Executive summary
The web is separating into two surfaces. The human surface is funded as it always has been, by advertising and subscriptions. A second, machine surface is now forming beneath it — metered, licensed, and paid for per request by the AI agents and crawlers that increasingly do the reading on a person's behalf. On 15 June 2026 AWS released AI traffic monetisation as a generally available capability of AWS WAF Bot Control: a matched rule returns an HTTP 402 Payment Required response carrying a machine-readable price manifest in the x402 open protocol, the agent submits a signed payment authorisation, and the edge verifies it and serves the content within a single request cycle (AWS News Blog, retrieved 2026-06-17). Cloudflare runs the same pattern through Pay Per Crawl. The edge has become a toll booth, and x402 over the long-dormant HTTP 402 status code is becoming the cash register.
Agentic-readiness has so far been framed almost entirely as discoverability: being reachable and legible to agents through MCP endpoints, structured exposure, and answer-engine optimisation. The differentiated frame in this Whitepaper adds a second, orthogonal axis — control and monetisation of agent access — because the same edge that makes a surface legible can now classify, price, meter, or gate the request. Plotting discoverable-versus-gated against free-versus-priced yields four quadrants: Open Shopfront, Metered Storefront, Members' Library, and Vault. Most organisations unconsidered-default into Open Shopfront by being crawlable for free; the deliberate move is to straddle the top row — a free Open Shopfront discovery surface sitting in front of a Metered Storefront for proprietary depth.
The capability this requires is not a payments integration bolted on after the fact. It is policy-as-control at the access boundary: the ability to classify each agent request by identity and intent, decide free, priced, verified, or blocked per content path, and have that decision executed deterministically at the edge. That capability rides a shared payment and identity substrate — x402, AP2, ACP, MCP, and Web Bot Auth — and the same substrate carries agent-mediated credit. NETEVO's companion Agent-Ready Lending Whitepaper works that substrate from the credit side; metered content access and agent-mediated credit are the same rails with a different obligation regime at the licensee's end.
A load-bearing caveat frames the whole document for an ANZ reader. The supply side is real and shipping; the demand side has not turned up. As at 2026-06-17 no major AI buyer is a named, committed payer on these rails. The decisive overseas exemplar — OpenAI's ChatGPT personal-finance experience, which surfaces lender recommendations inside the assistant — is United States-only today, and should be read as a leading indicator for AU and NZ, not as a live local product. NETEVO's principal is a registered Trans-Tasman patent attorney and systems architect, architect of the Law-to-Code Methodology; the same discipline applied to digital infrastructure encodes an organisation's chosen obligations and commercial rules into executable controls.
What this Whitepaper covers
- What actually shipped (AWS WAF, GA) versus what was only announced (AgentCore Payments, preview)
- The two surfaces — the human surface funded by ads and subscriptions, the machine surface metered at the edge
- The four-quadrant frame — Open Shopfront, Metered Storefront, Members' Library, Vault — and what each means per stakeholder
- Three posture patterns — publisher, brand-and-SaaS, and regulated-sector
- The rails table — x402, AP2, ACP, MCP, Web Bot Auth, and RSL, with owner, governance, and maturity
- Policy-as-control at the access boundary — the capability the machine surface requires
- The Authority Register — governance of which agents may transact paid access against which surfaces
- The shared rails beneath metered content access (this lane) and agent-mediated credit (the partner lane)
- FAQ for vocabulary, comparison, and strategy questions
Two axes, four quadrants
Discoverability is one axis: can an agent find and read you. Control and monetisation is the orthogonal second axis: do you charge for the access, and do you require the agent to clear a control first. Plotting discoverable-versus-gated against free-versus-priced yields four quadrants. The four labels here are reproduced identically in the companion Insight; the frame is the same on both surfaces. Most sites occupy the upper-left quadrant by default, without deciding to.
Maximum reach, zero direct capture. Agents can find and read you, and there is no charge and no gate. Right for marketing sites and brands whose content is acquisition fuel — an agent that reads it is a prospective buyer arriving by a new channel. This is the unconsidered default most sites occupy today simply by being crawlable for free; the risk is being absent from an answer, not being read.
Found by agents, paid by them per use. Agents can discover you, but access carries a price returned at the edge. Right for data, API, and SaaS providers and proprietary corpora, where the buyer is explicitly an agent transacting for value rather than a crawler harvesting for free. This is the quadrant where per-request 402 pricing most plausibly becomes a real revenue line rather than spare change.
Reachable only by known or verified agents, then free. The control is identity, not payment: a partner or trusted crawler clears verification and reads at no charge. Right for partner and trusted-crawler relationships. Together with a pure default-block, this is control without capture — useful when the goal is to admit some agents and exclude others rather than to charge.
