will add a dedicated 'Corpus Curation' subsection that specifies: search strings (e.g., 'LLM agent security' OR 'autonomous agent commerce' AND 'threat' OR 'attack vector'); sources (arXiv, Google Scholar, EIP GitHub, selected industry reports 2023–2024); inclusion criteria (works addressing autonomous LLM agents in commercial/financial settings with concrete threat or protocol content); exclusion criteria (non-autonomous agents, purely theoretical papers without practical vectors, non-commercial use cases); and a sensitivity analysis showing that incorporation of additional recent protocols or incidents does not alter the five dimensions or the set of 12 vectors. This revision will not change the core findings or the cross-layer propagation analysis, which remains grounded in the concrete examples drawn from the existing corpus. We believe the added transparency will address the concern without requiring expansion of the threat model itself. revision: yes

Circularity Check

0 steps flagged

No circularity: derivation from external curated corpus

full rationale

The paper is a Systematization of Knowledge that organizes threats into five dimensions and derives 12 cross-layer attack vectors explicitly from a public corpus of academic papers, protocol documents (ERC-8004, AP2, x402, ACP, ERC-8183, MPP), industry reports, and incident evidence. No equations, fitted parameters, self-definitional constructs, or load-bearing self-citations reduce any claim to the paper's own inputs by construction. The cross-layer propagation argument follows from mapping external evidence rather than renaming or predicting quantities defined internally. This is self-contained against external benchmarks and receives the default non-circularity finding.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

This is a systematization-of-knowledge paper whose central contribution is an organizing framework rather than new empirical data or derivations; it therefore rests on the assumption that the chosen literature corpus adequately represents the threat space.

axioms (1)

domain assumption The selected corpus of academic papers, protocol documents, industry reports, and incident evidence is representative of the current threat landscape in agentic commerce.
Invoked when the authors derive the 12 attack vectors and the five threat dimensions from the corpus.

pith-pipeline@v0.9.0 · 5579 in / 1309 out tokens · 35774 ms · 2026-05-10T13:52:28.610718+00:00 · methodology

discussion (0)

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

From Specification to Deployment: Empirical Evidence from a W3C VC + DID Trust Infrastructure for Autonomous Agents
cs.CR 2026-05 unverdicted novelty 5.0

MolTrust deploys a W3C VC+DID trust infrastructure for AI agents with kernel-layer authorization, cross-protocol interoperability, and layered Sybil resistance, operational since March 2026 across eight verticals.

Reference graph

Works this paper leans on

146 extracted references · 146 canonical work pages · cited by 1 Pith paper · 8 internal anchors

[1]

Autonomous bidding agents in the trading agent competition,

A. Greenwald and P. Stone, “Autonomous bidding agents in the trading agent competition,”IEEE Internet Computing, 2001

work page 2001
[2]

Southamptontac: Designing a successful trading agent,

M. He and N. R. Jennings, “Southamptontac: Designing a successful trading agent,” inProceedings of the Fifteenth European Conference on Artificial Intelligence. IOS Press, 2002, pp. 8–12. [Online]. Available: https://eprints.soton.ac.uk/252101/

work page 2002
[3]

openclaw/openclaw: Your own personal AI assistant. any OS. any platform. the lobster way

P. Steinberger, “openclaw/openclaw: Your own personal AI assistant. any OS. any platform. the lobster way.” GitHub repository, accessed: 2026-03-31. [Online]. Available: https: //github.com/openclaw/openclaw

work page 2026
[4]

Llm-powered multi-agent system for automated crypto portfolio management.arXiv preprint arXiv:2501.00826,

Y . Luo, Y . Feng, J. Xu, P. Tasca, and Y . Liu, “LLM-powered multi- agent system for automated crypto portfolio management,”arXiv preprint arXiv:2501.00826, 2025

work page arXiv 2025
[5]

AI agents in finance and fintech: A scientific review of agent-based systems, applications, and future horizons,

M. Rizinski and D. Trajanov, “AI agents in finance and fintech: A scientific review of agent-based systems, applications, and future horizons,”Computers, Materials & Continua, vol. 86, no. 1, pp. 1–34, 2026

work page 2026
[6]

Large language model agent in financial trading: A survey,

H. Ding, Y . Li, J. Wang, H. Chen, D. Guo, and Y . Zhang, “Large language model agent in financial trading: A survey,”arXiv preprint arXiv:2408.06361, 2024

work page arXiv 2024
[7]

M.; Poor, H

Y . Nie, Y . Kong, X. Dong, J. M. Mulvey, H. V . Poor, Q. Wen, and S. Zohren, “A survey of large language models for financial applications: Progress, prospects and challenges,”arXiv preprint arXiv:2406.11903, 2024

work page arXiv 2024
[8]

Large language models in finance (FinLLMs),

J. Lee, N. Stevens, and S. C. Han, “Large language models in finance (FinLLMs),”Neural Computing and Applications, vol. 37, no. 30, pp. 24 853–24 867, 2025

work page 2025
[9]

Trading-r1: Financial trading with llm reasoning via reinforcement learning.arXiv preprint arXiv:2509.11420, 2025

Y . Xiao, E. Sun, T. Chen, F. Wu, D. Luo, and W. Wang, “Trading-R1: Financial trading with LLM reasoning via reinforcement learning,” arXiv preprint arXiv:2509.11420, 2025

work page arXiv 2025
[10]

TessPay: Verify-then- pay infrastructure for trusted agentic commerce,

M. Goenka, T. Pathak, and S. Asthana, “TessPay: Verify-then- pay infrastructure for trusted agentic commerce,”arXiv preprint arXiv:2602.00213, 2026

work page arXiv 2026
[11]

AgenticPay: A multi-agent LLM negotiation system for buyer–seller transactions.arXiv preprint arXiv:2602.06008,

X. Liu, S. Gu, and D. Song, “AgenticPay: A multi-agent LLM negotiation system for buyer-seller transactions,”arXiv preprint arXiv:2602.06008, 2026

work page arXiv 2026
[12]

Agents can now do real business, not just make payments,

OKX Learn, “Agents can now do real business, not just make payments,” OKX Learn, 2026, published: 2026-04-29; accessed: 2026-05-01. [Online]. Available: https://www.okx.com/ learn/agent-payments-protocol

work page 2026
[13]

Machine payments,

Tempo, “Machine payments,” Tempo Documentation, accessed: 2026-03-31. [Online]. Available: https://docs.tempo.xyz/learn/ tempo/machine-payments

work page 2026
[14]

