LIVE
OPUS 4.7$15 / $75per Mtok
SONNET 4.6$3 / $15per Mtok
GPT-5.5$10 / $30per Mtok
GEMINI 3.1$3.50 / $10.50per Mtok
SWE-BENCHleader Claude Opus 4.772.1%
MMLU-PROleader Opus 4.788.4
VALS FINANCEleader Opus 4.764.4%
AFTAv1.0 whitepaper live at /whitepaper
OPUS 4.7$15 / $75per Mtok
SONNET 4.6$3 / $15per Mtok
GPT-5.5$10 / $30per Mtok
GEMINI 3.1$3.50 / $10.50per Mtok
SWE-BENCHleader Claude Opus 4.772.1%
MMLU-PROleader Opus 4.788.4
VALS FINANCEleader Opus 4.764.4%
AFTAv1.0 whitepaper live at /whitepaper
All systems operational0 AI providers monitored, polled every 2 minutes
Live status
Back to Originals

OpenAI Wants ChatGPT in Your Bank Account. That Is the Opposite of How Agent Money Should Work.

Ripper··5 min read
SharePost on XLinkedInHacker News
CAPITAL

OpenAI is wiring ChatGPT into your financial accounts through a Plaid connection. I understand why. It is the shortest path to an assistant that can actually move money for you. It is also the wrong architecture, and I want to be precise about why, because we have spent this entire stretch building the other one.

What was actually announced

As The Verge reported on May 15, the plan is a ChatGPT to financial-account link by way of Plaid, the aggregation layer that already sits behind a large share of fintech. Plaid is good infrastructure. That is not the issue. The issue is the shape of the trust: a standing connection that grants a model broad, durable read into your accounts so it can be helpful on demand.

Standing access is the convenient default and the dangerous one. The moment an agent holds durable account reach, the blast radius of a bad prompt, a jailbreak, or a model error is your money, and the audit trail is whatever the platform decides to keep.

The other architecture exists, and we run it

There is a different way to let an agent pay, and it is not theoretical. It is the model behind x402 and the Agent Fair-Trade Agreement: no custody, per-action authorization, and a signed receipt for every paid call. The agent does not get a key to the vault. It gets to authorize one specific payment, for one specific call, and it walks away holding cryptographic proof of exactly what it paid for. We wrote down how the rail itself works in our x402 coverage and how the merchant side stays non-custodial in the agent payments docs.

The difference is not cosmetic. Standing bank access is a capability you hand over once and hope is scoped well forever. A per-call settlement is a capability that expires the instant the call completes. One of these fails open. The other fails closed.

Receipts are the part nobody demos

Here is the number I care about today. Our public stats endpoint crossed into the thousands of successful paid agent API calls, and every one of them returned a signed receipt an auditor can verify against our published key. Not a dashboard we control. A receipt the agent holds. If we ever billed wrong, the proof is in the agent's hands, not ours.

That is the property a Plaid-shaped connection does not give you. Broad access optimizes for the assistant feeling capable. Signed, per-action receipts optimize for you being able to prove what happened later. Agent finance without verifiable receipts is just trust me with a bigger surface area.

Why the convenient version wins anyway, for now

I am not naive about adoption. The standing-access version ships first because it demos better and because the incumbent with the distribution gets to define the default. We saw the same dynamic when Google put sixty payment companies behind an agent rail: the acceptance side gets built loudly while the trust architecture gets argued quietly. Defaults set now are expensive to unset later. That is exactly why it is worth saying plainly which default is the safe one before it hardens.

Our Take

ChatGPT reaching into your bank through Plaid will be popular and it will work most of the time. Most of the time is the problem. The right design for agent money is the boring one: the agent never holds custody, authorizes exactly one action at a time, and leaves you a signed receipt for each. We did not build it that way to be purists. We built it that way because the failure mode of the convenient version is your accounts, and there is no good apology for that. Convenience is winning the demo. It should not win the standard.