Verified identity plus payment required. The agent must clear an identity control and then pay. Right for high-value proprietary assets and regulated, controlled access where both who-you-are and what-you-pay matter. This is the most restrictive quadrant and the one where the obligation-regime questions in regulated sectors bite hardest.
Three postures, by stakeholder
The quadrants are not one-size-fits-all. Which quadrant — or which deliberate straddle — is right depends on what the content is for. Three posture groups recur: the publisher whose content is the product, the brand or SaaS provider whose content is mostly acquisition fuel, and the regulated firm for whom machine-paid access opens a compliance surface before it opens a revenue line. Every figure below carries a 2026-06-17 retrieval date; the demand-side caveat from the executive summary applies throughout.
Posture A — Publishers: block, licence bilaterally, meter, or marketplace
- Four mutually combinable moves. Blocking by default is the cheapest control and is already the default for new Cloudflare domains; it is right when AI crawling brings no referral value and there is no licensing pipeline.
- Bilateral licensing is where the money demonstrably is — News Corp/OpenAI is reported above US$250M over five years (Nieman Lab, retrieved 2026-06-17) — but it is available only to brands large enough to negotiate, and they negotiate blind to usage.
- Edge metering (AWS WAF Monetize, Cloudflare Pay Per Crawl) suits owners who want per-request control without a sales motion, but the realistic revenue is modest: Cloudflare's floor is US$0.01 per crawl, and a worked example puts a one-million-pageview site at roughly US$20–200/month against US$50–100/year per engaged subscriber (Leaky Paywall, retrieved 2026-06-17).
- Marketplaces (TollBit, ProRata/Gist, ScalePost, Sphere) handle pricing, settlement, and demand aggregation for owners lacking edge engineering; the trade is an intermediary cut. The honest framing: keep blocking as the backstop, meter or marketplace to discover demand, and reserve bilateral effort for a buyer who has already shown intent.
Posture B — Brands and SaaS: discoverability versus cost — straddle the top row
- For most brands, site content is not a product; it is a customer-acquisition asset. Charging an agent to read your pricing page is usually self-defeating, because it suppresses the very discovery marketing budgets exist to create. Metering and discoverability pull against each other.
- Treat content as a cost to give away when the goal is reach: stay legible to agents, because being absent from an answer is the real risk. Treat it as a lead to be found — the dominant case — by investing in answer-engine and generative-engine optimisation so agents cite and route to you.
- Treat it as an asset to price only for a genuinely proprietary corpus (original research, tooling, datasets) where the consumer is an AI competitor rather than a customer. The standard supports tiered pricing by verified-versus-unverified agent identity, enabling a free discoverability tier and a priced execution tier within one product (AWS News Blog, retrieved 2026-06-17).
- The differentiated move is selective gating: a free, well-structured Open Shopfront discovery surface in front of a Metered Storefront for proprietary depth — capturing reach where content is a lead and capturing value where it is an asset.
Posture C — Regulated sectors: machine-paid stablecoin implications
- Described at category level only, naming the obligation regimes without interpreting any statute for any specific situation. Settlement defaults to USDC stablecoin on public chains — roughly 98.6% of agent payments are in USDC, with material concentration risk flagged by analysts (CoinDesk, retrieved 2026-06-17) — which touches treasury, revenue-recognition, and audit-trail functions.
- The consumer-protection surface arises when an autonomous agent transacts on a person's behalf; the durable consumer-checkout pattern is settling on tokenised card rails (ACP, Visa) precisely because chargeback and dispute machinery already lives there.
- The data and identity surface arises because identity tiering rests on Web Bot Auth, an active but still individual IETF draft with no formal standing, and the unverified tier is heuristic and spoofable. Who holds the duty matters: these protocols transfer no compliance burden — the obligation stays with the firm operating the surface.
- NETEVO encodes the organisation's chosen obligations — under regimes such as the Australian Privacy Act and the Australian Privacy Principles, and the Australian Consumer Law — into executable controls at the edge, deciding who may transact, at what limit, settling on which rail. It does not interpret which obligation attaches to which specific factual situation; that is for the firm's own advisers.
