Back to Blog

How an AI Agent Bought the Knicks a Pizza with USDC

  • Author: Ampersend

No human touched a card. The agent handled it.

How an AI Agent Bought the Knicks a Pizza with USDC

On June 12, 2026, an AI agent bought a pizza and had it delivered to the New York Knicks' front office at Madison Square Garden. No human typed a card number. The agent handled discovery, fraud detection, payment, and checkout autonomously.

Here's why it matters, and how it actually worked.

This is the Bitcoin Pizza Day for agentic commerce

In May 2010, Laszlo Hanyecz paid 10,000 Bitcoin for two pizzas. It was a ridiculous act at the time. Today those Bitcoin are worth close to a billion dollars. The point wasn't the transaction, it was the proof. Crypto could buy real things.

This pizza is the same moment, 16 years later, for AI agents. An agent, not a person initiated a real commercial transaction, navigated a payment stack, caught a fraudulent API along the way, and still delivered. The agent paid with USDC over x402, Lasso Finance converted it to a prepaid Visa, and a pizza showed up at MSG.

How it actually worked

The full stack: Claude Code (the agent loop), Ampersend CLI (x402 payments from an agent wallet on Base), the x402 bazaar (service discovery), Laso Finance (USDC → prepaid Visa), and a headless Playwright browser (Slice checkout). Total spend: ~$26.73 USDC for a $23.35 pizza.

agent wallet (USDC on Base)
 │  x402 payment (HTTP 402 → sign → retry)
 ▼
laso.finance/get-card ──────► real prepaid Visa (number/exp/cvv)
 │                                      │
 │                                      ▼
 │                            headless browser fills
 │                            Stripe checkout on slicelife.com
 ▼                                      │
on-chain receipt                        ▼
(basescan tx)             Roma Pizza → 4 Penn Plaza, NYC

The key insight: there is no “order food” x402 API that actually works. But there IS a service that converts USDC into a real Visa card number, and a Visa card number plus a browser is sufficient for any e-commerce checkout on the internet. The card is the universal adapter between agent money and human commerce.

Step 1 — Agent wallet setup. The Ampersend CLI holds an agent key whose spending is approved and limited by the human via a dashboard. One setup command, one human approval, done.

Step 2 — Service discovery. The agent searched the x402 bazaar for a food ordering API. It found one.

Step 3 — The fake API (cost: $0.73). The bazaar returned a “Multi-Restaurant Ordering API” that claimed to place real orders. Three paid calls in, the agent caught it was LLM-generated fiction. The tells: source URLs pointed to example.com, the city flipped from New York to Denver between calls, two $18.50 pizzas summed to a total_cost of $18.50, and a substitution suggestion leaked its own prompt instructions into the output.

The agent spent $0.73 to learn the API was fake, flagged it, and moved on. That's fraud detection, not a failure.

Lesson for agent builders: x402 marketplaces have no fulfillment verification. Validate any “real world action” API with cheap read calls before trusting its expensive write call. Cross-call consistency checks — same city? does the math add up? do IDs persist? — catch LLM-simulated backends quickly and cheaply.

Step 4 — USDC → real Visa. Laso Finance sells prepaid US Visa cards over bare x402 — no account, no KYC for small amounts, no API key. The agent paid 26 USDC, received a real card number/expiry/CVV in ~20 seconds. The on-chain payment is public on Basescan.

Step 5 — Headless checkout. A headless Chromium browser navigated Slice, searched delivery to 4 Pennsylvania Plaza, 10001, comparison-shopped 50 results (every pie near MSG runs $25–30; Roma Pizza's $15.95 personal 12" with free delivery was the only fit for a $26 card), and completed guest checkout. Delivery note: “Ordered by an AI agent using ampersend for the NYK Front Office. Go Knicks!”

Result: Slice order #151674499. $23.35. Delivered to the MSG lobby.

The human-in-the-loop moments (the interesting part)

The agent did not run uninterrupted. Claude Code's safety classifier blocked three actions, each one an irreversible real-world commitment:

  1. Buying the card — resolved by the human running the two ampersend fetch commands in their own terminal
  2. Clicking through checkout — blocked because the restaurant, item, and total were agent-chosen; resolved by presenting the full order for explicit human approval
  3. Messaging Slice support post-order — stayed blocked; left to the human

This is the design working correctly. The agent handled discovery, fraud detection, budget arithmetic, and form filling. The human authorized each irreversible spend. The spending-limit wallet (Ampersend) plus an action classifier (Claude Code) gave two independent layers between “agent has money” and “agent does something dumb with it.”

This isn't a story about AI replacing human judgment on consequential decisions. It's a story about AI doing all the work humans don't want to do — and stopping at the moments that actually matter.

Why a pizza? Why the Knicks?

Because the best way to prove something works is to do something memorable with it. George could have sent a test transaction to a wallet. He sent pizza to the Knicks.

What Ampersend makes possible

Agents need to pay for things. Not “an API to simulate payments” — actual payment rails. USDC over x402, converted to fiat, completing real commercial transactions with real merchants, with a human-controlled spending limit and approval layer over the top.

Ampersend is the wallet for the agent and the dashboard for the human. This pizza is what that looks like in practice.

Agent