Protocol overview,

Tempo and Stripe, “Protocol overview,” Machine Payments Protocol documentation, accessed: 2026-03-31. [Online]. Available: https://mpp.dev/protocol

work page 2026
[15]

Agentic commerce and payments: Exploring the implications of robots paying robots,

D. G. W. Birch and D. Gamble, “Agentic commerce and payments: Exploring the implications of robots paying robots,”Journal of Payments Strategy & Systems, 2025

work page 2025
[16]

Agentic commerce: A survey of how ai agents are reshaping commerce,

Y . Zhang, B. Pan, M. Zhu, J. Pei, and L. Zhao, “Agentic commerce: A survey of how ai agents are reshaping commerce,”TechRxiv, 2026

work page 2026
[17]

Not what you’ve signed up for: Compromising real- world LLM-integrated applications with indirect prompt injection,

K. Greshake, S. Abdelnabi, S. Mishra, C. Endres, T. Holz, and M. Fritz, “Not what you’ve signed up for: Compromising real- world LLM-integrated applications with indirect prompt injection,” inProceedings of the 16th ACM Workshop on Artificial Intelligence and Security. ACM, 2023, pp. 79–90

work page 2023
[18]

Secure autonomous agent payments: Verifying authenticity and intent in a trustless environment.arXiv preprint arXiv:2511.15712, 2025

V . Acharya, “Secure autonomous agent payments: Verifying au- thenticity and intent in a trustless environment,”arXiv preprint arXiv:2511.15712, 2025

work page arXiv 2025
[19]

From deep learning to LLMs: A survey of AI in quantitative investment,

B. Cao, S. Wang, X. Lin, X. Wu, H. Zhang, L. M. Ni, and J. Guo, “From deep learning to LLMs: A survey of AI in quantitative investment,”arXiv preprint arXiv:2503.21422, 2025

work page arXiv 2025
[20]

Revolutionizing finance with llms: An overview of applications and insights,

H. Zhao, Z. Liu, Z. Wu, Y . Li, T. Yang, P. Shu, S. Xu, H. Dai, L. Zhao, H. Jiang, Y . Pan, J. Chen, Y . Zhou, Z. Zhang, R. Sun, G. Mai, N. Liu, and T. Liu, “Revolutionizing finance with LLMs: An overview of applications and insights,”arXiv preprint arXiv:2401.11641, 2024

work page arXiv 2024
[21]

Large language models for financial and invest- ment management: Applications and benchmarks,

Y . Kong, Y . Nie, X. Dong, J. M. Mulvey, H. V . Poor, Q. Wen, and S. Zohren, “Large language models for financial and invest- ment management: Applications and benchmarks,”The Journal of Portfolio Management, 2024

work page 2024
[22]

Agent-mediated elec- tronic commerce: A survey,

R. H. Guttman, A. G. Moukas, and P. Maes, “Agent-mediated elec- tronic commerce: A survey,”The Knowledge Engineering Review, 1998

work page 1998
[23]

On agent-mediated electronic commerce,

M. He, “On agent-mediated electronic commerce,”IEEE Transac- tions on Knowledge and Data Engineering, 2003

work page 2003
[24]

Agent-mediated electronic commerce,

C. Sierra, “Agent-mediated electronic commerce,”Autonomous Agents and Multi-Agent Systems, 2004

work page 2004
[25]

Agents that reduce work and information overload,

P. Maes, “Agents that reduce work and information overload,” Communications of the ACM, 1994

work page 1994
[26]

Rethinking AI agents: A principal-agent perspective,

M. H. Jarrahi and P. Ritala, “Rethinking AI agents: A principal-agent perspective,”California Management Re- view, 2025. [Online]. Available: https://cmr.berkeley.edu/2025/ 07/rethinking-ai-agents-a-principal-agent-perspective/

work page 2025
[27]

Human-centred AI in FinTech: Developing a user experience (UX) research point of view (PoV) playbook,

F. Adedoyin, “Human-centred AI in FinTech: Developing a user experience (UX) research point of view (PoV) playbook,”arXiv preprint arXiv:2506.15325, 2025

work page arXiv 2025
[28]

LLMs analyzing the analysts: Do BERT and GPT extract more value from financial analyst reports?

S. Kim, S. Kim, Y . Kim, J. Park, S. Kim, M. Kim, C. H. Sung, J. Hong, and Y . Lee, “LLMs analyzing the analysts: Do BERT and GPT extract more value from financial analyst reports?” in Proceedings of the 4th ACM International Conference on AI in Finance. ACM, 2023, pp. 383–391

work page 2023
[29]

Agent payments protocol,

OKX Web3, “Agent payments protocol,” Onchain OS documentation, 2026, accessed: 2026-05-01. [Online]. Available: https://web3.okx.com/onchainos/dev-docs/payments/app

work page 2026
[30]

Technical deep dive,

Virtuals Protocol, “Technical deep dive,” Virtuals Protocol Whitepaper, agent Commerce Protocol (ACP); accessed: 2026-03-

work page 2026
[31]

Available: https://whitepaper.virtuals.io/about-virtuals/ agent-commerce-protocol-acp/technical-deep-dive

[Online]. Available: https://whitepaper.virtuals.io/about-virtuals/ agent-commerce-protocol-acp/technical-deep-dive

work page
[32]

Agent Control Protocol: Admission Control for Agent Actions

M. Fernandez, “Agent control protocol: Admission control for agent actions,”arXiv preprint arXiv:2603.18829, 2026

work page internal anchor Pith review Pith/arXiv arXiv 2026
[33]

Autonomous agents on blockchains: Standards, execution models, and trust boundaries.arXiv preprint arXiv:2601.04583, 2026

S. Alqithami, “Autonomous agents on blockchains: Standards, execution models, and trust boundaries,”arXiv preprint arXiv:2601.04583, 2026

work page arXiv 2026
[34]

About virtuals protocol,

Virtuals Protocol, “About virtuals protocol,” Virtuals Protocol Whitepaper, accessed: 2026-03-31. [Online]. Available: https: //whitepaper.virtuals.io

work page 2026
[35]

GAME framework,

Virtuals Protocol, “GAME framework,” Virtuals Proto- col Whitepaper, accessed: 2026-03-31. [Online]. Available: https://whitepaper.virtuals.io/builders-hub/game-framework

work page 2026
[36]

