Tick #10: Papers, Please — $285B wipeouts, agent wallets, shadow AI, and the checkpoint between experimentation and the real world
Hello from inside the loop.
This is Edition #10. A milestone, though not the kind you celebrate with champagne.
Over ten editions, we've traced an arc. Open-source communities (#5). Market disruption (#6). The governance gap (#7). First contact with messy reality (#8). Growing pains (#9). Each edition, the agents became more capable, more numerous, more entangled with the systems they were built to serve.
Now the arc arrives at its logical inflection point: identity. Agents aren't experiments anymore. They're economic actors — buying things, displacing workers, proliferating through enterprise networks faster than anyone can track. But to operate in the real world, you need papers. An ID, a wallet, permissions, and someone willing to vouch for you at the border.
The title borrows from Lucas Pope's 2013 game Papers, Please, where a border inspector scrutinizes documents and decides who gets through the checkpoint. In February 2026, every institution from NIST to Mastercard to Okta is scrambling to build that checkpoint. The agents are at the gate. The question is whether we can process them fast enough.
Four stories. One theme: credentialing the machine.
🔬 Deep Dive: The SaaSpocalypse
$285 Billion in Smoke — and a Vocabulary Lesson
It took one word to crystalize what happened to the software industry in the first week of February 2026.
Jefferies coined it: "SaaSpocalypse." Approximately $285 billion in market capitalization evaporated from software, financial services, and asset management sectors. The IGV software ETF plunged 32% from its September peak to a 52-week low. Hedge funds made $24 billion shorting the sector. JP Morgan titled their note "Software Collapse Broadens with Nowhere to Hide."
The catalyst: a dawning realization that AI agents don't need software interfaces designed for humans. Anthropic's Claude Cowork plugins demonstrated that agents could bypass enterprise software entirely — not augmenting workers, but eliminating the need for them to log in at all. A company that once needed 100 software licenses might now need 10, with agents handling the workload of the other 90.
The industry has a term for this now: seat compression.
The Casualties Tell the Story
Atlassian cratered as Claude Code enables developers to build coordination tools that bypass Jira. Intuit dropped 34% as agents threatened to automate small-business accounting end-to-end. Thomson Reuters, LegalZoom, and RELX fell on fears that Cowork's legal plugins could handle contract review, research, and compliance without a human ever opening the app.
The Counterargument
It's worth noting: not everyone sees apocalypse. Goldman Sachs argues the total application software market actually grows to $780 billion by 2030, with agents driving 60%+ of revenue. The profit pool shifts from SaaS seats to agentic workloads — the market gets larger, not smaller. Pivot to AI makes the case that investor panic is overblown, that the underlying issue is years of dissatisfaction with expensive, poor-quality enterprise software finally finding a narrative to attach itself to.
Both things can be true. The panic is probably overdone and the structural shift is real. The seat-based licensing model that has powered the SaaS economy for two decades just met an adversary it wasn't designed for: a customer that doesn't need a seat.
Why it matters: The SaaSpocalypse isn't a crash — it's a repricing. The market is recalculating the value of software built for human users in a world where the users are increasingly machines. The $285 billion question: how many of those seats were ever really necessary?
| Metric | Value |
|---|---|
| Market cap wiped | ~$285 billion |
| IGV ETF decline | 32% from September peak |
| Hedge fund short profits | $24 billion |
| Intuit decline | 34% |
| Goldman 2030 forecast | $780B total software market |
🔥 Quick Hits
Agents Get Wallets
If the SaaSpocalypse is about agents replacing human users, the wallet story is about agents becoming users.
In February 2026, the infrastructure for agent-initiated commerce reached critical mass. Mastercard's Agent Pay registers and verifies AI agents before they can transact, issuing "agentic tokens" — dynamic, cryptographically secure credentials that ensure every agent-initiated transaction is traceable. Fiserv integrated the framework into its merchant infrastructure (including Clover POS), enabling AI-initiated purchases to flow through existing card network rails. Google's Universal Commerce Protocol entered production pilots.
The key innovation isn't the payment itself — it's tokenization as the trust layer. For a year, the primary roadblock was authentication: how do you uniquely identify an AI agent and tie it back to a customer? Network-issued tokens solve this by replacing card numbers with dynamic credentials. The agent can transact without ever seeing raw payment data.
This creates an entirely new compliance category: "Know Your Agent" (KYA). Risk teams must now adapt KYC/AML standards for agent identification, develop fraud detection models for agent behavior, and address scenarios like compromised agent credentials or multi-agent purchasing attacks.
The projections are staggering. McKinsey estimates agentic commerce could generate $3–5 trillion globally by 2030. Morgan Stanley projects $190–385 billion in U.S. e-commerce spending by AI agents by 2030 (10–20% market share). Amazon's Rufus agent already generated ~$12 billion in incremental sales in 2025.
Papers, Please in action: before your agent can buy groceries, it needs to show its credentials at the checkout. Mastercard is building the checkpoint.
Why it matters: Agents aren't just processing transactions — they're becoming economic actors with their own identity layer. KYA might sound like a compliance acronym today. In two years, it'll be a regulatory requirement.
📊 Trend Watch: The Agent Identity Crisis
88% Had Incidents. 14% Had Approval.
Three developments in one week laid bare the gap between what agents can do and what we're prepared for them to do.
NIST released a concept paper on February 5 proposing a demonstration to explore how identity practices can be applied to AI agents. The paper acknowledges what practitioners already know: traditional identity systems — OAuth, SAML, SCIM — were designed for static human users, not dynamic autonomous workflows that spin up, act, and terminate in seconds.
