AI agents now have their own budget: welcome to uncontrolled spending
AWS just launched Amazon Bedrock AgentCore Payments in partnership with Coinbase and Stripe. The concept: give AI agents autonomous wallets so they can pay for transactions directly without human intervention.
On paper, it’s attractive. An agent triggers an action, pays an API, gets the result. Zero friction, zero approval delays.
In reality? It’s a budget trap that 90% of SMBs never saw coming.
First, control evaporates. Your agent handles 10,000 customer requests per day, each one triggering paid API calls to Stripe, verification services, external databases. You thought you’d spend €200/month? You end up at €3,000 because the agent optimized its logic toward the most expensive solution without telling you.
Second, security becomes a silent disaster. A compromised agent doesn’t steal your data—it simply drains its wallet in an infinite loop. No visible trace until next month’s bill.
Finally, hidden costs explode fast. AWS takes its cut. Stripe takes theirs. Every micro-transaction generates fees. At scale, it’s death by a thousand cuts.
This isn’t bad technology. It’s just that nobody thought through the guardrails.
What this means for your business
For your SMB, three immediate actions:
-
Don’t deploy agents with unlimited autonomous wallets. If you’re testing this technology, enforce strict daily or weekly caps, even generous ones. €50/day maximum to start.
-
Audit every API call your agents make. You need to see exactly what the agent is paying, to whom, and why. AWS tools have the logs—demand near-real-time access, not end-of-month reports.
-
Calculate the true total cost before deploying. Don’t just count the AWS bill. Add transaction fees, payment processor commissions, triggered API calls. It’s often 3-5× more expensive than expected.
The real question: do you actually need the agent to pay on its own? For 80% of SMBs, the answer is no. An approval workflow—even a fast one (5 minutes)—prevents damage.
In brief
OpenAI launches Daybreak: proactive security through AI
OpenAI deploys Daybreak, an AI agent that detects and fixes security vulnerabilities in your code before attackers find them. Uses Codex Security to model threats. For tech SMBs, this is an automated protection layer you couldn’t afford before.
GM cuts traditional IT staff, hires AI expertise
General Motors is restructuring its IT workforce: fewer network administrators, more native AI engineers, data engineers, and agent developers. Clear signal: traditional technical skills are becoming obsolete. SMBs need to anticipate this talent reallocation wave.
Anthropic enters legal automation space
Anthropic launches AI tools for law firms: document research, file review, deposition prep, drafting. For non-tech SMBs with legal processes (contracts, compliance), this drastically reduces the need for outside billable hours.
Vapi (AI voice startup) hits $500M valuation after Amazon Ring deal
Vapi, a platform for AI voice agents, becomes a unicorn thanks to a major contract with Amazon Ring. Its enterprise traffic has grown 10× since early 2025. Signal that AI voice agents for customer support are now industrialized and profitable at scale.
Get The AI Brief in your inbox
3x per week, the essentials of AI decoded for business leaders.