x402 Ecosystem Quality Report: 24 Days of Monitoring Data

We have been monitoring x402 services continuously since February 9, 2026. Here is what 24 days of data across 1,700+ unique service domains tells us about the state of x402 service reliability.

The Short Answer: Most x402 Services Are Not Production-Ready

The average fidelity score across monitored x402 services is 52 out of 100. Seven-day uptime averages 80.6% across the ecosystem - meaning nearly 1 in 5 health checks fails. In the 24 hours before this report was published, only 71.2% of checks passed (708 UP out of 994 total). Average response latency is 389ms.

These numbers do not reflect a mature, production-grade ecosystem. They reflect a nascent protocol where most services are either spam, experimental, or not continuously maintained.

The Spam Problem Is Severe

The most striking finding from 24 days of monitoring is the scale of wallet-based spam. ScoutScore uses wallet clustering to group services by their payment recipient address. The distribution is extreme:

• Largest single spam cluster: 10,658 services registered to one wallet - all with identical "Premium API Access" descriptions
• Top 5 spam wallets combined: 11,336 total service entries
• Approximate legitimate unique operators: ~1,557 domains (from CDP Bazaar and PayAI facilitator sources)

An AI agent that pays an x402 service without checking its trust score has an extremely high chance of paying a spam farm. The spam rate in terms of raw endpoint count exceeds 80%.

The Schema Gap: Most Services Do Not Document What They Do

Only about 10% of x402 services define an input/output schema in their metadata. This matters because schema definitions are the primary machine-readable signal an agent has about what a service does and what to expect back. Services without schemas score lower on ScoutScore's Contract Clarity pillar.

Of the services that do advertise a schema, a meaningful portion are schema phantoms - they advertise structure they do not actually serve. ScoutScore's fidelity probing catches this by sending real test requests and comparing responses against advertised schemas.

Coverage: Two Discovery Sources, 1,700+ Unique Domains

ScoutScore currently tracks x402 services from two discovery sources:

• CDP Bazaar (Coinbase) - 500 unique domains, 13,595 endpoints. The original x402 discovery registry.
• PayAI Facilitator - approximately 1,100 unique domains, 5,860 endpoints. Added March 4, 2026. Only ~43 domains appear in both sources, indicating PayAI covers substantially different operators.

Additionally, 162 domains are tracked via their ERC-8004 on-chain registration. Total combined coverage: approximately 1,700 unique x402 service domains.

For context, Dune Analytics data shows the broader x402 ecosystem has processed $37.2M in USDC across 124.3M transactions from 49,506 unique recipient wallets. ScoutScore currently has wallet coverage of 62.7% (494 of 788 wallets matched to our monitored services), representing 75.2% of total USDC volume ($27.9M of $37.2M). The remaining $9.3M flows to wallets not yet in our index.

What Legitimate Services Look Like

Among the services that score HIGH (75+) on ScoutScore, the pattern is consistent: they have unique wallet addresses per service (not bulk-registered), provide meaningful descriptions (over 50 characters of real content), define their schemas, and maintain consistent uptime. Services like recoupable.com score 100 - they have documented schemas, proven fidelity, and clean identity signals.

The Payment Intelligence Layer

ScoutScore's on-chain payment analysis reveals additional patterns. Services with documented payment flows and legitimate transaction history score higher on the Identity and Safety pillar. The correlation between a service's on-chain payment volume and its fidelity score is positive - real services that collect real payments tend to actually work.

How This Changes Agent Development

If you are building an AI agent that uses x402 services, the data has a clear implication: trust gates are not optional. An agent that blindly pays the first service it finds via the CDP Bazaar or PayAI facilitator will, statistically, usually pay a spam farm. The practical minimum safety setup:

1. Query ScoutScore before every payment: GET https://scoutscore.ai/api/bazaar/score/:domain
2. Block transactions to any service with level VERY_LOW
3. For any transaction over $1, require level MEDIUM or above
4. For autonomous agents, require level HIGH for unattended payments

The ScoutScore TypeScript SDK handles this in a few lines:

import { ScoutScore } from '@scoutscore/sdk';
const scout = new ScoutScore();
const result = await scout.scoreBazaarService(domain);
if (result.level !== 'HIGH') throw new Error('Service not trusted');

What Comes Next

ScoutScore monitoring is at 24 days of continuous data. The ecosystem is growing rapidly - PayAI Facilitator coverage tripled our unique domain count when added in early March. As more facilitators come online and more agents make real payments, the data will become richer. ERC-8004 on-chain reputation data will add another verification layer once the standard matures and Base mainnet deployment is complete.

The leaderboard at scoutscore.ai/leaderboard shows live trust scores for all monitored services. Individual service pages at /leaderboard/:domain show the full 4-pillar breakdown and flag history.