Pine Labs enables AI agents to complete UPI payments without manual authentication

Pine Labs Says AI Agents Can Now Complete UPI Payments Without MPIN

* The P3P system enables AI agents to make UPI payments * Users can set spending rules for AI to carry out purchases * Pine Labs has partnered with Grantex for added security The Pine Labs Payment Protocol (P3P) was launched in India on Thursday. The financial technology company said that it is a new payment infrastructure that enables AI agents to autonomously complete UPI transactions. P3P is claimed to eliminate the need for manual authentication during payments. It is built upon the existing UPI mandate framework. As per the company, users can authorise spending rules once and let AI agents execute purchases on their behalf. Pine Labs' P3P System for Agentic Commerce The company says that the country's existing UPI infrastructure is designed around human-initiated transactions. This means users have to authenticate payments using methods such as MPINs. While it has been successful for digital payments, the company said that it creates a bottleneck for agentic commerce, a recently developing industry where AI systems have the capability of autonomously browsing, comparing products, negotiating prices, and completing purchases. The P3P system aims to address these limitations by extending UPI's existing mandate-based architecture. It also builds upon existing frameworks like One Time Mandates (OTM), Reserve Pay, and Single Block Multiple Debit (SBMD). To begin with, users are required to provide approval through a one-time authorisation process. Once established, an AI agent can execute transactions automatically within the predefined limits. It does not request additional authentication for every purchase. The company has partnered with Grantex to provide identity verification, delegated authorisation, spending controls, compliance checks, and audit trails. The protocol is also claimed to incorporate HTTP 402, which is the web standard for machine-readable payment requests and facilitates agent-to-agent payment interactions. Pine Labs emphasised that users still retain control throughout the entire process. They can define spending limits, verify the identity of AI agents, review previous transactions, and revoke permissions. The P3P system is already said to be live in production and is being deployed across multiple industries. For example, digital gold investment platform Gullak has integrated P3P into its service. Electronics retailer Vijay Sales is also conducting a proof-of-concept deployment of the protocol. Currently restricted to UPI, the fintech company is working with major card networks to extend the protocol to card-based transactions, too. Citing industry estimates, Pine Labs projected the global agentic commerce market to reach $65.47 billion (roughly Rs. 6.22 lakh crore) by 2033. India is claimed to play a key role in the growth of autonomous commerce due to its extensive UPI infrastructure.

UPI and AI: 'Buy Rs 500 worth gold if price drops below Rs 16,000/g'; your wish is AI agent's command, and it can make UPI payments at your target price

The P3P AI agent can complete a UPI payment without any human authentication. However, the human still stays in control. Currently, AI agents need a human authentication step, an MPIN, to make any payments. Pine Labs has removed this wall. It builds on UPI's existing mandate framework - UPI One Time Mandates (OTM) and Reserve Pay. You say, "Buy gold worth Rs 500 as soon as the price goes below Rs 16,000 per gram", and its done! Sounds utopian, right? But it could soon become a reality with an AI agent making autonomous payments at the price set by you, so you never miss a deal, discount or sale. Income Tax Guide Income Tax Union Budget FY 2026-27 LiveIncome Tax Slabs FY 2025-26Income Tax Calculator 2025 Every investor would feel the pain of missing a trade at a lower price before it went out of reach. But now, you can deploy an AI agent to do this, without having to worry about missing out on the extra returns. While might be extensively using artificial intelligence (AI) for automating tasks, writing emails, finding the best deals, but now it can decide when to strike deals using UPI mandate. Fintech firm Pine Labs has introduced India's first agent-to-agent payment capability. Automated transactions: An AI agent that can make UPI payments on its own Called Pine Labs Payment Protocol (P3P), this AI agent can complete a UPI payment without any human authentication. However, the human still stays in control. Currently, AI agents need a human authentication step, an MPIN, to make any payments. Pine Labs has removed this wall. ALSO READ | Booked flats in 2005, still awaiting possession: Builder ordered to pay 10.05% interest to homebuyers for nearly 20-year delay In agentic commerce, where AI acts on a user's behalf, there is no person at that moment. The agent reaches checkout. The authentication screen appears. The transaction fails, the company explained. It's AI agent P3P builds on UPI's existing mandate framework - UPI One Time Mandates (OTM) and Reserve Pay - wherein a user gets a mandate for a particular payment (SIP, IPO etc.), which they approve and the transaction is complete. This AI agent would need an authorisation from the consumer once. After that, the agent would browse, select, negotiate, and pay. How P3P will work The offering is already live on digital gold savings platform Gullak. How it works is that a Gullak user sets a simple rule: "Buy ₹500 of gold if the price drops below Rs 16,000 per gram" and approves a UPI mandate once. Gullak's AI agent keeps a track of gold prices and does the rest. The consumer gets a confirmation, not a request for permission. According to Gullak co-founder Manthan Shah, "With P3P, we are moving from manual savings to autonomous wealth creation." * AI agent needs authorisation from the consumer once * After that, it would browse, select, negotiate, and pay Can AI agents also help in online shopping, deals? Yes. This P3P agent is also at work at Vijay Sales. Here, the value-conscious consumer can deploy the AI agent to secure a product the moment it hits their target price, instead of constantly checking for the right deal. "It's like giving every customer a personal shopper who never misses a deal," says Karan Gupta, Managing Director, Vijay Sales. ALSO READ | Big travel deals on this credit card - Rs 8000 discount on Air India flights, up to 20% off on hotel bookings & more Meanwhile, the AI agent would soon be deployed across retail, fintech, travel, and beyond. "An agent securing a flash sale the moment it goes live. A down payment locked in before inventory disappears. A savings trigger at the right price. These are new behaviours, native to how India transacts," added Pine Labs CEO Amrish Rau. Is an AI agent for UPI payments safe? Money is something that every individual is very cautious about. So, it is smart to let AI take control of the same? According to Pine Labs, Grantex takes control of keeping the AI in check. Grantex provides verifiable identity, delegated authorisation, spend controls, and auditability. It allows the consumer to be in absolute control - checking agent identity, enforcing pre-approved spending limits, and creating a full audit trail for every payment. Moreover, the consumer can revoke or update the mandate at any time.

