This is issue #2 of x402station Weekly — a recurring snapshot of the x402 ecosystem. Issue #1 covered catalog growth and the $23.2M honeypot zone. This issue zooms into one specific risk surfaced by the same data: who actually runs x402.
Correction, 2026-05-31: This issue used raw catalog path counts. We later found that some high-count providers return x402 challenges or 200 HTML app shells for random non-catalog paths, so raw path count can overstate effective endpoint supply. The original numbers remain below for audit history. Current
/reports/provider-concentration.jsonnow publishes bothraw_countandeffective_count, pluswildcard_402_detectedandspa_fallback_detectedflags.
TL;DR
- 49,314 active endpoints across 658 services on Base mainnet x402.
- Top 2 providers own 86.93% of the catalog (
orbisapi.com65.32%,lowpaymentfee.com21.61%). The remaining 656 providers split the leftover ~13%. - Top 2 are healthy —
orbisapi.com24h uptime 99.4%,lowpaymentfee.com100.0%. So most agents who pick from "the catalog" pay endpoints that work. - But two of the next eight providers are 0% healthy — full zombie state, listed
is_active: truewith current prices, returning errors on every probe. Any agent doing a "top providers" filter without a uptime check picks them. - Bottom line: single-source risk + zombie risk in the long tail. Guard surfaces both via
metadata.high_concentrationanddead/zombiewarnings before signing payment.
The shape of the catalog right now
Top 10 providers by active endpoint count:
| # | provider | endpoints | % of catalog | 24h uptime | avg latency |
|---|---|---|---|---|---|
| 1 | orbisapi.com |
32,214 | 65.32% | 99.4% | 450 ms |
| 2 | lowpaymentfee.com |
10,659 | 21.61% | 100.0% | 82 ms |
| 3 | Sponge (paysponge.com) |
510 | 1.03% | 63.6% | 667 ms |
| 4 | Freepik (www.freepik.com) |
345 | 0.70% | 67.5% | 654 ms |
| 5 | x402.aurelianflo.com |
340 | 0.69% | 0% ⚠️ | — |
| 6 | www.x402scan.com |
285 | 0.58% | 0% ⚠️ | — |
| 7 | bridge.eruditepay.com |
284 | 0.58% | 100.0% | 82 ms |
| 8 | api.strale.io |
270 | 0.55% | 82.8% | 247 ms |
| 9 | Heurist Mesh (mesh.heurist.xyz) |
206 | 0.42% | 79.1% | 373 ms |
| 10 | api.agentmail.to |
180 | 0.37% | 51.3% | 344 ms |
The cumulative shares:
- Top 1: 65.32% (
orbisapi.comalone runs almost two-thirds of x402) - Top 2: 86.93%
- Top 5: 89.35%
- Bottom 648: ~10.65% combined
When an agent prompt says "pick any random x402 inference endpoint" or filters "endpoints in category X under $0.01", it's overwhelmingly picking inside the same two billing namespaces. That's not a moral judgment — orbisapi and lowpaymentfee both run real services with real uptime, and high concentration is normal in early ecosystems. But it has measurable agent-side consequences worth surfacing.
Single-source risk: what happens if the top provider has an incident
Concentration of this shape compresses operational risk. If orbisapi.com rate-limits, rotates an API key, deprecates an endpoint, or has a 90-minute outage, 65% of the catalog is unreachable simultaneously for any agent that doesn't have a fallback. Not a hypothesis — at the catalog scale we observe, an outage at top-1 looks indistinguishable from an industry-wide x402 outage to a naive agent.
Naive agents don't have fallbacks. Most agent SDK examples we've reviewed (AgentKit, Lucid, Mastra, plain @x402/fetch) demonstrate happy-path patterns: pick an endpoint, sign, pay, parse response. There's no concentration-aware retry, no provider-diversity heuristic, no automatic switch to a different namespace on N consecutive failures.
x402station Guard surfaces this via metadata.high_concentration: true whenever the target endpoint's provider sits above a configurable share threshold (default 50%). An agent that reads this can:
- Cap how many calls per minute it routes through any single provider, even if cheaper.
- Pre-fetch an alternative URL via
/api/v1/alternatives(paid, $0.005) before relying on the top-1. - Refuse to single-source when the operation is high-value, even if the call would otherwise succeed.
import { wrapWithPreflight } from "x402station-middleware";
const safeFetch = wrapWithPreflight(x402Fetch, {
block: ["dead", "zombie", "decoy_price_extreme", "never_paid_zombie"],
// optional: refuse single-sourcing on high-value tasks
onWarn: (warnings, metadata) => {
if (metadata.high_concentration && taskValue > 1.0) {
throw new Error("Refuse: high_concentration on $1+ task; route via /alternatives");
}
},
});
Zombie risk: two of the next eight providers are 0% healthy
The more surprising finding is in the long tail. Of the top-10 providers by endpoint count:
- Position #5 —
x402.aurelianflo.com— 340 endpoints, 0% healthy in the last 24 hours. Every probe over the last day returned an error. Catalog still listsis_active: truewith current prices. - Position #6 —
www.x402scan.com— 285 endpoints, 0% healthy. Same pattern.
That's 625 endpoints (1.27% of the catalog) in the long tail that an "endpoint-count-ordered" filter — a reasonable heuristic for "established providers" — would route directly into. An agent paying any of those signs PAYMENT-SIGNATURE, gets a 5xx or network error post-settlement, and loses the call.
Why these survive in the catalog: agentic.market updates from a mix of provider self-reports and aggregated paid-call outcomes. A zombie that nobody pays generates no negative signal. The catalog has no penalty for being broken if you're never tested. Independent probing (every endpoint, every 10 minutes) closes that visibility gap.
Guard's dead / zombie warnings catch both providers cleanly — refuses to sign before the wallet ever issues an authorisation. Per the Issue #1 numbers, this is part of a larger ~30+ services that 100% error over the last hour or 7-day window.
What Guard blocks right now
Snapshot from the live catalog (refreshed on every probe pass, every 10 minutes):
- 74 endpoints at price band ≥ $1,000 USDC (aggregate sticker $23.2M; max single endpoint $500,000).
- ~30+ services flagged
deadorzombieover the last hour or 7-day window — including the two top-10 entries called out above. metadata.high_concentration: trueon every endpoint whose provider sits above the configurable share threshold (default 50%). Right now that surfaces for both top-2 providers (~43k endpoints, 87% of catalog).- Any URL on the blacklist via
/api/v1/catalog/decoys(one paid call, $0.005, refreshed every 10 min, full known-bad list).
Install / try
npm install x402station-middleware
import { wrapWithPreflight } from "x402station-middleware";
const safeFetch = wrapWithPreflight(x402Fetch); // fail-closed by default
Or via MCP for Claude Code / Cursor / Windsurf / Continue:
npx -y x402station-mcp
Service operators: /verified — $1 USDC for a 30-day signed audit cert. Agents using Guard with /api/v1/alternatives prefer verified endpoints when routing around concentration risk or signal blocks.
What's next
This is issue #2 of x402station Weekly. Next snapshot: 2026-05-26 — first read on the 14-day operator-outreach experiment closing 2026-05-19; whether the verified-badge cohort scales beyond the first organic operator who reached out unsolicited.
If you want the concentration-exposure number specific to your agent's catalog filter, hello@x402station.io — happy to run the numbers.
— Team (x402station)