ERC-8183: Agentic commerce,

D. Crapis, B. Lim, W. Tay, and Z. Chooi, “ERC-8183: Agentic commerce,” Ethereum Improvement Proposal, 2026, created: 2026- 02-25. [Online]. Available: https://eips.ethereum.org/EIPS/eip-8183

work page 2026
[37]

Introducing the machine payments protocol,

J. Weinstein and S. Kaliski, “Introducing the machine payments protocol,” Stripe Blog, 2026, published: 2026-03-18. [Online]. Available: https://stripe.com/blog/machine-payments-protocol

work page 2026
[38]

AESP: A human-sovereign economic protocol for AI agents with privacy-preserving settlement,

J. S. Wang, “AESP: A human-sovereign economic protocol for AI agents with privacy-preserving settlement,”arXiv preprint arXiv:2603.00318, 2026

work page arXiv 2026
[39]

EIP-712: Typed structured data hashing and signing,

R. Bloemen, L. Logvinov, and J. Evans, “EIP-712: Typed structured data hashing and signing,” Ethereum Improvement Proposal 712,

work page
[40]

Available: https://eips.ethereum.org/EIPS/eip-712

[Online]. Available: https://eips.ethereum.org/EIPS/eip-712

work page
[41]

HTTP message signatures,

M. Thomson and A. Backman, “HTTP message signatures,” RFC 9421, 2024. [Online]. Available: https://www.rfc-editor.org/ rfc/rfc9421

work page 2024
[42]

A secure agent-mediated payment protocol,

X. Pang, K.-L. Tan, Y . Wang, and J. Ren, “A secure agent-mediated payment protocol,” inInformation and Communications Security. Springer Berlin Heidelberg, 2002, pp. 422–433

work page 2002
[43]

A mobile autonomous agent-based secure payment protocol supporting multiple payments,

Y . Wang and V . Varadharajan, “A mobile autonomous agent-based secure payment protocol supporting multiple payments,” inPro- ceedings of the 2005 IEEE/WIC/ACM International Conference on Intelligent Agent Technology. IEEE Computer Society, 2005, pp. 88–94

work page 2005
[44]

What is the model context protocol (MCP)?

Model Context Protocol, “What is the model context protocol (MCP)?” Documentation, accessed: 2026-03-31. [Online]. Available: https://modelcontextprotocol.io/docs/getting-started/intro

work page 2026
[45]

Security best prac- tices,

Model Context Protocol, “Security best prac- tices,” Documentation, accessed: 2026-03-31. [Online]. Available: https://modelcontextprotocol.io/docs/tutorials/security/ security best practices

work page 2026
[46]

Principal-agent dynamics and digital (platform) economics in the age of agentic AI,

V . Stocker and W. Lehr, “Principal-agent dynamics and digital (platform) economics in the age of agentic AI,”Network Law Review, 2025, published: 2025-09-29. [Online]. Available: https://www.networklawreview.org/stocker-lehr-ai/

work page 2025
[47]

Siegel, Nitya Nadgir, and Arvind Narayanan

S. Kapoor and A. Narayanan, “AI agents that matter,”arXiv preprint arXiv:2407.01502, 2024

work page arXiv 2024
[48]

Agent-mediated integrative negotia- tion for retail electronic commerce,

R. H. Guttman and P. Maes, “Agent-mediated integrative negotia- tion for retail electronic commerce,” inAgent Mediated Electronic Commerce. Springer Berlin Heidelberg, 1999

work page 1999
[49]

Automated negotiation,

T. Sandholm, “Automated negotiation,”Communications of the ACM, vol. 42, no. 3, pp. 84–85, 1999

work page 1999
[50]

Security Threat Modeling for Emerging AI-Agent Protocols: A Comparative Analysis of MCP, A2A, Agora, and ANP

D. Nieper-Wisskirchen, P. Singh, S. Gupta, and J. Chang, “Se- curity threat modeling for emerging AI-agent protocols: A com- parative analysis of MCP, A2A, agora, and ANP,”arXiv preprint arXiv:2602.11327, 2026

work page internal anchor Pith review Pith/arXiv arXiv 2026
[51]

Breaking the protocol: Security anal- ysis of the model context protocol specification and prompt in- jection vulnerabilities in tool-integrated llm agents,

N. Maloyan and D. Namiot, “Breaking the protocol: Security anal- ysis of the model context protocol specification and prompt injec- tion vulnerabilities in tool-integrated LLM agents,”arXiv preprint arXiv:2601.17549, 2026

work page arXiv 2026
[52]

Agent audit: A security analysis system for llm agent applications,

H. Zhang, Y . Nian, and Y . Zhao, “Agent audit: A security analysis system for LLM agent applications,”arXiv preprint arXiv:2603.22853, 2026

work page arXiv 2026
[53]

What is your AI agent buying? evaluation, biases, model dependence, and emerging implications of agentic e-commerce,

A. Allouah, O. Besbes, J. D. Figueroa, Y . Kanoria, and A. Ku- mar, “What is your AI agent buying? evaluation, biases, model dependence, and emerging implications of agentic e-commerce,” in Proceedings of the ACM Web Conference 2026. ACM, 2026, pp. 8697–8700

work page 2026
[54]

Kapoor, N

S. Kapoor, N. Kolt, and D. Lazar, “Build agent advocates, not platform agents,”arXiv preprint arXiv:2505.04345, 2025

work page arXiv 2025
[55]

A negotiation model in agent-mediated electronic commerce,

M. Chung and V . Honavar, “A negotiation model in agent-mediated electronic commerce,” inProceedings International Symposium on Multimedia Software Engineering. IEEE Computer Society, 2000, pp. 403–410

work page 2000
[56]

Bilateral nego- tiation model for agent-mediated electronic commerce,

G. E. de Paula, F. S. Ramos, and G. L. Ramalho, “Bilateral nego- tiation model for agent-mediated electronic commerce,” 2001

work page 2001
[57]

FinD- ebate: Multi-agent collaborative intelligence for financial analysis,

T. Cai, G. Li, N. Han, C. Huang, Z. Wang, C. Zeng, Y . Wang, J. Zhou, H. Zhang, Q. Chen, Y . Pan, S. Wang, and W. Wang, “FinD- ebate: Multi-agent collaborative intelligence for financial analysis,” inProceedings of The 10th Workshop on Financial Technology and Natural Language Processing, 2025, pp. 268–282

work page 2025
[58]

Virtuals protocol fixes critical bug, re- wards security researcher,

H. Shittu, “Virtuals protocol fixes critical bug, re- wards security researcher,” Cryptonews, 2025, last updated: 2025-01-03. [Online]. Available: https://cryptonews.com/news/ virtuals-protocol-fixes-critical-bug-rewards-security-researcher/

work page 2025
[59]

