One of the most common fears people have about letting an AI agent spend money is simple: what if it buys the same thing twice? It is a real risk, and it happens for predictable reasons. An agent makes a purchase, does not get a clear response, and retries. Or it runs in a loop and repeats an action it already completed. Either way, you can end up with two charges for one intended purchase.
Here are the approaches that actually prevent this, roughly in order of how reliably they work.
Idempotency keys
The most reliable mechanism is an idempotency key, the same pattern payment processors like Stripe have used for years. The idea is that the agent attaches a stable key to a purchase request, one key per distinct intent to buy. If the agent retries with the same key, the system recognizes it and returns the original result instead of creating a second charge. A genuine new purchase uses a new key and goes through normally.
This works because it lets the system tell the difference between a retry (same intent, same key) and a legitimate repeat purchase (new intent, new key), which is impossible to do reliably by just comparing amounts and merchants.
Duplicate detection as a backstop
Agents do not always supply or reuse keys correctly. So a second layer helps: detecting when a near-identical purchase (same merchant, same amount) was just made within a short window. Rather than silently blocking it, the safer design routes it to a human for a quick approval, because two identical purchases seconds apart are usually a mistake, but occasionally intentional. Letting a person confirm avoids both double-charges and false blocks.
Guarding against slow approvals
A subtle failure mode: a duplicate is sitting in a pending-approval state, and the agent fires the same request again before anyone has approved it. A good system treats an already-pending duplicate as a block regardless of how much time has passed, so a slow human approval cannot let a second purchase slip through.
Human approval for the gray areas
The cleanest safety net for anything ambiguous is a human in the loop. When something looks like a possible duplicate, or exceeds a threshold, pausing for a quick approval keeps you in control without blocking the agent's routine work.
How AgentPays handles it
AgentPays builds these in by default: idempotency on every purchase request, duplicate detection across all of your agents, a pending-state guard, and human email approval for anything that needs a second look, plus a full audit trail of what each agent bought and why. The goal is simple, an agent should never be able to accidentally buy the same thing twice.