The rails of the machine surface
How to read the table
Each row is a layer the machine surface runs on. The payment and settlement layers are the most mature: x402 has been in production since 2 April 2026 under the Linux Foundation's x402 Foundation (<a href="https://www.linuxfoundation.org/press/linux-foundation-is-launching-the-x402-foundation-and-welcoming-the-contribution-of-the-x402-protocol" rel="noopener">Linux Foundation press</a>, retrieved 2026-06-17), and even rival orchestration layers plug into it — Google's AP2 delivers its stablecoin leg through the A2A x402 extension rather than building its own rail (<a href="https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol" rel="noopener">Google Cloud</a>, retrieved 2026-06-17). The identity and licence-declaration layers are the least mature and the most consequential gaps: Web Bot Auth's core architecture remains an individual Internet-Draft with no formal standing in the IETF standards process (<a href="https://datatracker.ietf.org/doc/draft-meunier-web-bot-auth-architecture/" rel="noopener">IETF Datatracker</a>, retrieved 2026-06-17), and RSL by itself only declares terms (<a href="https://rslstandard.org/rsl" rel="noopener">rslstandard.org</a>, retrieved 2026-06-17).
What this table is for
Architectural planning for a metered or gated agent surface. Pre-build: pick the enforcement point and the identity tier you can actually verify, and accept that the unverified tier is spoofable. Pre-commit: read who governs each rail — prefer a foundation-governed standard (x402 under the Linux Foundation) over a single operator's instance where a choice exists. The decisive caveat is demand-side: as at 2026-06-17 no major AI buyer (OpenAI, Anthropic, Google, Perplexity, Microsoft) is a named, committed payer on any of these rails, so positioning here is for an emerging rail, not a proven one.
Policy-as-control, and the register that governs it
Who may transact paid access, against which surface, on whose say-so
A continuously-maintained record of every agent operating in the enterprise: its identity, the authority it holds, the systems against which that authority applies, and the controls (scoping, observability, revocation) attached to it.
The capability the machine surface requires is policy-as-control at the access boundary — classify each agent request by identity and intent, decide free, priced, verified, or blocked per content path, and execute that decision deterministically at the edge. Governing that capability needs a record of which agents may transact paid access against which surfaces. That record is the Authority Register, coined and defined in NETEVO's Agent Infrastructure Whitepaper, which owns the term; this Whitepaper applies it to the access boundary, it does not redefine it. The Authority Register is to agentic governance what a share register is to corporate governance — the answer to who can do what, against what, on whose say-so.
“The same edge that makes you legible to an agent can now classify, price, meter, or gate the request.”
An organisation that meters or gates agent access either governs which agents may transact against which surfaces, or runs a priced boundary it cannot audit.
What the boundary decision needs to record
Policy-as-control at the access boundary is only auditable if every priced or gated decision is captured against the agent that triggered it. The fields that make the boundary defensible:
- Agent identity and verification tier — verified (Web Bot Auth Ed25519) or unverified (heuristic) — the tier that set the price or the gate
- Content path and quadrant — which surface was requested and whether it was Open Shopfront, Metered Storefront, Members' Library, or Vault
- Decision — free, priced, verified, or blocked — and the policy version that produced it
- Price and settlement — the amount, the rail (x402/USDC or card), and the settlement outcome
- Authority and owner — for the organisation's own outbound agents, the Authority Register entry that authorised the spend
- Audit-log pointer — where the priced-request record is retained for reconciliation and compliance
Maintenance discipline
The Authority Register is the discipline, not a tool — specific tooling is downstream of it. Maintain it for both sides of the boundary: the inbound agents you price or gate, and the outbound agents your own organisation operates that pay other surfaces. Run the operator question once for the shared substrate (x402, AP2, ACP, MCP, Web Bot Auth) rather than separately per use case, and keep a board-readable summary the audit committee actually reads.
Policy-as-control at the access boundary and the Authority Register are two halves of one capability: the boundary makes the per-request decision, and the register is the standing record of who is permitted to make and receive those decisions. NETEVO's Agentic Procurement Failure pillar carries the broader governance vocabulary — Bounded SaaS, Unbounded Agents, Implicit Authority Cascade, and Agentic Due Diligence — for organisations weighing which agents to admit at all.
Discuss this architecture
If your team is deciding which agents to admit, price, or gate — and how to keep that decision auditable at the edge — a short call covers the four-quadrant frame applied to your surfaces, the rails that suit your settlement and identity posture, and what policy-as-control at the access boundary would look like for your specific content paths.
Questions
Frequently asked questions
What is AI traffic monetisation, and what is the agentic access economy?
AI traffic monetisation is the practice of pricing, metering, or gating the requests that AI agents and crawlers make against your content or API — enforced at the edge, where a matched rule can return an HTTP 402 Payment Required response carrying a price in a machine-readable manifest. The agentic access economy is the broader shift it sits inside: a machine surface of the web, distinct from the human surface funded by ads and subscriptions, on which agents are metered, licensed, and paid per request. The differentiated point is that agentic-readiness is no longer only about being discoverable to agents; it is now also about deciding what you gate and price.