Identifying the Risks of LM Agents with an LM-Emulated Sandbox

Y . Ruan, H. Dong, A. Wang, S. Pitis, Y . Zhou, J. Ba, Y . Dubois, C. J. Maddison, and T. Hashimoto, “Identifying the risks of LM agents with an LM-emulated sandbox,”arXiv preprint arXiv:2309.15817, 2023

work page internal anchor Pith review arXiv 2023
[60]

Taming OpenClaw: Security analysis and mitigation of autonomous LLM agent threats,

X. Deng, Y . Zhang, J. Wu, J. Bai, S. Yi, Z. Zou, Y . Xiao, R. Qiu, J. Ma, J. Chen, X. Du, X. Yang, S. Cui, C. Meng, W. Wang, J. Song, K. Xu, and Q. Li, “Taming OpenClaw: Security analysis and mitigation of autonomous LLM agent threats,”arXiv preprint arXiv:2603.11619, 2026

work page arXiv 2026
[61]

A survey on trust- worthy LLM agents: Threats and countermeasures,

M. Yu, F. Meng, X. Zhou, S. Wang, J. Mao, L. Pan, T. Chen, K. Wang, X. Li, Y . Zhang, B. An, and Q. Wen, “A survey on trust- worthy LLM agents: Threats and countermeasures,” inProceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V .2. ACM, 2025, pp. 6216–6226

work page 2025
[62]

Open Challenges in Multi-Agent Security: Towards Secure Systems of Interacting AI Agents

C. Schroeder de Witt, “Open challenges in multi-agent security: Towards secure systems of interacting AI agents,”arXiv preprint arXiv:2505.02077, 2025

work page internal anchor Pith review Pith/arXiv arXiv 2025
[63]

Inter-agent trust models: A comparative study of brief, claim, proof, stake, reputation and constraint in agentic web protocol design — A2A, AP2, ERC-8004, and beyond,

B. A. Hu and H. Rong, “Inter-agent trust models: A comparative study of brief, claim, proof, stake, reputation and constraint in agentic web protocol design-A2A, AP2, ERC-8004, and beyond,” arXiv preprint arXiv:2511.03434, 2025

work page arXiv 2025
[64]

Predicting stock price trends using language models to extract the sentiment from analyst reports,

A. Moreno, “Predicting stock price trends using language models to extract the sentiment from analyst reports,”Economics Letters, 2025

work page 2025
[65]

Analysis of material facts on financial assets: A generative AI approach,

G. Assis, D. Vianna, G. L. Pappa, A. Plastino, W. Meira Jr, A. S. da Silva, and A. Paes, “Analysis of material facts on financial assets: A generative AI approach,” inProceedings of the Joint Workshop of the 7th Financial Technology and Natural Language Processing, the 5th Knowledge Discovery from Unstructured Data in Financial Services, and the 4th Works...

work page 2024
[66]

Conservative predictions on noisy data,

O. Nabar and G. Shroff, “Conservative predictions on noisy data,” in4th ACM International Conference on AI in Finance, 2023

work page 2023
[67]

A GANs-based approach for stock price anomaly detection and investment risk management,

S. Kim, J. Hong, and Y . Lee, “A GANs-based approach for stock price anomaly detection and investment risk management,” inPro- ceedings of the 4th ACM International Conference on AI in Finance. ACM, 2023, pp. 1–9

work page 2023
[68]

Agentic commerce: A unified multi-retrieval framework for high-fidelity e-commerce chatbots,

M. E. Faysal, W. Feng, and E. Mony, “Agentic commerce: A unified multi-retrieval framework for high-fidelity e-commerce chatbots,” Journal of Computer Science and Artificial Intelligence, 2026

work page 2026
[69]

Making GenAI smarter: Evidence from a portfolio allocation experiment,

L. Hornuf, D. Streich, and N. T ¨ollich, “Making GenAI smarter: Evidence from a portfolio allocation experiment,”SSRN Electronic Journal, 2025

work page 2025
[70]

A deceit-tolerant negotiation model for agent mediated electronic commerce,

P. Xu, J. Gao, and H. Guo, “A deceit-tolerant negotiation model for agent mediated electronic commerce,” in2005 International Conference on Machine Learning and Cybernetics. IEEE, 2005

work page 2005
[71]

Adversarial deep hedging: Learning to hedge without price process modeling,

M. Hirano, K. Minami, and K. Imajo, “Adversarial deep hedging: Learning to hedge without price process modeling,” inProceedings of the 4th ACM International Conference on AI in Finance. ACM, 2023, pp. 19–26

work page 2023
[72]

When FinTech meets privacy: Securing financial LLMs with differential private fine-tuning,

S. Zhu, H. Leung, X. Wang, J. Wei, and H. Xu, “When FinTech meets privacy: Securing financial LLMs with differential private fine-tuning,” in2025 IEEE International Performance, Computing, and Communications Conference. IEEE, 2025, pp. 1–6

work page 2025
[73]

Fine-tuning language models for predicting the impact of events associated to financial news articles,

N. Banerjee, A. Sarkar, S. Chakraborty, S. Ghosh, and S. K. Naskar, “Fine-tuning language models for predicting the impact of events associated to financial news articles,” inProceedings of the Joint Workshop of the 7th Financial Technology and Natural Language Processing, the 5th Knowledge Discovery from Unstructured Data in Financial Services, and the 4...

work page 2024
[74]

Finllama: Financial sentiment classification for al- gorithmic trading applications,

T. Konstantinidis, G. Iacovides, M. Xu, T. G. Constantinides, and D. Mandic, “Finllama: Financial sentiment classification for al- gorithmic trading applications,”arXiv preprint arXiv:2403.12285, 2024

work page arXiv 2024
[75]

Who pays when the agent fails? liability frame- works for autonomous payment systems in a fragmented regulatory landscape,

D. Shukanayev, “Who pays when the agent fails? liability frame- works for autonomous payment systems in a fragmented regulatory landscape,”SSRN Electronic Journal, 2025

work page 2025
[76]

Legalising autonomous shopping agent processes,

M. Bain and B. Subirana, “Legalising autonomous shopping agent processes,”Computer Law & Security Report, 2003

work page 2003
[77]