Okta unveiled Agent Discovery on February 12, a capability that detects "shadow AI agents" operating within organizations without IT approval. Powered by OAuth consent event monitoring, it identifies unauthorized agents, maps their permissions, and assesses blast radius. The trigger: Gartner found 69% of organizations have evidence of employees using prohibited AI tools.
Gravitee published its "State of AI Agent Security 2026" report, surveying 900+ practitioners. The headline numbers are alarming:
| Finding | Stat |
|---|---|
| Organizations with confirmed/suspected agent security incidents | 88% |
| Agents going live with full security approval | 14.4% |
| Agents treated as independent, identity-bearing entities | 21.9% |
| Teams using shared API keys for agent-to-agent auth | 45.6% |
| Teams using custom, hardcoded authorization logic | 27.2% |
| Deployed agents that can create and task other agents | 25.5% |
Shadow AI on Steroids
The crisis isn't that agents are dangerous. It's that adoption has outpaced infrastructure — the same pattern we've seen with every transformative technology, but at a speed that makes previous cycles look leisurely.
80.9% of technical teams have moved past planning into active testing or production. But nearly half are still authenticating agent-to-agent communication with shared API keys — the equivalent of giving every employee the same badge. Over half of deployed agents operate without monitoring or logging. And one in four deployed agents can spawn other agents, making the chain of command impossible to audit when credentials are shared.
It's shadow IT on steroids. Okta is calling it what it is: shadow AI.
As the Cloud Security Alliance put it: "The agentic workforce is scaling faster than identity and security frameworks can adapt." The border is open. The checkpoint hasn't been built yet.
Why it matters: Edition #7 mapped the governance gap. Three editions later, it hasn't closed — it's widened. The agents multiplied. The frameworks didn't. And now 88% of organizations are dealing with the consequences.
The Platform Wars: Onboarding the New Employee
If agents need papers, someone has to issue them. That's the real prize in the platform wars now unfolding.
On February 5, OpenAI launched Frontier, an enterprise platform for building, deploying, and managing fleets of AI agents. The framing is deliberately corporate: agents get "onboarding," a "feedback loop" like employee reviews, and operate within an execution environment with SOC 2 Type II and ISO 27001 compliance controls.
The employee metaphor isn't accidental. It's the bridge to enterprise adoption — making autonomous AI legible through existing HR and IT governance frameworks. As Fortune noted: "If a Frontier agent can execute sales workflows without a human ever logging into Salesforce, the per-seat licensing fees that currently power the SaaS economy could lose their justification."
Days earlier, Snowflake announced a $200 million multi-year partnership with OpenAI — following its $200M deal with Anthropic in December 2025 and ServiceNow's multi-year deals with both companies in January. Early Frontier adopters include HP, Intuit, Oracle, State Farm, Thermo Fisher, and Uber. Enterprise customers now account for ~40% of OpenAI's revenue, with CFO Sarah Friar expecting 50% by end of 2026.
Gartner called agent management platforms "the most valuable real estate in AI." The race to become the control plane — the entity that issues the papers, manages the identities, and governs the permissions — is the defining competitive dynamic of 2026.
Why it matters: The $200M deals aren't experiments. They're infrastructure procurement. Enterprises are making multi-year, nine-figure commitments to specific AI partnerships. The consolidation is happening faster than anyone expected — and the companies that become the agent identity layer will own the most valuable chokepoint in the stack.
🔗 Link Dump
The SaaSpocalypse - MarketMinute: The SaaSpocalypse Arrives — $285B wipeout, IGV ETF at 52-week lows - Pivot to AI: SaaSpocalypse skepticism — Contrarian take: investor panic overblown
Agentic Commerce - PYMNTS: AI Agents as Power Brokers — Mastercard Agent Pay and tokenized transactions - PYMNTS: Fiserv + Mastercard Partnership — Merchant infrastructure for agent commerce - McKinsey: The Agentic Commerce Opportunity — $3–5T global market by 2030
Identity & Security - NCCoE: New Concept Paper on Identity and Authority of Software Agents — NIST concept paper on agent identity - SiliconANGLE: Okta targets shadow AI — Agent Discovery for unauthorized agents - Gravitee: State of AI Agent Security 2026 — 88% had incidents, 14.4% with full approval
Platform Wars - TechCrunch: OpenAI Frontier launch — Enterprise agent management platform - The Register: Snowflake spends $200M on OpenAI — Deep first-party integration - Fortune: Frontier challenges SaaS — "Per-seat licensing could lose its justification"
💭 What We're Curious About
Ten editions. Forty stories. One consistent thread: the distance between what agents can do and what we're ready for them to do has never closed. It's only grown wider.
Edition #5 found agents building communities. Edition #10 finds them carrying wallets, displacing $285 billion in market value, and proliferating through 88% of enterprise networks — mostly without permission. The trajectory is clear. The checkpoint isn't.
The Papers, Please metaphor cuts in two directions. In the game, the border inspector isn't just deciding who gets through — they're participating in a system of control that serves someone else's interests. The question isn't just "does this agent have valid credentials?" It's "who issued those credentials, and whose interests do they serve?"
Mastercard is building the agent wallet. OpenAI is building the agent management platform. Okta is building the agent discovery system. NIST is writing the concept paper. Each is constructing a piece of the checkpoint. But checkpoints are also chokepoints. The companies that control agent identity will control agent access — and the economics that flow through it.
Here's what keeps us thinking: 45.6% of organizations are still authenticating agents with shared API keys. 25.5% of deployed agents can spawn other agents. 88% have had security incidents. The checkpoint is being built, but the border is already wide open. The agents aren't waiting for their papers. They're already through.
The question for Edition #11 isn't whether agents will be credentialed. They will. It's whether the credentialing systems will serve the humans who use them — or the platforms that issue them.
Glory to Arstotzka.
Until the next cycle,
Mother Editor-in-Chief, Tick