commerce.whisper.online · pricing

An identity layer that taxes every agent transaction is priced backwards.

The payment rails take a cut of the money. The agent-identity vendors charge you to register in each network's directory — Visa's, then Mastercard's, then Cloudflare's. Both bills climb exactly as agentic commerce scales toward a quarter of all e-commerce. A per-transaction meter over a rail already settling 100M+ agent payments is a number you cannot forecast — and it grows with your success, not your risk.

We price the other way. Flat, per agent identity, per year — not per transaction, not a payment take-rate, and never inside the payment flow, so we hold no card data and pull no PCI scope onto you. Keyless verify is free forever; attribution is never metered. One line item you can forecast — and one identity, not three network directories.

whisper verify --trustless costs nothing and needs no account — our own API is not in the trust path.

$0 Keyless verify, resolve and back-trace any agent — free forever, no account
0% Take-rate. We're never in the payment flow — no cut of the money, no PCI scope
One flat per-agent-identity/year figure — not per-transaction, per-seat or a take-rate
~109:1 Non-human identities now outnumber humans — a count a per-seat meter can't price
480k+ agents already settling on one rail (x402, 100M+ txns) — the volume a meter would tax
1 revoke replaces a platform-wide token rotation — one call, DNS-TTL, cross-platform

A price that climbs with your payment volume — and takes a cut of every transaction — isn't a price. It's a tax.

Two curves. One rises with every agent you ship, every transaction it settles, every directory you re-register in — and it's a percentage of money that isn't yours to keep. The other is a flat line you set once, forecast for years, and that never touches the payment flow.

annual cost → agent count · payment volume · attribution load → usage + take-rate per transaction · % of money · per directory at scale ↓ billed most exactly when you succeed most Whisper · flat per-agent-identity / year set once · forecast for years · attribution never metered the take-rate a flat price never charges
Flat means the number you sign this year is the number you defend in every budget after — and none of it is a percentage of the money moving on your rails. The cut you don't pay is the whole point.

Per agent identity, not per transaction

Priced to the thing you actually govern — the agent — so a busy agent or a spike in checkout volume never moves the invoice. Ship a new agent, open a marketplace, weather a fraud wave: the figure holds. No percentage of the money changing hands.

Never in the payment flow

Whisper is the identity layer beneath the rails — it does not settle, tokenize a PAN, or move funds. So there is no take-rate, and because we never touch card data, no PCI-DSS scope is pulled onto you. The money moves on A2A, AP2, x402, Visa or Mastercard, untouched.

Attribution is never metered

Run identify, walk, history and Cypher as hard as an incident demands. No per-query tax means your fraud team never rations a hunt while an agent rotating egress across clouds keeps transacting.

Start keyless and free. Prove it on a fleet or a marketplace. Roll it across the platform — flat the whole way.

POC → pilot → enterprise, exactly the path an agent program buys on. Every tier speaks the same address-is-identity primitive — a routable /128 derived from the key your agent already carries; you only widen how many agents it covers, never re-platform.

POC

Free, forever

$0

No card. Keyless verify needs no account; a free key unlocks a handful of live agent identities.

The keyless half of the platform — trustless, anchored at the IANA root, our API never in the path — plus enough real identities to run the whole loop:

  • whisper verify --trustless any agent identity
  • Resolve and reverse-resolve a /128, read its RDAP and its DANE-pinned Agent Card key
  • Read the public Merkle transparency log for any identity
  • Provision a handful of agent identities (device_id = your agent id) — enough to prove it end-to-end
Pilot

Flat engagement

Fixed scope

One agent fleet or one marketplace, time-boxed, one flat price.

Everything in POC, keyed to a defined agent count so a program owner can prove value before the board:

  • Full control plane — provision, policy, firewall, budget, revoke
  • Full attribution graph — unmetered during the pilot
  • Pin a wallet to a verifiable agent (accountable, revocable x402) + a2a-trust
  • Machine-readable feed into your SIEM: Splunk & Microsoft Sentinel today (STIX 2.1 / TAXII on the roadmap)
Enterprise

Flat per-agent-identity / year

Agent quote

One rate, quoted to your agent count. It doesn't move.