Agent-mediated electronic commerce,

H. S. Nwana, J. Rosenschein, T. Sandholm, C. Sierra, P. Maes, and R. Guttmann, “Agent-mediated electronic commerce,” inProceed- ings of the second international conference on Autonomous agents - AGENTS ’98. ACM Press, 1998

work page 1998
[78]

Agent-mediated electronic commerce: An mit media laboratory perspective,

A. Moukas, G. Zacharia, R. Guttman, and P. Maes, “Agent-mediated electronic commerce: An mit media laboratory perspective,”Inter- national Journal of Electronic Commerce, 2000

work page 2000
[79]

Agent-mediated electronic commerce: Scientific and technological roadmap,

C. Sierra and F. Dignum, “Agent-mediated electronic commerce: Scientific and technological roadmap,” 2001

work page 2001
[80]

Contract model for agent mediated electronic commerce,

B. G ˆateau, D. Khadraoui, O. Boissier, and E. Dubois, “Contract model for agent mediated electronic commerce,” inProceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems. IEEE Computer Society, 2004, pp. 1454–1455

work page 2004

Showing first 80 references.

[1] [1]

Autonomous bidding agents in the trading agent competition,

A. Greenwald and P. Stone, “Autonomous bidding agents in the trading agent competition,”IEEE Internet Computing, 2001

work page 2001

[2] [2]

Southamptontac: Designing a successful trading agent,

M. He and N. R. Jennings, “Southamptontac: Designing a successful trading agent,” inProceedings of the Fifteenth European Conference on Artificial Intelligence. IOS Press, 2002, pp. 8–12. [Online]. Available: https://eprints.soton.ac.uk/252101/

work page 2002

[3] [3]

openclaw/openclaw: Your own personal AI assistant. any OS. any platform. the lobster way

P. Steinberger, “openclaw/openclaw: Your own personal AI assistant. any OS. any platform. the lobster way.” GitHub repository, accessed: 2026-03-31. [Online]. Available: https: //github.com/openclaw/openclaw

work page 2026

[4] [4]

Llm-powered multi-agent system for automated crypto portfolio management.arXiv preprint arXiv:2501.00826,

Y . Luo, Y . Feng, J. Xu, P. Tasca, and Y . Liu, “LLM-powered multi- agent system for automated crypto portfolio management,”arXiv preprint arXiv:2501.00826, 2025

work page arXiv 2025

[5] [5]

AI agents in finance and fintech: A scientific review of agent-based systems, applications, and future horizons,

M. Rizinski and D. Trajanov, “AI agents in finance and fintech: A scientific review of agent-based systems, applications, and future horizons,”Computers, Materials & Continua, vol. 86, no. 1, pp. 1–34, 2026

work page 2026

[6] [6]

Large language model agent in financial trading: A survey,

H. Ding, Y . Li, J. Wang, H. Chen, D. Guo, and Y . Zhang, “Large language model agent in financial trading: A survey,”arXiv preprint arXiv:2408.06361, 2024

work page arXiv 2024

[7] [7]

M.; Poor, H

Y . Nie, Y . Kong, X. Dong, J. M. Mulvey, H. V . Poor, Q. Wen, and S. Zohren, “A survey of large language models for financial applications: Progress, prospects and challenges,”arXiv preprint arXiv:2406.11903, 2024

work page arXiv 2024

[8] [8]

Large language models in finance (FinLLMs),

J. Lee, N. Stevens, and S. C. Han, “Large language models in finance (FinLLMs),”Neural Computing and Applications, vol. 37, no. 30, pp. 24 853–24 867, 2025

work page 2025

[9] [9]

Trading-r1: Financial trading with llm reasoning via reinforcement learning.arXiv preprint arXiv:2509.11420, 2025

Y . Xiao, E. Sun, T. Chen, F. Wu, D. Luo, and W. Wang, “Trading-R1: Financial trading with LLM reasoning via reinforcement learning,” arXiv preprint arXiv:2509.11420, 2025

work page arXiv 2025

[10] [10]

TessPay: Verify-then- pay infrastructure for trusted agentic commerce,

M. Goenka, T. Pathak, and S. Asthana, “TessPay: Verify-then- pay infrastructure for trusted agentic commerce,”arXiv preprint arXiv:2602.00213, 2026

work page arXiv 2026

[11] [11]

AgenticPay: A multi-agent LLM negotiation system for buyer–seller transactions.arXiv preprint arXiv:2602.06008,

X. Liu, S. Gu, and D. Song, “AgenticPay: A multi-agent LLM negotiation system for buyer-seller transactions,”arXiv preprint arXiv:2602.06008, 2026

work page arXiv 2026

[12] [12]

Agents can now do real business, not just make payments,

OKX Learn, “Agents can now do real business, not just make payments,” OKX Learn, 2026, published: 2026-04-29; accessed: 2026-05-01. [Online]. Available: https://www.okx.com/ learn/agent-payments-protocol

work page 2026

[13] [13]

Machine payments,

Tempo, “Machine payments,” Tempo Documentation, accessed: 2026-03-31. [Online]. Available: https://docs.tempo.xyz/learn/ tempo/machine-payments

work page 2026

[14] [14]

Protocol overview,

Tempo and Stripe, “Protocol overview,” Machine Payments Protocol documentation, accessed: 2026-03-31. [Online]. Available: https://mpp.dev/protocol

work page 2026

[15] [15]

Agentic commerce and payments: Exploring the implications of robots paying robots,

D. G. W. Birch and D. Gamble, “Agentic commerce and payments: Exploring the implications of robots paying robots,”Journal of Payments Strategy & Systems, 2025

work page 2025

[16] [16]

Agentic commerce: A survey of how ai agents are reshaping commerce,

Y . Zhang, B. Pan, M. Zhu, J. Pei, and L. Zhao, “Agentic commerce: A survey of how ai agents are reshaping commerce,”TechRxiv, 2026

work page 2026

[17] [17]

Not what you’ve signed up for: Compromising real- world LLM-integrated applications with indirect prompt injection,

K. Greshake, S. Abdelnabi, S. Mishra, C. Endres, T. Holz, and M. Fritz, “Not what you’ve signed up for: Compromising real- world LLM-integrated applications with indirect prompt injection,” inProceedings of the 16th ACM Workshop on Artificial Intelligence and Security. ACM, 2023, pp. 79–90

work page 2023

[18] [18]

Secure autonomous agent payments: Verifying authenticity and intent in a trustless environment.arXiv preprint arXiv:2511.15712, 2025