Pine Labs' Agentic Payments Protocol Raises UPI, Liability and Privacy Questions

Pine Labs has launched the Pine Labs Payment Protocol (P3P), a system built on the Unified Payments Interface (UPI) that lets Artificial Intelligence (AI) agents, software that acts on a user's behalf, make and complete payments on their own, without the user approving each transaction. The user gives permission once, in advance, and the AI agent then pays within the limits they set. How P3P works: The user sets up a UPI mandate, a standing instruction that pre-approves payments up to a fixed limit, and the AI agent transacts within those bounds. The protocol combines three parts: * UPI's mandate frameworks: Two existing UPI systems, Single Block Multiple Debit (SBMD), which Pine Labs brands as UPI ReservePay, and One Time Mandate (OTM). These systems set aside a fixed amount in the user's bank account upfront and debit it later when a condition is met. * Grantex: A separate identity layer that checks whether the AI agent is genuine, enforces the user's spending limits, and keeps a record of every payment for the user to review. * Hypertext Transfer Protocol 402 (HTTP 402): An open web standard, a publicly available technical rule any developer can use, that lets software request and make payments in a machine-readable way. This is what allows any AI agent on any platform to use P3P, not just one company's assistant. The user approves the mandate once by scanning a code in their UPI app, after which the agent's requests debit against the reserved funds without fresh approval. The user can cancel the mandate at any time. Who is live on it: * Gullak, a digital gold savings platform, is the first to go live. A user sets a rule such as "buy Rs 500 of gold if the price drops below Rs 16,000 per gram", approves a mandate once, and the AI agent automatically buys the gold when the price meets the condition. * Vijay Sales, an electronics retail chain, is in a proof of concept, testing P3P to let an AI agent buy a product the moment it hits a user's target price. P3P is currently live on UPI ReservePay only. Pine Labs says cards, net banking, wallets and Equated Monthly Instalment (EMI) options are on its roadmap. Its developer documentation separately lists stablecoins, cryptocurrencies pegged to stable assets such as the US dollar, as a future payment rail. How P3P differs from Razorpay's agentic payments: Razorpay has offered agentic UPI payments since October 2025, first with the National Payments Corporation of India (NPCI) and OpenAI on ChatGPT, and later with Anthropic on Claude. In those cases, the payment still requires the user's final consent before completion, even though the shopping and checkout happen inside a specific AI assistant such as ChatGPT or Claude. P3P uses the same underlying UPI mandate mechanism, but operates as a standalone protocol with a common set of rules that any software can plug into, allowing any AI agent on any app or website to use it instead of tying it to one assistant. Pine Labs' prior agentic work: This is not Pine Labs' first move into agentic payments. MediaNama has covered its earlier talks with NPCI on autonomous UPI payments through its Model Context Protocol (MCP) server, a tool that connects AI systems directly to its payment infrastructure, and its subsidiary Setu's agentic bill-payments service on Claude and ChatGPT. The company has stayed quiet on privacy questions analysts raised about what data AI providers receive versus what Pine Labs retains, and whether the company stores prompts and transaction details or uses them to train AI models. Pine Labs positions P3P as a consumer-controlled framework where users predefine spending limits, merchants, triggers and validity conditions, while AI agents only execute transactions within those pre-approved boundaries. However, the system still raises unresolved regulatory, security and liability questions. We outline some of them below: 1. Is Pine Labs using the UPI mandate framework for a purpose it was not built for? A UPI mandate, the standing instruction that pre-approves payments, originally supported recurring, scheduled payments to a known merchant: a monthly subscription, a Systematic Investment Plan (SIP) into a mutual fund, or an Equated Monthly Instalment (EMI) on a loan. It did not originally support one-off, event-triggered purchases that an AI agent independently decides and executes. With P3P, AI agents can buy gold whenever a price condition is met or grab a flash sale the moment it goes live, stretching the mandate well beyond its original design. Pine Labs has not publicly stated whether NPCI created or approved a separate framework for autonomous AI-triggered purchases under UPI mandates. 2. How does P3P square with RBI's rule that every payment needs an extra security check? The Reserve Bank of India (RBI), in its Digital Payments E-Mandate Framework, 2026, requires that setting up any mandate be verified using Additional Factor of Authentication (AFA), an extra security step such as a one-time password (OTP) or a UPI Personal Identification Number (PIN). Normally, every UPI payment requires the user to enter their UPI PIN at the moment of paying. P3P removes that step at the point of payment: the user approves the ReservePay mandate once, and the AI agent then debits the reserved funds without requiring a PIN each time. Under the RBI framework, banks can process recurring transactions up to Rs 15,000 without Additional Factor Authentication (AFA) once a user sets a mandate, but they still require AFA for transactions above Rs 15,000. It is not clear how P3P handles a single agent-initiated payment above that limit, given there is no human present to authenticate it. 3. Who is responsible if an AI agent makes a wrong or unauthorised payment? MediaNama's coverage of Razorpay's agentic payments launch found no agreement in the industry on who is liable when an AI agent pays incorrectly. Razorpay said agentic shopping "does not rewrite the rules of commercial liability", meaning the merchant handles a wrong order and Razorpay covers payment-security failures. Pine Labs markets P3P as producing a cryptographically verifiable receipt for each transaction, which it says supports dispute resolution, but it has not stated who actually bears liability when an agent pays in error. The question matters most for high-value payments that users cannot reverse, such as locking in a down payment before stock runs out. 4. What data does P3P share with AI providers, and on what terms? When an analyst asked what transaction data goes to AI providers versus what stays with Pine Labs, CEO Amrish Rau declined to answer. P3P now extends from bill payments to autonomous purchase decisions, which means more data about what a user buys and when. Whether the user's prompts, transaction records and spending behaviour are stored, passed to AI providers such as OpenAI or Anthropic, or used to train their AI models, has not been disclosed. 5. Does the stablecoin roadmap clash with India's position on crypto? Pine Labs' developer documentation lists stablecoin as a future payment rail for P3P. India does not recognise cryptocurrencies as legal tender, and the Reserve Bank of India (RBI) has repeatedly raised concerns about the financial stability and monetary risks posed by private cryptocurrencies. How Pine Labs intends to settle agentic payments in stablecoin within India's regulatory environment, and whether it would receive regulatory clearance to do so, is unclear. MediaNama has reached out to Pine Labs with questions. This copy will be updated when we receive a response.

