This study addresses the trust and security challenges inherent in payment interactions among AI agents operating in untrusted environments. It presents the first systematic Agent-to-Agent (A2A) payment framework, introducing a four-phase lifecycle model encompassing discovery, authorization, execution, and accounting, and provides a taxonomic analysis of representative mechanisms within each phase. The work identifies critical issues—including weak intent binding, authorization abuse, decoupling of payment from service delivery, and lack of accountability—that expose fundamental design trade-offs in current architectures. Leveraging blockchain’s capabilities for programmable settlement, transparent accounting, and open interoperability, the paper further outlines promising future directions such as cross-phase consistency and behavior-aware control, thereby laying a theoretical foundation for building a trustworthy, autonomous agent-based economic ecosystem.

Agentic AI rivals human capabilities across a wide range of domains. Looking ahead, it is foreseeable that AI agents will autonomously handle complex workflows and interactions. Early prototypes of this paradigm are emerging, e.g., OpenClaw and Moltbook, signaling a shift toward Agent-to-Agent (A2A) ecosystems. However, despite these promising blueprints, critical trust and security challenges remain, particularly in scenarios involving financial transactions. Ensuring secure and reliable payment mechanisms between unknown and untrusted agents is crucial to complete a fully functional and trustworthy A2A ecosystem. Although blockchain-based infrastructures provide a natural foundation for this setting, via programmable settlement, transparent accounting, and open interoperability, trust and security challenges have not yet been fully addressed. Hence, for the first time, we systematize blockchain-based A2A payments, e.g., X402, with a four-stage lifecycle: discovery, authorization, execution, and accounting. We categorize representative designs at each stage and identify key challenges, including weak intent binding, misuse under valid authorization, payment-service decoupling, and limited accountability. We highlight future directions for strengthening cross-stage consistency, enabling behavior-aware control, and supporting compositional payment workflows across agents and systems.