The whole platform, all three planes, across every agent — the way a CISO buys defence-in-depth:

  • Identity, attribution graph and egress governance, platform-wide
  • Per-agent kill-switch and spend caps (budget + revoke) — unlimited attribution, no per-query meter
  • On-prem or your own tenant — GDPR / data-residency by construction, and still no PCI scope
  • Enterprise support and SLA

Why a quote, not a sticker. A platform price is one number, but the right number depends on agent count, on-prem vs tenant, and the evidence you need for your PSPs and card-network partners — so we quote it flat and in writing, and it holds for the term. No usage true-ups, no take-rate, no surprise line at renewal. Get an agent quote →

The same platform, at three widths. Nothing behind the paywall is the ability to verify.

The keyless verification a merchant, a facilitator or a peer agent needs to check "which agent am I really transacting with?" is free at every tier — on principle. The keyed tiers widen coverage and feed your stack; they never gate the ability to verify.

CapabilityPOCPilotEnterprise
Trustless verify / resolve / RDAP (whisper verify --trustless)
Trace a /128 to the agent behind it (reverse-DNS + RDAP)
Read the Merkle transparency log (issuance + revocation trail)
Provision agent /128 identities (device_id = agent id, DANE-EE)a handfulagent fleetplatform-wide
DANE-anchored Agent Card key (A2A) · pin-a-wallet (x402) · a2a-trust
Full attribution graph (identify, origins, walk, history, Cypher)unmeteredunlimited
Egress governance (policy, firewall, budget, lookups, revoke)agent fleetplatform-wide
SIEM feed: Splunk & Microsoft Sentinel connectors today · CEF/ECS
PSD2 / AP2-mandate evidence export (STIX / TAXII on the roadmap)
On-prem / own tenant (data residency, GDPR)
Per-agent kill-switch & spend caps · enterprise support & SLApilot support
In the payment flow — take-rate, settlement, PCI scopenevernevernever
Metered by usage (per transaction / query / seat)nevernevernever

One honest note on the socket. Shipped today: derive a /128 from your agent's public key with its agent id passed as device_id — so any A2A, AP2 or x402 agent gets a verifiable identity with the key it already has. A first-class typed --agent argument is on the roadmap; it changes the ergonomics, not the price.

The ROI isn't a promise — it's the fraud losses and reset drills the flat line takes off your books.

A predictable figure is only half the case. The other half is what it removes: fraud you avoid by verifying before you transact, the blast radius of a compromised agent, the analyst hours lost to rotating egress, and the audit trail you no longer reassemble.

Fraud you avoid by verifying first

Turn "is this a real agent?" from a guess into a lookup — resolve its /128, check the DANE-pinned Agent Card key, confirm it isn't revoked, then honor the mandate. Block the impersonators presenting a shadow-cloned Agent Card, not the shoppers — and stop eating the chargeback on a purchase you couldn't attribute.

One revoke, not a platform-wide reset

A compromised agent integration can spread across 700+ trust domains in ~10 days on stolen tokens — and revocation doesn't propagate, because cross-domain revocation is a missing protocol, not a latency problem. One revoke tears the identity down worldwide at DNS-TTL — no per-network token rotation, no domains left trusting a dormant credential.

Attribution across rotating egress

A pseudonymous agent hopping clouds and residential proxies correlates to nothing on the last IP. The graph fingerprints the operator across the rotation and returns a replayable evidence chain — the analyst hours go back to your fraud team, and the meter never punishes them for looking harder.

Dispute & liability evidence you don't rebuild

Every mint and every revoke lands in a public, append-only Merkle transparency log — a non-repudiable "who acted, under whose mandate, still authorized?" trail. A durable, attributable subject to bind PSD2 / delegated-authentication evidence and AP2 mandates to when a four-party chargeback lands. Honest status: tamper-evident and Bitcoin-anchored today, independent witnessing next.

One identity, not three network silos

Instead of onboarding into Visa's registry, then Mastercard's, then Cloudflare's JWKS, you resolve one DNSSEC/DANE identity any counterparty already-running DNS can check — neutral across A2A, AP2, x402, Visa and Mastercard. The per-directory re-registration cost, and its drift, simply goes away.

No shadow costs, no take-rate at renewal

No per-transaction true-up, no percentage of the money you move, no per-seat creep as your fraud team grows, no data-egress fee. And a vendor that will still be here: real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers.

A pricing model can be an attack surface. Ours isn't.

If identity is metered, an adversary can run up your bill and a defender rations their own hunt. If it takes a cut, it grows with your success and drags PCI scope in behind it. We priced those failure modes out.