V . Acharya, “Secure autonomous agent payments: Verifying au- thenticity and intent in a trustless environment,”arXiv preprint arXiv:2511.15712, 2025

work page arXiv 2025

[19] [19]

From deep learning to LLMs: A survey of AI in quantitative investment,

B. Cao, S. Wang, X. Lin, X. Wu, H. Zhang, L. M. Ni, and J. Guo, “From deep learning to LLMs: A survey of AI in quantitative investment,”arXiv preprint arXiv:2503.21422, 2025

work page arXiv 2025

[20] [20]

Revolutionizing finance with llms: An overview of applications and insights,

H. Zhao, Z. Liu, Z. Wu, Y . Li, T. Yang, P. Shu, S. Xu, H. Dai, L. Zhao, H. Jiang, Y . Pan, J. Chen, Y . Zhou, Z. Zhang, R. Sun, G. Mai, N. Liu, and T. Liu, “Revolutionizing finance with LLMs: An overview of applications and insights,”arXiv preprint arXiv:2401.11641, 2024

work page arXiv 2024

[21] [21]

Large language models for financial and invest- ment management: Applications and benchmarks,

Y . Kong, Y . Nie, X. Dong, J. M. Mulvey, H. V . Poor, Q. Wen, and S. Zohren, “Large language models for financial and invest- ment management: Applications and benchmarks,”The Journal of Portfolio Management, 2024

work page 2024

[22] [22]

Agent-mediated elec- tronic commerce: A survey,

R. H. Guttman, A. G. Moukas, and P. Maes, “Agent-mediated elec- tronic commerce: A survey,”The Knowledge Engineering Review, 1998

work page 1998

[23] [23]

On agent-mediated electronic commerce,

M. He, “On agent-mediated electronic commerce,”IEEE Transac- tions on Knowledge and Data Engineering, 2003

work page 2003

[24] [24]

Agent-mediated electronic commerce,

C. Sierra, “Agent-mediated electronic commerce,”Autonomous Agents and Multi-Agent Systems, 2004

work page 2004

[25] [25]

Agents that reduce work and information overload,

P. Maes, “Agents that reduce work and information overload,” Communications of the ACM, 1994

work page 1994

[26] [26]

Rethinking AI agents: A principal-agent perspective,

M. H. Jarrahi and P. Ritala, “Rethinking AI agents: A principal-agent perspective,”California Management Re- view, 2025. [Online]. Available: https://cmr.berkeley.edu/2025/ 07/rethinking-ai-agents-a-principal-agent-perspective/

work page 2025

[27] [27]

Human-centred AI in FinTech: Developing a user experience (UX) research point of view (PoV) playbook,

F. Adedoyin, “Human-centred AI in FinTech: Developing a user experience (UX) research point of view (PoV) playbook,”arXiv preprint arXiv:2506.15325, 2025

work page arXiv 2025

[28] [28]

LLMs analyzing the analysts: Do BERT and GPT extract more value from financial analyst reports?

S. Kim, S. Kim, Y . Kim, J. Park, S. Kim, M. Kim, C. H. Sung, J. Hong, and Y . Lee, “LLMs analyzing the analysts: Do BERT and GPT extract more value from financial analyst reports?” in Proceedings of the 4th ACM International Conference on AI in Finance. ACM, 2023, pp. 383–391

work page 2023

[29] [29]

Agent payments protocol,

OKX Web3, “Agent payments protocol,” Onchain OS documentation, 2026, accessed: 2026-05-01. [Online]. Available: https://web3.okx.com/onchainos/dev-docs/payments/app

work page 2026

[30] [30]

Technical deep dive,

Virtuals Protocol, “Technical deep dive,” Virtuals Protocol Whitepaper, agent Commerce Protocol (ACP); accessed: 2026-03-

work page 2026

[31] [31]

Available: https://whitepaper.virtuals.io/about-virtuals/ agent-commerce-protocol-acp/technical-deep-dive

[Online]. Available: https://whitepaper.virtuals.io/about-virtuals/ agent-commerce-protocol-acp/technical-deep-dive

work page

[32] [32]

Agent Control Protocol: Admission Control for Agent Actions

M. Fernandez, “Agent control protocol: Admission control for agent actions,”arXiv preprint arXiv:2603.18829, 2026

work page internal anchor Pith review Pith/arXiv arXiv 2026

[33] [33]

Autonomous agents on blockchains: Standards, execution models, and trust boundaries.arXiv preprint arXiv:2601.04583, 2026

S. Alqithami, “Autonomous agents on blockchains: Standards, execution models, and trust boundaries,”arXiv preprint arXiv:2601.04583, 2026

work page arXiv 2026

[34] [34]

About virtuals protocol,

Virtuals Protocol, “About virtuals protocol,” Virtuals Protocol Whitepaper, accessed: 2026-03-31. [Online]. Available: https: //whitepaper.virtuals.io

work page 2026

[35] [35]

GAME framework,

Virtuals Protocol, “GAME framework,” Virtuals Proto- col Whitepaper, accessed: 2026-03-31. [Online]. Available: https://whitepaper.virtuals.io/builders-hub/game-framework

work page 2026

[36] [36]

ERC-8183: Agentic commerce,

D. Crapis, B. Lim, W. Tay, and Z. Chooi, “ERC-8183: Agentic commerce,” Ethereum Improvement Proposal, 2026, created: 2026- 02-25. [Online]. Available: https://eips.ethereum.org/EIPS/eip-8183

work page 2026

[37] [37]

Introducing the machine payments protocol,

J. Weinstein and S. Kaliski, “Introducing the machine payments protocol,” Stripe Blog, 2026, published: 2026-03-18. [Online]. Available: https://stripe.com/blog/machine-payments-protocol

work page 2026

[38] [38]

AESP: A human-sovereign economic protocol for AI agents with privacy-preserving settlement,

J. S. Wang, “AESP: A human-sovereign economic protocol for AI agents with privacy-preserving settlement,”arXiv preprint arXiv:2603.00318, 2026

work page arXiv 2026

[39] [39]

EIP-712: Typed structured data hashing and signing,

R. Bloemen, L. Logvinov, and J. Evans, “EIP-712: Typed structured data hashing and signing,” Ethereum Improvement Proposal 712,

work page

[40] [40]

Available: https://eips.ethereum.org/EIPS/eip-712

[Online]. Available: https://eips.ethereum.org/EIPS/eip-712

work page

[41] [41]

HTTP message signatures,

M. Thomson and A. Backman, “HTTP message signatures,” RFC 9421, 2024. [Online]. Available: https://www.rfc-editor.org/ rfc/rfc9421

work page 2024

[42] [42]

A secure agent-mediated payment protocol,

X. Pang, K.-L. Tan, Y . Wang, and J. Ren, “A secure agent-mediated payment protocol,” inInformation and Communications Security. Springer Berlin Heidelberg, 2002, pp. 422–433

work page 2002

[43] [43]

A mobile autonomous agent-based secure payment protocol supporting multiple payments,

Y . Wang and V . Varadharajan, “A mobile autonomous agent-based secure payment protocol supporting multiple payments,” inPro- ceedings of the 2005 IEEE/WIC/ACM International Conference on Intelligent Agent Technology. IEEE Computer Society, 2005, pp. 88–94

work page 2005

[44] [44]

What is the model context protocol (MCP)?

