# Pricing — Whisper for Commerce · flat, per-agent-identity, predictable

> An identity layer that taxes every agent transaction is priced backwards.
> Whisper is flat, per agent identity, per year — not per transaction, not a payment take-rate,
> and never inside the payment flow (no card data, no PCI scope).
> Keyless verify is free forever, attribution is never metered. One line item you can forecast.

The payment rails take a cut of the money. The agent-identity vendors charge you to register
in each network's directory — Visa's, then Mastercard's, then Cloudflare's. Both bills climb
*exactly* as agentic commerce scales toward a quarter of all e-commerce. A per-transaction
meter over a rail already settling 100M+ agent payments is a number you cannot forecast — and
it grows with your success, not your risk. **We price the other way.**

`whisper verify --trustless` costs nothing and needs no account — our own API is not in the trust path.

- **$0** — Keyless verify, resolve and back-trace any agent, free forever, no account
- **0%** — Take-rate. We're never in the payment flow — no cut of the money, no PCI scope
- **1×** — One flat per-agent-identity/year figure — not per-transaction, per-seat or a take-rate
- **~109:1** — Non-human identities now outnumber humans — a count a per-seat meter can't price
- **480k+** — agents already settling on one rail (x402, 100M+ txns) — the volume a meter would tax
- **1** — revoke replaces a platform-wide token rotation — one call, DNS-TTL, cross-platform

---

## The pricing principle

**A price that climbs with your payment volume — and takes a cut of every transaction — isn't
a price. It's a tax.** Two curves. One rises with every agent you ship, every transaction it
settles, every directory you re-register in — and it's a percentage of money that isn't yours
to keep. The other is a flat line you set once, forecast for years, and that never touches the
payment flow.

```
annual cost
  ▲
  │                                             ╱ usage + take-rate
  │                                        ╱╱      (per transaction · % of money · per directory)
  │                                  ╱╱          ◀── at scale: billed most exactly when you succeed most
  │                          ╱╱╱
  │                ╱╱╱╱
  │        ╱╱╱╱
  ├──────────────────────────────────────────── Whisper · flat per-agent-identity / year
  │        (set once · forecast for years · attribution never metered)
  └──────────────────────────────────────────────▶ agent count · payment volume · attribution load
       the gap between the lines is the take-rate a flat price never charges
```

- **Per agent identity, not per transaction** — priced to the thing you govern, the agent, so a busy agent or a spike in checkout volume never moves the invoice. No percentage of the money changing hands.
- **Never in the payment flow** — Whisper is the identity layer *beneath* the rails; it doesn't settle, tokenize a PAN, or move funds. So there is no take-rate, and because we never touch card data, no PCI-DSS scope is pulled onto you. The money moves on A2A, AP2, x402, Visa or Mastercard, untouched.
- **Attribution is never metered** — run `identify`, `walk`, `history` and Cypher as hard as an incident demands; no per-query tax means your fraud team never rations a hunt while an agent rotating egress keeps transacting.

---

## Three tiers · one primitive

Start keyless and free. Prove it on an agent fleet or a marketplace. Roll it across the
platform — flat the whole way. POC → pilot → enterprise, exactly the path an agent program
buys on. Every tier speaks the same *address-is-identity* primitive — a routable `/128`
derived from the key your agent already carries; you only widen how many agents it covers,
never re-platform.

### POC — free, forever · **$0**

No card. Keyless verify needs no account; a free key unlocks a handful of live agent
identities. The keyless half of the platform — trustless, anchored at the IANA root, our API
never in the path — plus enough real identities to run the whole loop:

- `whisper verify --trustless` any agent identity
- Resolve and reverse-resolve a /128, read its RDAP and its DANE-pinned Agent Card key
- Read the public Merkle transparency log for any identity
- Provision a handful of agent identities (`device_id` = your agent id) — enough to prove it end-to-end

### Pilot — flat engagement · fixed scope

One agent fleet or one marketplace, time-boxed, one flat price. Everything in POC, keyed to a
defined agent count so a program owner can prove value before the board:

- Full control plane — provision, `policy`, `firewall`, `budget`, `revoke`
- Full attribution graph — unmetered during the pilot
- Pin a wallet to a verifiable agent (accountable, revocable x402) + a2a-trust
- Machine-readable feed into your SIEM: Splunk & Microsoft Sentinel today (STIX 2.1 / TAXII on the roadmap)

### Enterprise — flat per-agent-identity / year · agent quote

One rate, quoted to your agent count. It doesn't move. The whole platform, all three planes,
across every agent — the way a CISO buys defence-in-depth:

- Identity, attribution graph and egress governance, platform-wide
- Per-agent kill-switch and spend caps (`budget` + `revoke`) — unlimited attribution, no per-query meter
- On-prem or your own tenant — GDPR / data-residency by construction, and still no PCI scope
- Enterprise support and SLA