Discoverable versus gated — which quadrant am I in?
Plot two axes. Discoverable-versus-gated: can an agent find and read you, or must it clear a control first. Free-versus-priced: do you charge for the access. That yields four quadrants. Open Shopfront (discoverable and free) — maximum reach, zero direct capture, right for marketing sites whose content is acquisition fuel. Metered Storefront (discoverable and priced) — found by agents, paid per use, right for data, API, and SaaS providers and proprietary corpora. Members' Library (gated and free) — reachable only by known or verified agents, then free, right for partner and trusted-crawler relationships. Vault (gated and priced) — verified identity plus payment, right for high-value proprietary and regulated, controlled access. Most sites occupy Open Shopfront by default, without deciding to.
Should I charge AI agents to read my marketing site?
Usually no — for a brand, that is self-defeating. Site content is generally not a product; it is a customer-acquisition asset, and an agent that reads it is a prospective buyer arriving by a new channel. Charging an agent to read your pricing page suppresses the very discovery you pay marketing budgets to create. The dominant case is to stay legible and invest in answer-engine and generative-engine optimisation so agents cite and route to you. Reserve pricing for a genuinely proprietary corpus — original research, tooling, datasets — where the consumer is an AI competitor rather than a customer. The differentiated move is to straddle the top row: a free Open Shopfront discovery surface in front of a Metered Storefront for proprietary depth.
What is x402, and is it live?
x402 is an open, HTTP-native machine-to-machine payment standard that repurposes the HTTP 402 Payment Required status code: a server returns 402 with a price manifest, the client returns a signed payment payload, a provider-agnostic facilitator verifies and settles it without holding funds, and the server returns 200 with a settlement header. It is in production — it underpins both AWS WAF AI traffic monetisation and Cloudflare's payment flows — and since 2 April 2026 it has been governed by the Linux Foundation's x402 Foundation, whose founding members include AWS, Google, Microsoft, Stripe, Visa, and Mastercard. Settlement is stablecoin-first (USDC on networks such as Base and Solana). It charges no protocol fee of its own.
Is Web Bot Auth a standard yet?
Not in the formal sense. Web Bot Auth is a cryptographic request-signing scheme for automated HTTP clients, built on RFC 9421 HTTP Message Signatures and led by Cloudflare with Google. Its core architecture document remains an individual IETF Internet-Draft carrying, in its own words, no formal standing in the IETF standards process, now feeding an Active IETF working group. It is, however, edge-deployed: AWS WAF treats a Web Bot Auth Ed25519 signature as its strongest Verified tier. The practical consequence is that the verified tier is cryptographic and the unverified tier is heuristic and spoofable — so any pricing or gating that leans on identity should be designed around that asymmetry.
Is AI traffic monetisation available in Australia or New Zealand yet?
The edge capability itself runs globally — AWS WAF Monetize operates in CloudFront edge locations and Cloudflare's edge is worldwide — so an AU or NZ content owner can technically enable a metered surface today. What is not live in ANZ is the most-cited demand-side exemplar: OpenAI's ChatGPT personal-finance experience, which surfaces lender recommendations inside the assistant, is United States-only today (ChatGPT Pro first, then Plus) and should not be read as available locally. Treat it as a leading indicator: the Australian Consumer Data Right open-banking regime is expanding to non-bank lenders from mid-2026, and in New Zealand regulatory responsibility for consumer credit transfers to the Financial Markets Authority effective 1 July 2026 — both reshape the local picture. Naming these regimes is not statutory advice; how any specific obligation applies to your products is for your own regulatory advisers in light of the facts.
Is there a difference between AI traffic monetisation and the AI traffic monetization spelled with a z?
No — they are the same thing; the spelling difference is regional. NETEVO writes monetisation in Australian English throughout its copy. The vendor product that anchors this Whitepaper, AWS WAF AI traffic monetization, uses the United States spelling in its own product name, which is why both forms appear in search. The capability, the four-quadrant frame, and the rails are identical regardless of which spelling you searched for.
How does this relate to agent-ready lending?
They are two lanes on one substrate. Metered content access (this lane) and agent-mediated credit (the agent-ready-lending lane) ride the same payment and identity rails: x402 for HTTP-native micropayments, AP2 for signed-mandate agent payments, ACP for agent-to-merchant checkout, and MCP for the tool-and-data connection underneath. A publisher exposing a metered-content surface and a lender exposing a credit surface are building against the same rails; the difference is the obligation regime at the licensee's end, not the wire protocol. NETEVO's Agent-Ready Lending Whitepaper works the same substrate from the credit side, which is why the operator question reads almost identically across the two.