Model Context Protocol, “What is the model context protocol (MCP)?” Documentation, accessed: 2026-03-31. [Online]. Available: https://modelcontextprotocol.io/docs/getting-started/intro

work page 2026

[45] [45]

Security best prac- tices,

Model Context Protocol, “Security best prac- tices,” Documentation, accessed: 2026-03-31. [Online]. Available: https://modelcontextprotocol.io/docs/tutorials/security/ security best practices

work page 2026

[46] [46]

Principal-agent dynamics and digital (platform) economics in the age of agentic AI,

V . Stocker and W. Lehr, “Principal-agent dynamics and digital (platform) economics in the age of agentic AI,”Network Law Review, 2025, published: 2025-09-29. [Online]. Available: https://www.networklawreview.org/stocker-lehr-ai/

work page 2025

[47] [47]

Siegel, Nitya Nadgir, and Arvind Narayanan

S. Kapoor and A. Narayanan, “AI agents that matter,”arXiv preprint arXiv:2407.01502, 2024

work page arXiv 2024

[48] [48]

Agent-mediated integrative negotia- tion for retail electronic commerce,

R. H. Guttman and P. Maes, “Agent-mediated integrative negotia- tion for retail electronic commerce,” inAgent Mediated Electronic Commerce. Springer Berlin Heidelberg, 1999

work page 1999

[49] [49]

Automated negotiation,

T. Sandholm, “Automated negotiation,”Communications of the ACM, vol. 42, no. 3, pp. 84–85, 1999

work page 1999

[50] [50]

Security Threat Modeling for Emerging AI-Agent Protocols: A Comparative Analysis of MCP, A2A, Agora, and ANP

D. Nieper-Wisskirchen, P. Singh, S. Gupta, and J. Chang, “Se- curity threat modeling for emerging AI-agent protocols: A com- parative analysis of MCP, A2A, agora, and ANP,”arXiv preprint arXiv:2602.11327, 2026

work page internal anchor Pith review Pith/arXiv arXiv 2026

[51] [51]

Breaking the protocol: Security anal- ysis of the model context protocol specification and prompt in- jection vulnerabilities in tool-integrated llm agents,

N. Maloyan and D. Namiot, “Breaking the protocol: Security anal- ysis of the model context protocol specification and prompt injec- tion vulnerabilities in tool-integrated LLM agents,”arXiv preprint arXiv:2601.17549, 2026

work page arXiv 2026

[52] [52]

Agent audit: A security analysis system for llm agent applications,

H. Zhang, Y . Nian, and Y . Zhao, “Agent audit: A security analysis system for LLM agent applications,”arXiv preprint arXiv:2603.22853, 2026

work page arXiv 2026

[53] [53]

What is your AI agent buying? evaluation, biases, model dependence, and emerging implications of agentic e-commerce,

A. Allouah, O. Besbes, J. D. Figueroa, Y . Kanoria, and A. Ku- mar, “What is your AI agent buying? evaluation, biases, model dependence, and emerging implications of agentic e-commerce,” in Proceedings of the ACM Web Conference 2026. ACM, 2026, pp. 8697–8700

work page 2026

[54] [54]

Kapoor, N

S. Kapoor, N. Kolt, and D. Lazar, “Build agent advocates, not platform agents,”arXiv preprint arXiv:2505.04345, 2025

work page arXiv 2025

[55] [55]

A negotiation model in agent-mediated electronic commerce,

M. Chung and V . Honavar, “A negotiation model in agent-mediated electronic commerce,” inProceedings International Symposium on Multimedia Software Engineering. IEEE Computer Society, 2000, pp. 403–410

work page 2000

[56] [56]

Bilateral nego- tiation model for agent-mediated electronic commerce,

G. E. de Paula, F. S. Ramos, and G. L. Ramalho, “Bilateral nego- tiation model for agent-mediated electronic commerce,” 2001

work page 2001

[57] [57]

FinD- ebate: Multi-agent collaborative intelligence for financial analysis,

T. Cai, G. Li, N. Han, C. Huang, Z. Wang, C. Zeng, Y . Wang, J. Zhou, H. Zhang, Q. Chen, Y . Pan, S. Wang, and W. Wang, “FinD- ebate: Multi-agent collaborative intelligence for financial analysis,” inProceedings of The 10th Workshop on Financial Technology and Natural Language Processing, 2025, pp. 268–282

work page 2025

[58] [58]

Virtuals protocol fixes critical bug, re- wards security researcher,

H. Shittu, “Virtuals protocol fixes critical bug, re- wards security researcher,” Cryptonews, 2025, last updated: 2025-01-03. [Online]. Available: https://cryptonews.com/news/ virtuals-protocol-fixes-critical-bug-rewards-security-researcher/

work page 2025

[59] [59]

Identifying the Risks of LM Agents with an LM-Emulated Sandbox

Y . Ruan, H. Dong, A. Wang, S. Pitis, Y . Zhou, J. Ba, Y . Dubois, C. J. Maddison, and T. Hashimoto, “Identifying the risks of LM agents with an LM-emulated sandbox,”arXiv preprint arXiv:2309.15817, 2023

work page internal anchor Pith review arXiv 2023

[60] [60]

Taming OpenClaw: Security analysis and mitigation of autonomous LLM agent threats,

X. Deng, Y . Zhang, J. Wu, J. Bai, S. Yi, Z. Zou, Y . Xiao, R. Qiu, J. Ma, J. Chen, X. Du, X. Yang, S. Cui, C. Meng, W. Wang, J. Song, K. Xu, and Q. Li, “Taming OpenClaw: Security analysis and mitigation of autonomous LLM agent threats,”arXiv preprint arXiv:2603.11619, 2026

work page arXiv 2026

[61] [61]

