AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user’s behalf.
The FIDO Alliance has announced a set of initiatives to build shared standards for these interactions, covering how AI agents authenticate, follow instructions, and carry out transactions.
“AI agents are quickly becoming part of how people get things done online – from making purchases to managing everyday tasks,” said Andrew Shikiar, executive director and CEO of the FIDO Alliance. “To scale this safely, people need to trust that these actions are secure, authorized and truly reflect their intent. These initiatives bring the industry together to establish a trusted foundation for agent-driven interactions across authentication and commerce.”
The FIDO Alliance outlined three focus areas.
The first is verifiable user instructions, aimed at letting users authorize AI actions through phishing-resistant methods without exposing credentials.
The second is agent authentication, where services confirm that an agent is acting for a specific user within defined limits.
The third is trusted delegation for commerce, which covers how transactions initiated by agents are approved and verified across payment systems.
New working groups target AI agent authentication and payments
The FIDO Alliance said its work on AI agent standards will be carried out through two workstreams focused on authentication and payments.
The Agentic Authentication Technical Working Group will address how users delegate actions to AI agents while maintaining strong, phishing-resistant authentication. The group will also define boundaries between actions taken directly by users and those carried out by agents. It is chaired by members from CVS Health, Google, and OpenAI, with vice-chairs from Amazon, Google, and Okta.
In parallel, the Payments Technical Working Group will focus on specifications for agent-initiated commerce. This group is chaired by members from Mastercard and Visa, and will build on early technical contributions from Google and Mastercard.
Google has contributed its Agent Payments Protocol (AP2), which outlines a model for secure delegation, verifiable authorization, and transaction execution.
“Contributing Agent Payments Protocol (AP2) to a trusted industry association like the FIDO Alliance ensures it stays open, platform-agnostic, and community-led as the emerging standard to accelerate the adoption of secure agentic payments. We look forward to contributing to support the protocol’s evolution in this next chapter,” said Stavan Parikh, VP/GM, Payments, Google.
Mastercard has contributed its Verifiable Intent framework, developed with Google, which aims to create a shared record of user-approved actions and give users control over how agents act on their behalf.
“By contributing Verifiable Intent to the FIDO Alliance’s standards work, and our continued work with other standards bodies, we’re supporting an approach that creates a shared record of user intent that the entire payments ecosystem can rely on,” noted Pablo Fourez, Chief Digital Officer at Mastercard.
The contributions will be reviewed and further developed through the FIDO Alliance’s standards process within the Payments Technical Working Group, alongside coordination with other industry groups working on agent-driven commerce.