**Why a quote, not a sticker.** A platform price is one number, but the right number depends on
agent count, on-prem vs tenant, and the evidence you need for your PSPs and card-network
partners — so we quote it flat and in writing, and it holds for the term. No usage true-ups,
no take-rate, no surprise line at renewal.
Get an agent quote → <https://console.whisper.security/sign-up>

---

## What each tier includes

The keyless verification a merchant, a facilitator or a peer agent needs to check "which agent
am I really transacting with?" is free at every tier — on principle. The keyed tiers widen
coverage and feed your stack; they never gate the ability to *verify*.

| Capability | POC | Pilot | Enterprise |
|---|---|---|---|
| Trustless verify / resolve / RDAP (`whisper verify --trustless`) | ✓ | ✓ | ✓ |
| Trace a /128 to the agent behind it (reverse-DNS + RDAP) | ✓ | ✓ | ✓ |
| Read the Merkle transparency log (issuance + revocation trail) | ✓ | ✓ | ✓ |
| Provision agent /128 identities (`device_id` = agent id, DANE-EE) | a handful | agent fleet | platform-wide |
| DANE-anchored Agent Card key (A2A) · pin-a-wallet (x402) · a2a-trust | — | ✓ | ✓ |
| Full attribution graph (`identify`, `origins`, `walk`, `history`, Cypher) | — | unmetered | unlimited |
| Egress governance (`policy`, `firewall`, `budget`, `lookups`, `revoke`) | — | agent fleet | platform-wide |
| SIEM feed: Splunk & Microsoft Sentinel connectors today · CEF/ECS | — | ✓ | ✓ |
| PSD2 / AP2-mandate evidence export (STIX / TAXII on the roadmap) | — | ✓ | ✓ |
| On-prem / own tenant (data residency, GDPR) | — | — | ✓ |
| Per-agent kill-switch & spend caps · enterprise support & SLA | — | pilot support | ✓ |
| In the payment flow — take-rate, settlement, PCI scope | never | never | never |
| Metered by usage (per transaction / query / seat) | never | never | never |

**One honest note on the socket.** Shipped today: derive a `/128` from your agent's public key
with its *agent id* passed as `device_id` — so any A2A, AP2 or x402 agent gets a verifiable
identity with the key it already has. A first-class typed `--agent` argument is on the roadmap;
it changes the ergonomics, not the price.

---

## Where the flat number pays for itself

The ROI isn't a promise — it's the fraud losses and reset drills the flat line takes off your
books. A predictable figure is only half the case; the other half is what it removes: fraud you
avoid by verifying first, the blast radius of a compromised agent, analyst hours lost to
rotating egress, and the audit trail you no longer reassemble.

- **Fraud you avoid by verifying first.** Turn "is this a real agent?" from a guess into a lookup — resolve its `/128`, check the DANE-pinned Agent Card key, confirm it isn't revoked, *then* honor the mandate. Block the impersonators presenting a shadow-cloned Agent Card, not the shoppers — and stop eating the chargeback on a purchase you couldn't attribute.
- **One revoke, not a platform-wide reset.** A compromised agent integration can spread across **700+ trust domains in ~10 days** on stolen tokens — and revocation doesn't propagate, because cross-domain revocation is *a missing protocol, not a latency problem*. One `revoke` tears the identity down worldwide at DNS-TTL — no per-network token rotation, no domains left trusting a dormant credential.
- **Attribution across rotating egress.** A pseudonymous agent hopping clouds and residential proxies correlates to nothing on the last IP. The graph fingerprints the *operator* across the rotation and returns a replayable evidence chain — the analyst hours go back to your fraud team, and the meter never punishes them for looking harder.
- **Dispute & liability evidence you don't rebuild.** Every mint and every revoke lands in a public, append-only Merkle transparency log — a non-repudiable "who acted, under whose mandate, still authorized?" trail. A durable, attributable subject to bind PSD2 / delegated-authentication evidence and AP2 mandates to when a four-party chargeback lands. *Honest status:* tamper-evident and Bitcoin-anchored today, independent witnessing next.
- **One identity, not three network silos.** Instead of onboarding into Visa's registry, then Mastercard's, then Cloudflare's JWKS, you resolve *one* DNSSEC/DANE identity any counterparty already-running DNS can check — neutral across A2A, AP2, x402, Visa and Mastercard. The per-directory re-registration cost, and its drift, simply goes away.
- **No shadow costs, no take-rate at renewal.** No per-transaction true-up, no percentage of the money you move, no per-seat creep as your fraud team grows, no data-egress fee. And a vendor that will still be here: real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers.

---

## A pricing model can be an attack surface. Ours isn't.

If identity is metered, an adversary can run up your bill and a defender rations their own
hunt. If it takes a cut, it grows with your success and drags PCI scope in behind it. We priced
those failure modes out.