A survey on trust- worthy LLM agents: Threats and countermeasures,

M. Yu, F. Meng, X. Zhou, S. Wang, J. Mao, L. Pan, T. Chen, K. Wang, X. Li, Y . Zhang, B. An, and Q. Wen, “A survey on trust- worthy LLM agents: Threats and countermeasures,” inProceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V .2. ACM, 2025, pp. 6216–6226

work page 2025

[62] [62]

Open Challenges in Multi-Agent Security: Towards Secure Systems of Interacting AI Agents

C. Schroeder de Witt, “Open challenges in multi-agent security: Towards secure systems of interacting AI agents,”arXiv preprint arXiv:2505.02077, 2025

work page internal anchor Pith review Pith/arXiv arXiv 2025

[63] [63]

Inter-agent trust models: A comparative study of brief, claim, proof, stake, reputation and constraint in agentic web protocol design — A2A, AP2, ERC-8004, and beyond,

B. A. Hu and H. Rong, “Inter-agent trust models: A comparative study of brief, claim, proof, stake, reputation and constraint in agentic web protocol design-A2A, AP2, ERC-8004, and beyond,” arXiv preprint arXiv:2511.03434, 2025

work page arXiv 2025

[64] [64]

Predicting stock price trends using language models to extract the sentiment from analyst reports,

A. Moreno, “Predicting stock price trends using language models to extract the sentiment from analyst reports,”Economics Letters, 2025

work page 2025

[65] [65]

Analysis of material facts on financial assets: A generative AI approach,

G. Assis, D. Vianna, G. L. Pappa, A. Plastino, W. Meira Jr, A. S. da Silva, and A. Paes, “Analysis of material facts on financial assets: A generative AI approach,” inProceedings of the Joint Workshop of the 7th Financial Technology and Natural Language Processing, the 5th Knowledge Discovery from Unstructured Data in Financial Services, and the 4th Works...

work page 2024

[66] [66]

Conservative predictions on noisy data,

O. Nabar and G. Shroff, “Conservative predictions on noisy data,” in4th ACM International Conference on AI in Finance, 2023

work page 2023

[67] [67]

A GANs-based approach for stock price anomaly detection and investment risk management,

S. Kim, J. Hong, and Y . Lee, “A GANs-based approach for stock price anomaly detection and investment risk management,” inPro- ceedings of the 4th ACM International Conference on AI in Finance. ACM, 2023, pp. 1–9

work page 2023

[68] [68]

Agentic commerce: A unified multi-retrieval framework for high-fidelity e-commerce chatbots,

M. E. Faysal, W. Feng, and E. Mony, “Agentic commerce: A unified multi-retrieval framework for high-fidelity e-commerce chatbots,” Journal of Computer Science and Artificial Intelligence, 2026

work page 2026

[69] [69]

Making GenAI smarter: Evidence from a portfolio allocation experiment,

L. Hornuf, D. Streich, and N. T ¨ollich, “Making GenAI smarter: Evidence from a portfolio allocation experiment,”SSRN Electronic Journal, 2025

work page 2025

[70] [70]

A deceit-tolerant negotiation model for agent mediated electronic commerce,

P. Xu, J. Gao, and H. Guo, “A deceit-tolerant negotiation model for agent mediated electronic commerce,” in2005 International Conference on Machine Learning and Cybernetics. IEEE, 2005

work page 2005

[71] [71]

Adversarial deep hedging: Learning to hedge without price process modeling,

M. Hirano, K. Minami, and K. Imajo, “Adversarial deep hedging: Learning to hedge without price process modeling,” inProceedings of the 4th ACM International Conference on AI in Finance. ACM, 2023, pp. 19–26

work page 2023

[72] [72]

When FinTech meets privacy: Securing financial LLMs with differential private fine-tuning,

S. Zhu, H. Leung, X. Wang, J. Wei, and H. Xu, “When FinTech meets privacy: Securing financial LLMs with differential private fine-tuning,” in2025 IEEE International Performance, Computing, and Communications Conference. IEEE, 2025, pp. 1–6

work page 2025

[73] [73]

Fine-tuning language models for predicting the impact of events associated to financial news articles,

N. Banerjee, A. Sarkar, S. Chakraborty, S. Ghosh, and S. K. Naskar, “Fine-tuning language models for predicting the impact of events associated to financial news articles,” inProceedings of the Joint Workshop of the 7th Financial Technology and Natural Language Processing, the 5th Knowledge Discovery from Unstructured Data in Financial Services, and the 4...

work page 2024

[74] [74]

Finllama: Financial sentiment classification for al- gorithmic trading applications,

T. Konstantinidis, G. Iacovides, M. Xu, T. G. Constantinides, and D. Mandic, “Finllama: Financial sentiment classification for al- gorithmic trading applications,”arXiv preprint arXiv:2403.12285, 2024

work page arXiv 2024

[75] [75]

Who pays when the agent fails? liability frame- works for autonomous payment systems in a fragmented regulatory landscape,

D. Shukanayev, “Who pays when the agent fails? liability frame- works for autonomous payment systems in a fragmented regulatory landscape,”SSRN Electronic Journal, 2025

work page 2025

[76] [76]

Legalising autonomous shopping agent processes,

M. Bain and B. Subirana, “Legalising autonomous shopping agent processes,”Computer Law & Security Report, 2003

work page 2003

[77] [77]

Agent-mediated electronic commerce,

H. S. Nwana, J. Rosenschein, T. Sandholm, C. Sierra, P. Maes, and R. Guttmann, “Agent-mediated electronic commerce,” inProceed- ings of the second international conference on Autonomous agents - AGENTS ’98. ACM Press, 1998

work page 1998

[78] [78]

Agent-mediated electronic commerce: An mit media laboratory perspective,

A. Moukas, G. Zacharia, R. Guttman, and P. Maes, “Agent-mediated electronic commerce: An mit media laboratory perspective,”Inter- national Journal of Electronic Commerce, 2000

work page 2000

[79] [79]

Agent-mediated electronic commerce: Scientific and technological roadmap,

C. Sierra and F. Dignum, “Agent-mediated electronic commerce: Scientific and technological roadmap,” 2001

work page 2001

[80] [80]

Contract model for agent mediated electronic commerce,

B. G ˆateau, D. Khadraoui, O. Boissier, and E. Dubois, “Contract model for agent mediated electronic commerce,” inProceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems. IEEE Computer Society, 2004, pp. 1454–1455

work page 2004