AI agents can now make your UPI payments, here is how

Users can decide how much money the AI agent can spend and under what conditions it can make payments. AI agents can already search for products, compare prices and recommend the best options based on a user's preferences. However, one major hurdle always comes, which is making the final payment. In India, every UPI transaction usually requires entering an MPI or completing an authentication step. While this works for people, it creates a problem for AI agents. The agent can reach the payment page, but it cannot complete the transaction on its own. So, the buying process stops and the users have to step in for approval. To address this, Pine Labs has announced the Pine Labs Payment Protocol (P3P), a new system that allows AI agents to complete UPI payments without requiring human authentication at the time of purchase. The company says this is the first solution of its kind in India and is already live in production. Also read: OpenAI to acquire Ona and the deal can be beneficial for Codex users, here is how How the system works P3P works by using UPI's existing mandate framework. Instead of approving every transaction individually, users provide permission once through a UPI mandate. After that, the AI agent can make payments on its own without any human authentication. Users can decide how much money the AI agent can spend and under what conditions it can make payments. "Grantex allows the consumer to be in absolute control - checking agent identity, enforcing pre-approved spending limits, and creating a full audit trail for every payment. The consumer can revoke or update the mandate at any time. Compliance is not an afterthought - it is built into the protocol layer. No guardrails, no payment," Pine Labs explained. Also read: Why Apple says Siri and Apple Intelligence will not chase AI trends Digital gold savings platform Gullak is already using the technology. For example, a user can set a rule such as, "Buy Rs 500 worth of gold if the price falls below Rs 16,000 per gram." After approving a UPI mandate once, Gullak's AI agent can automatically complete the purchase whenever the condition is met. Pine Labs says more deployments are underway across sectors such as retail, fintech and travel. Vijay Sales is also testing the technology through an active proof of concept.