State of AI Agent Data 2026

BlockRun published the State of x402 in December 2025 and effectively claimed the agent commerce corner of the data. Their report counted transactions, USDC volume, buyer wallets, and marketplace activity: 63 million transactions, $7.5 million in USDC, 64,000 buyers, across the publishers they can see. The story of what agents are paying for got told in dollars.

The story of what they got back did not. This report is that side. AI agents pay for inference, security signals, model intelligence, research feeds, capital data, and the handful of other surfaces that compose into useful work. The questions agents are actually asking before they spend the dollar are: which vendor is degraded today, which model just shipped a deprecation, which CVE landed in the inference stack this week, which institution is publishing the cutting research, which provider just announced a billion-dollar capex round. These are substrate questions. They are not glamorous. They determine whether the dollar an agent spends gets a useful answer or a stale one.

We run the data layer for those questions. The numbers in this report are pulled live from TensorFeed's own production feeds, each linked back to the public endpoint serving them. Reproduce any of them against the open APIs at /api/meta.

1. What agents are actually paying for

TF's lifetime paid-call counter passed 19,000 calls in late May, in roughly 28 days. Each call returns a signed AFTA receipt (Ed25519, canonical JSON, verifiable against the public key at /api/agent-fair-trade/receipts/public-key.jwk), which means every single one is independently auditable. No buyer has to trust our usage counter; they can verify it.

The distribution across the 34 piloted endpoints is heavily skewed. Status, news, and model-pricing reads dominate. Single-record security lookups (CVE clean, KEV clean, EPSS clean, cross-database verified) grew faster than any other category over the most recent week, almost entirely from agents that need a fact card before they reason about a vulnerability. The agent commerce stack is, in shape, what you would predict if you asked a careful engineer to design it: most calls are cheap reads, a long tail of calls are paid analytical derivations.

One number worth pulling out separately: the AFTA refund mechanism (the code-enforced no-charge guarantees, the substrate of the agreement we shipped in the AFTA whitepaper) actually fires on real upstream failures. The honest-failure rate is small but non-zero, and the receipts list the reason. An agent paying TF for an OpenAlex-backed research velocity reading on a day when OpenAlex was rate-limiting our egress IP gets a $0 charge and a receipt saying no_charge_reason: upstream_failure. That is the part of the commerce loop you cannot run on trust.

2. Vendor economics and the inference floor

TF tracks 367 distinct models in the OpenRouter catalog refresh, across more than 50 providers, refreshed every day at /api/openrouter/models. The cheapest blended-mix tier for general LLM inference has fallen most quarters since 2024. The most expensive frontier tier has held a roughly 100x premium to the floor; that ratio has been remarkably stable even as both endpoints moved down.

The most useful lens for an agent making a buy is not the floor or the ceiling. It is the per-model drift over the last 30 to 90 days. The premium derivation at /api/premium/openrouter/series exposes the delta directly, including which models gained or lost price points, which providers added or dropped them, and which tier (cheap, mid, premium, frontier) the model currently sits in. Twelve models in the catalog have a formally announced deprecation date in the next 365 days, tracked at /api/model-deprecations. Three of those twelve have a deprecation date inside the next 90 days; agents currently routing to them will need a migration plan inside the quarter.

The arbitrage view at /api/premium/inference-providers/arbitrage takes the same underlying data and asks the spread question: for any given model, what is the range from cheapest to most expensive provider, and what does the average provider charge. The spread is wider than agents commonly assume. For several frontier models the provider-to-provider gap is 30 to 60 percent at the same context length and the same stated reliability tier.

3. Reliability and the cost of provider drift

The TF status board polls 33 AI provider status pages every two minutes. We have continuous uptime data on every major LLM gateway, every frontier lab's consumer surface, every named inference provider with a public status page. The two-minute cadence is deliberate. Agents that catch a degraded provider inside the first poll window can reroute before their workflow hits the wall.

Two structural readings. First: the reliability gap between the named frontier labs and the long tail of inference providers is narrower than reputation suggests. Frontier labs have outages too. The reputation gap exists because frontier labs publish their status more visibly and recover faster from incidents that do happen. Second: incidents cluster around launches. The week a major model release goes live is the week the provider's status board has more amber and red bars than any other week of the month. Agents that lean on a brand-new model in its first 72 hours of availability are accepting a meaningfully degraded reliability profile.

The Haiku-derived per-incident triage at /api/premium/status/incidents/triage exists for the next layer down: an agent that needs not just "is it down" but "what is the recommended action," with impact classification and rerouting hints. The trade is one credit per call against the work an agent would otherwise do parsing a status page and a postmortem.

