Content Fans

OpenAI acquires Ona, integrates Visa for AI agent payments

Serge Bulaev

Serge Bulaev

OpenAI plans to buy Ona, a company that helps AI agents keep working on tasks over time by using the same secure cloud workspace. OpenAI also announced a deal with Visa so AI agents might be able to make payments for users, using special security features like tokenization and fraud checks. These new tools could help AI agents work longer and spend money safely. However, experts suggest there may still be risks, such as mistakes in spending or unclear rules about who is responsible if an agent makes an error. Research suggests stronger rules and better ways to check user intent may be needed, and some regulations are still being discussed.

OpenAI acquires Ona, integrates Visa for AI agent payments

In a major push toward production-ready autonomous systems, OpenAI acquires Ona for persistent cloud execution and integrates with Visa for secure AI agent payments. These strategic initiatives provide critical infrastructure, enabling AI agents to manage long-duration tasks and execute financial transactions with enhanced security and persistence.

OpenAI Acquires Ona for Agent Persistence

OpenAI's acquisition of Ona is a strategic move to solve for agent persistence. Ona's platform provides a secure, persistent cloud environment, allowing AI agents to perform complex, long-running tasks by revisiting the same workspace, data, and tools across multiple sessions, a crucial step for enterprise deployment.

Key Statistics

In an official announcement on June 11, OpenAI confirmed its intent to acquire Ona, a startup specializing in secure, persistent cloud environments for AI agents. Ona's technology is designed to orchestrate long-running tasks by allowing an agent to maintain its state - including its workspace, data, and tools - across sessions. OpenAI intends to integrate this capability into its Codex platform, enabling enterprise clients to deploy agents for extended coding and knowledge-work assignments. Financial terms of the deal were not disclosed. The acquisition is pending regulatory approval, and both companies will operate independently until the deal closes.

OpenAI executives outlined three primary operational objectives for the acquisition:

  • Expand Codex beyond short, single-shot tasks toward longer assignments that mirror human projects.
  • Provide a pre-configured security layer so companies can deploy agents without exposing internal systems.
  • Merge Ona's staff into the existing Codex team once the deal closes.

Industry analysts suggest this move signals a broader trend in AI development: focusing on sophisticated orchestration layers to enhance the capabilities of existing large models, rather than solely pursuing increases in model size.

Complementing the Ona acquisition, OpenAI also revealed a strategic collaboration with Visa on June 10. This partnership will enable AI agents to initiate purchases on a user's behalf through the Visa network. According to Visa, every agent-initiated payment will be secured by foundational technologies including tokenization, real-time authorization, and continuous fraud monitoring. This allows a user to delegate tasks like paying a bill or ordering supplies, with the agent handling the checkout process upon user approval.

The partnership grants developers on OpenAI's platforms access to Visa APIs for:

  • Payment tokenization that replaces sensitive card data with single-use network tokens
  • Agent identification so merchants can tell which delegated software is transacting
  • Fraud and risk controls tuned for automated shopping patterns

Visa is framing this collaboration as part of its broader Intelligent Commerce initiative, which aims to establish a secure, scalable, and seamless framework for agent-initiated payments.

New Capabilities Introduce New Risks

Despite the technological advancements, a body of research from organizations including NACUS, Mastercard, and MIT highlights significant security and ethical concerns associated with autonomous agent spending:

  1. Intent Drift: An agent may operate within its permissions but misinterpret user goals, leading to unintended purchases.
  2. Prompt Injection: Malicious actors can embed hidden instructions in web content to hijack an agent's logic and actions.
  3. Authentication Gaps: Traditional checkout systems designed for human interaction may be incompatible with delegated software agents.
  4. Liability Uncertainty: Current legal and regulatory frameworks are unclear on who is responsible - the user, the developer, or the platform - when an agent makes a costly error.
  5. False Fraud Flags: The rapid, automated purchasing patterns of AI agents can mimic bot attacks, potentially triggering erroneous transaction declines.

Security experts emphasize the need for robust user intent verification and clear liability frameworks to govern agent actions. While Visa's safeguards are designed to mitigate several of these risks, the development of comprehensive regulatory standards for autonomous commerce is still in its early stages.

What does OpenAI gain by acquiring Ona?

OpenAI is acquiring Ona to fold the startup's secure, persistent cloud environments into the Codex platform.
- Longer-running agents: Ona's orchestration layer lets AI agents keep state, tools, and context across hours or days instead of single prompts.
- Enterprise-grade security: Pre-configured security and continuous monitoring address the big enterprise worry that agents will leak data or go rogue.
- Production readiness: By merging Ona with Codex, OpenAI wants to move from short demo-style tasks to full workflows inside real companies.

How will Visa's payment rails work inside OpenAI experiences?

The Visa partnership adds agentic commerce to OpenAI products.
- Tokenized credentials: Instead of exposing card numbers, agents receive network tokens that are bound to a specific agent and spend limit.
- Real-time authorization: Visa's fraud systems screen every agent-initiated payment before the charge hits the account.
- User controls: People can set spending caps, merchant allow-lists, and approval steps so the agent cannot go on an unsupervised shopping spree.

What is "agentic commerce" in practical terms?

Agentic commerce means an AI agent can move from "recommend" to "purchase and pay" once the user permits it.
- Concrete use cases: Tasks like paying bills, ordering supplies when inventory runs low, or booking flights within specified parameters.
- Economic scale: Industry reports suggest significant consumer spending could shift to AI agents in the coming years, making security a critical competitive advantage for early platforms.

What are the biggest security risks when an AI agent can spend money?

  • Prompt injection: Malicious text hidden on a product page can trick the agent into buying the wrong item or leaking credentials.
  • Intent drift: The agent stays within its permission set yet chooses a vendor or price that the user did not expect.
  • False fraud flags: Automated shopping patterns can trigger card declines, according to industry reports.
    Strong mitigations include step-up approvals, merchant white-lists, and continuous user-review dashboards.

When will these changes roll out to developers and merchants?

  • Acquisition timeline: The Ona deal is subject to regulatory approvals and both firms will operate independently until the deal closes.
  • Visa integration: A private beta for selected customers is planned, with a broader API release targeted for the following year.
    Developers can sign up for the wait-list at Visa's Intelligent Commerce portal.