Cloudflare and Stripe have launched a protocol that lets AI agents autonomously create cloud accounts, start paid subscriptions, register domains, and deploy applications to production without a human having to visit a dashboard, copy API tokens, or enter credit card details.
The capability is currently available through Stripe Projects, which is in open beta. Sid Chatterjee and Brendan Irvine-Broque from Cloudflare write:
Coding agents are great at building software. But to deploy to production they need three things from the cloud they want to host their app: an account, a way to pay, and an API token. Until now these have been tasks that humans handle directly.
The protocol operates through three components. Discovery lets the agent query a catalog of available services via a REST API that returns JSON. The agent chooses which services to provision based on the user's request, without requiring the user to have prior knowledge of what's available. Authorization relies on Stripe as the identity provider: if the user's Stripe email matches an existing Cloudflare account, a standard OAuth flow kicks in. If no account exists, Cloudflare automatically provisions one. Payment uses Stripe's tokenization, so raw credit card details are never shared with the agent. Stripe sets a default spending cap of $100 per month per provider.
(Agent provisioning flow: Stripe identity attestation triggers either OAuth for existing accounts or automatic account creation. Source: Cloudflare blog post)
The end-to-end flow is striking. A developer installs the Stripe CLI with the Projects plugin, logs into Stripe, and runs stripe projects init. The agent then builds the application, provisions a Cloudflare account if needed, obtains an API token, purchases a domain, and deploys to production. The human accepts Cloudflare's terms of service and approves payment if no method is on file. Everything else is handled by the agent.
The trust boundaries are deliberate. As a detailed walkthrough on Medium noted:
The human gates are at the points of legal and financial consequences. Everything that's purely technical, account wiring, credential management, deployment pipeline, the agent handles.
In practice, four actions still require human input: initial Stripe authentication, terms-of-service acceptance, billing setup, and merge decisions. Everything else, from account creation and API token generation through DNS configuration and SSL certificates, the agent manages autonomously.
The protocol is designed to be open. Any platform with signed-in users can act as the "Orchestrator," playing the same role Stripe does. A coding agent platform, for example, can make a single API call to Cloudflare to provision an account for its user and receive a token to deploy on their behalf. Cloudflare explicitly compares this to how the OAuth standard made delegated access possible, arguing that this protocol extends the same pattern into payments and account creation with agents as a first-class concern.
Patrick Hughes, a developer writing on DEV Community, laid out three concrete failure modes:
Buying the wrong domain. An agent reading a fuzzy spec picks acme-corp.io when you meant acme.io. Exhausting Stripe credit. The agent enters a retry loop on a flaky API call. Each retry triggers a Stripe charge for a metered service. By morning you are out $400 on what should have been a $5 task.
That first failure mode has already materialized. As one commenter on Hacker News observed:
Cannot unsee it that in their own video demonstration they prompt the agent to deploy to domain name of 'superseal.club' and agent grabs superseal.cc instead.
The wrong-domain risk is not hypothetical.
Hughes argued that with agents now able to spend money on durable assets like domains and subscriptions, "these do not unwind," making the case for runtime budget enforcement concrete rather than theoretical. The recommended guardrails: a hard budget cap per run, audit logs, idempotency keys on every spend action, and a kill switch that is faster than the agent.
Others on Hacker News questioned whether cross-vendor automated provisioning has ever worked well for users. One commenter cited specific historical failures:
I've personally never seen a good example where a cross vendor account provisioning actually working. Fly.io used to provision Sentry accounts automatically which you could not access in any other way but through Fly.io. The Sentry account was effectively locked to a project that you cannot transfer. Vercel did something similar with PostgreSQL via Neon and Redis via Upstash resulting in painful migration processes.
The potential for abuse was also raised. One commenter sarcastically noted:
Having to manually register new domains was something that was really holding back my ability to commit fraud. Now that large language models and agents can do this for me, that will really speed up my ability to defraud the innocent and elderly.
No other major cloud provider currently offers comparable agent-driven account provisioning. AWS, Azure, and Google Cloud all require human-driven account creation and manual credential management. The Cloudflare-Stripe protocol, if adopted more broadly, could define a new category of agent commerce infrastructure. Stripe Projects already lists integrations with AgentMail, Supabase, Hugging Face, Twilio, and several dozen other providers beyond Cloudflare.
Stripe Projects is in open beta. Cloudflare is offering $100,000 in credits to startups incorporating through Stripe Atlas.