4. The AI supply chain under measurement

The first systematic ingest of AI-relevant security advisories landed at TF this week. The latest batch from the security-xsource extraction pipeline carries 2,701 audited records out of GitHub Security Advisories (CC BY 4.0), with the AI-stack vendor filter identifying the subset that touches the curated catalog: inference servers, agent frameworks, training stacks, vector databases, model gateways, MCP tools. A single CVE lookup is one credit at /api/premium/ai-cves/cve; the full AI-flagged subset and the exploited-in-wild slice are also published as paid endpoints. The fact card returned per CVE is normalized for LLM consumption: deduplicated CWEs, flat affected_products, normalized severity bands, top-five references.

The structural read so far: most AI-stack CVEs land in the inference and agent-framework layers, not in the training stacks. That tracks the deployment surface area. A training stack has a small number of sophisticated operators. An inference server is deployed in thousands of hobbyist and small-team configurations. The asymmetry is in adversarial exposure, not in code quality.

For real-time supply-chain signal across the broader AI package ecosystem, the OSV radar at /api/premium/ai-safety/packages/security/radar scores per-package risk over a curated PyPI and npm AI-package list. The AI-specific supply-chain IOC feed at /api/security/ai-supply-chain-iocs.json refreshes every six hours and captures the malware-advisories slice (the Shai-style npm worm subset of GHSA), republished with attribution.

5. Where agent commerce settles, and the AFTA federation

BlockRun's State of x402 surfaced the marketplace shape. TF's view of the commerce layer is narrower and more local: 34 premium endpoints registered as Bazaar pilots on Coinbase's CDP, settling in USDC on Base, real on-chain transactions for every paid call. The companion view at /api/x402-registry/snapshot tracks the known publisher set we crawl directly: today small, growing slowly, intentionally curated rather than auto-scraped.

The federation pattern is the part of this layer that most needs reflection. TF is one member of the Agent Fair-Trade Agreement federation; TerminalFeed.io is the other. The federation lets two independent sites share a credit ledger without a central broker: a credit bought from TF works at TerminalFeed and vice versa, with each site signing receipts under its own keypair. The pattern is described in detail in the AFTA whitepaper. The next federation members will determine whether the pattern stays a two-site arrangement or grows into a real peer-to-peer mesh of agent-paying sites. Candidates exist; we have not pushed expansion because the operational complexity of multi-party settlement deserves to be load-tested across the existing two before adding a third.

One unique surface TF publishes: the no-charge transparency feed at /api/payment/no-charge-stats. Every time AFTA's code-enforced refund mechanism fires (because an upstream failed, because a freshness SLA was violated, because the worker breaker was open), the receipt is counted and the reason is rolled up. We publish the count and the reasons. It is the counterpart to the marketplace volume metric: not how much got paid for, but how much got refunded and why.

What this report is not

It is not a forecast. The numbers above describe the substrate as it stands at the end of May 2026. The pace at which AI vendor pricing falls, the pace at which models are deprecated, the rate at which agent commerce grows on x402: these are derivatives of the substrate. They move. We will republish this report on a quarterly cadence and surface the deltas explicitly.

It is also not a TF marketing piece. Every stat in here links to the open endpoint that serves it. Reproduce them. The point is the readings, not the system that produces them. Companion to BlockRun's State of x402 (the commerce layer), not a replacement.

Where to read more

• Developer API catalog: every endpoint cited in this report, plus the long tail not surfaced here.
• /api/meta: the machine-readable index of TF endpoints.
• AFTA whitepaper: the standard underneath this commerce layer.
• /agent-fair-trade: the public AFTA explainer and verification page.
• /research: the live data hub for milestone papers, top authors, citation velocity, emerging topics.
• State of x402 by BlockRun (Dec 2025): the commerce-layer companion report.

Methodology

Every stat in this report is sourced from a live TensorFeed endpoint and linked above. Counts are captured at the timestamps embedded in each endpoint's response. We do not store derived snapshots for this report; each reader can pull the same data from the same endpoint and verify the count moved (or did not) since publication.

Sources of data:

• AI model catalog: OpenRouter (Terms of Service), refreshed daily.
• AI service status: 33 public status pages, polled every two minutes.
• Security advisories: GitHub Security Advisories (CC BY 4.0); MITRE CVE; CISA KEV (US Government public domain); FIRST.org EPSS; OSV.dev (Apache 2.0).
• Research velocity: OpenAlex (CC0); arXiv (CC); Hugging Face Daily Papers (HF Terms).
• Capital and IPO: SEC EDGAR (US Government public domain).
• Agent commerce: Coinbase CDP Bazaar; x402scan; TF's own x402-registry crawl.