> **"If you sit in the payment flow, does my cost scale with my transaction volume — and do you pull PCI scope onto me?"**
> Neither. Whisper never settles, tokenizes a PAN, or moves funds — the money rides your rails
> (A2A / AP2 / x402 / Visa / Mastercard) untouched. There is no take-rate, and because we hold no
> card data there is no PCI-DSS scope to inherit. You pay per agent identity, once a year;
> transaction volume moves your revenue, not your invoice.

> **"If attribution is metered, do my analysts have to ration lookups in the middle of an incident?"**
> Never. The graph is unmetered on the keyed tiers — `identify`, `walk`, `history` and Cypher
> run as hard as the hunt demands. There is no per-query line for an adversary to inflate and
> none for a defender to fear.

> **"Is the free tier a real capability or a trap that expires into a sales call?"**
> Real, and permanent. Keyless `verify` is anchored at the IANA root — *our own API is not in
> the trust path*, so we couldn't gate it if we wanted to. Answering "which agent is this,
> provably?" is a public check; charging for the truth would defeat the point.

---

## The questions procurement always asks

- **What exactly is metered?** Nothing by usage, and nothing by transaction value. A flat rate per agent identity, per year — no per-transaction charge, no payment take-rate, no per-query graph fee, no per-seat licence, no data-egress bill. The only variable is how many agent identities the program covers.
- **Can I try it without procurement?** Yes — the POC tier is free and needs no account for the keyless checks. Run `whisper verify --trustless` today, resolve and read RDAP for any /128, and provision a handful of live agent identities. When you're ready, a Pilot is a fixed, time-boxed engagement on an agent fleet or a marketplace.
- **What happens when my agent count grows?** The per-agent-identity rate holds; the total scales linearly and predictably with agent count, quoted in writing for the term. No usage true-up, no take-rate on a busier rail, no renewal surprise.
- **Is this on top of my rails and SIEM cost?** It's an anchor *beneath* the rails and a feed *into* the SIEM you already run — additive to A2A, AP2, x402, Visa and Mastercard, and to the Splunk and Microsoft Sentinel you already pay for. It never redefines the protocol, never settles the payment, and isn't a second console to staff.
- **On-prem or hosted?** Either. The Enterprise tier runs on-prem or in your own tenant, so the graph and per-agent logs stay where your regulator needs them — at no metered premium. And since we never hold card data, no PCI-DSS scope follows the deployment.
- **What if I stop?** Identities are DNSSEC/DANE objects you can verify independently with `dig` and `openssl`, the transparency log is public and append-only, and evidence exports are open formats (CEF, ECS; STIX on the roadmap). No proprietary lock on your own attestations, your wallet pins, or your compliance record.

---

## How it sits next to what you already buy

**Flat depth on top of the stack you already run — it doesn't redefine a protocol or move a
cent, it de-risks the whole flow.** You already run agent interop (A2A), payment authorization
and settlement (AP2, x402, Visa Intelligent Commerce, Mastercard Agent Pay), and you should
keep them — Whisper is additive to all of them, and additive even to the newer DNS-anchored
entrants (DNSid, ANS, DNS-AID) that anchor a *name or ownership record*. Where a per-transaction
rail makes the bill unforecastable and a percentage of your revenue, and a per-network directory
makes you register three times over, a flat per-agent-identity line adds the layers no one else
delivers together — a routable, publicly-verifiable /128, DNS-TTL revocation, pin-a-wallet,
egress governance, and a cross-platform attribution graph — without a meter and without a new
silo.

| Pricing model | Forecastable? | Grows with volume / take-rate? |
|---|---|---|
| Per-transaction rail / payment take-rate (x402, card networks) | hard | yes — a % of the money |
| Per-network directory registration (Visa / MC / Cloudflare silos) | partly | re-onboard per network |
| Whisper — flat per-agent-identity / year | yes | no — never in the flow |

It makes the A2A, AP2, x402, Visa TAP and Mastercard Agent Pay investments you already carry
sharper — one neutral identity they can each resolve, as a machine-readable feed into your SIEM
— not a thing they compete with. [See the full comparison →](/compare)

---

## One flat number. Every agent, verifiable.

Keyless verify is free forever — start there, no account. When you're ready, an agent quote is
one flat per-agent-identity/year figure you can forecast and defend. No take-rate, no PCI scope,
no surprise at renewal.

Get an agent quote → <https://console.whisper.security/sign-up> · [For merchants →](/for-merchants)

Or run `whisper verify --trustless` right now — it costs nothing.

---

*Whisper for Commerce · Identity on the wire for AI commerce agents · AS219419 · 2a04:2a01::/32*
*© viaGraph B.V. (dba Whisper Security)*