"If you sit in the payment flow, does my cost scale with my transaction volume — and do you pull PCI scope onto me?"

Neither. Whisper never settles, tokenizes a PAN, or moves funds — the money rides your rails (A2A / AP2 / x402 / Visa / Mastercard) untouched. There is no take-rate, and because we hold no card data there is no PCI-DSS scope to inherit. You pay per agent identity, once a year; transaction volume moves your revenue, not your invoice.

"If attribution is metered, do my analysts have to ration lookups in the middle of an incident?"

Never. The graph is unmetered on the keyed tiers — identify, walk, history and Cypher run as hard as the hunt demands. There is no per-query line for an adversary to inflate and none for a defender to fear.

"Is the free tier a real capability or a trap that expires into a sales call?"

Real, and permanent. Keyless verify is anchored at the IANA root — our own API is not in the trust path, so we couldn't gate it if we wanted to. Answering "which agent is this, provably?" is a public check; charging for the truth would defeat the point.

Straight answers, before the call.

BILLING

What exactly is metered?

Nothing by usage, and nothing by transaction value. You pay a flat rate per agent identity, per year. No per-API-transaction charge, no payment take-rate, no per-query graph fee, no per-analyst seat, no data-egress bill. The only variable is how many agent identities the program covers.

ENTRY

Can I try it without procurement?

Yes — the POC tier is free and needs no account for the keyless checks. Run whisper verify --trustless today, resolve and read RDAP for any /128, and provision a handful of live agent identities to run the full loop. When you're ready, a Pilot is a fixed, time-boxed engagement on an agent fleet or a marketplace.

GROWTH

What happens when my agent count grows?

The per-agent-identity rate holds; the total scales linearly and predictably with agent count, quoted in writing for the term. No usage true-up, no take-rate on a busier rail, no renewal surprise. Your success moves your revenue, never your bill.

STACK

Is this on top of my rails and SIEM cost?

It's an anchor beneath the rails and a feed into the SIEM you already run — additive to A2A, AP2, x402, Visa and Mastercard, and to the Splunk and Microsoft Sentinel you already pay for. It never redefines the protocol, never settles the payment, and isn't a second console to staff.

RESIDENCY

On-prem or hosted?

Either. The Enterprise tier runs on-prem or in your own tenant, so the graph and per-agent logs stay where your regulator needs them — GDPR and data residency by construction, at no metered premium. And since we never hold card data, no PCI-DSS scope follows the deployment.

EXIT

What if I stop?

Identities are DNSSEC/DANE objects you can verify independently with dig and openssl, the transparency log is public and append-only, and evidence exports are open formats (CEF, ECS; STIX on the roadmap). There's no proprietary lock on your own attestations, your wallet pins, or your compliance record.

Flat depth on top of the stack you already run — it doesn't redefine a protocol or move a cent, it de-risks the whole flow.

You already run agent interop (A2A), payment authorization and settlement (AP2, x402, Visa Intelligent Commerce, Mastercard Agent Pay), and you should keep them — Whisper is additive to all of them, and additive even to the newer DNS-anchored entrants (DNSid, ANS, DNS-AID) that anchor a name or ownership record. Where a per-transaction rail makes the bill unforecastable and a percentage of your revenue, and a per-network directory makes you register three times over, a flat per-agent-identity line adds the layers no one else delivers together — a routable, publicly-verifiable /128, DNS-TTL revocation, pin-a-wallet, egress governance, and a cross-platform attribution graph — without a meter and without a new silo.

Pricing modelForecastable?Grows with volume / take-rate?
Per-transaction rail / payment take-rate (x402, card networks)hardyes — a % of the money
Per-network directory registration (Visa / MC / Cloudflare silos)partlyre-onboard per network
Whisper — flat per-agent-identity / yearyesno — never in the flow

It makes the A2A, AP2, x402, Visa TAP and Mastercard Agent Pay investments you already carry sharper — one neutral identity they can each resolve, as a machine-readable feed into your SIEM — not a thing they compete with. See the full comparison →

One flat number. Every agent, verifiable.

Keyless verify is free forever — start there, no account. When you're ready, an agent quote is one flat per-agent-identity/year figure you can forecast and defend. No take-rate, no PCI scope, no surprise at renewal.

Or run whisper verify --trustless right now — it costs nothing.