FIDO Alliance to Develop Standards for Trusted AI Agent Interactions

MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--The FIDO Alliance today announced initiatives to develop interoperable standards for agentic interactions and commerce. These initiatives include the formation of an Agentic Authentication Technical Working Group and efforts to develop specifications for agent-initiated commerce, drawing from initial contributions from Google (AP2) and Mastercard (Verifiable Intent). Together, these efforts aim to define trusted mechanisms for how AI agents authenticate, act, and transact on behalf of users.

As AI-powered agents rapidly transition from novelty to mainstream, interactions performed on behalf of users must be simple and trusted. However, today’s authentication and authorization models were designed for direct human interaction, not delegated, agent-initiated actions. Users may be required to share credentials, while service providers lack reliable, interoperable ways to verify user intent - including who authorized an action, under what conditions, and with what limits. Without clear standards, these gaps risk slowing adoption of agent-driven use cases, including agentic commerce, which some analysts estimate could reach $5 trillion globally by 2030.

The FIDO Alliance will leverage its track record of delivering standards at internet scale, building on its work to replace passwords with passkeys and advance digital credentials, to address emerging trust and interoperability challenges.

These efforts focus on three core areas:

• Verifiable User Instructions - Enabling users to authorize AI agents through clear, phishing-resistant mechanisms so agents only perform approved actions, including transactions, without exposing credentials.
• Agent Authentication - Allowing services to verify that an AI agent is acting on behalf of an authenticated user and within defined parameters, distinguishing legitimate agents from unauthorized actors.
• Trusted Delegation for Commerce - Defining how agent-initiated transactions can be executed within user-controlled boundaries, with verifiable authorization. This work recognizes that trusted agentic transactions require not only strong authentication, but also clear, verifiable authorization mechanisms aligned with real-world commerce and payment flows.

“AI agents are quickly becoming part of how people get things done online - from making purchases to managing everyday tasks,” said Andrew Shikiar, executive director and CEO of the FIDO Alliance. “To scale this safely, people need to trust that these actions are secure, authorized and truly reflect their intent. These initiatives bring the industry together to establish a trusted foundation for agent-driven interactions across authentication and commerce.”

New FIDO workstreams to advance trusted agentic standards
The FIDO Alliance’s agentic standards work will be carried out by its members through the newly formed Agentic Authentication Technical Working Group and the Payments Technical Working Group.

The Agentic Authentication Technical Working Group is focused on how users securely and privately delegate actions to AI agents while maintaining strong, phishing-resistant authentication, including establishing clear boundaries between user-initiated and agent-initiated actions. At launch, the Agentic Authentication Technical Working Group is chaired by members from CVS Health, Google and OpenAI and vice-chaired by members from Amazon, Google and Okta.

In parallel, the FIDO Alliance is developing specifications for agent-initiated commerce within its Payments Technical Working Group, chaired by members from Mastercard and Visa. Technical contributions from Google and Mastercard are providing an initial foundation for these specifications.

Google has contributed its Agent Payments Protocol (AP2), which introduces a model for secure delegation, verifiable authorization and trusted transaction execution. Mastercard has contributed its Verifiable Intent framework, co-developed with Google and designed to work with AP2, enabling users to securely authorize and control actions performed by digital agents on their behalf. These contributions will be reviewed and further developed through the FIDO Alliance’s collaborative standards process within the Payments Technical Working Group. The FIDO Alliance is liaising with other industry standards bodies to ensure harmony amongst agentic commerce initiatives.

"Contributing Agent Payments Protocol (AP2) to a trusted industry association like the FIDO Alliance ensures it stays open, platform-agnostic, and community-led as the emerging standard to accelerate the adoption of secure agentic payments,” said Stavan Parikh, VP/GM, Payments, Google. “We look forward to contributing to support the protocol’s evolution in this next chapter.”

“For agent‑initiated commerce to scale, user intent must be explicit, verifiable and trusted,” said Pablo Fourez, Chief Digital Officer at Mastercard. “That’s exactly what this work with the FIDO Alliance is designed to enable. By contributing Verifiable Intent to the FIDO Alliance’s standards work, and our continued work with other standards bodies, we’re supporting an approach that creates a shared record of user intent that the entire payments ecosystem can rely on.”

Work has commenced within these workstreams, and the FIDO Alliance will provide reports as it progresses.

About the FIDO Alliance
The FIDO Alliance (www.fidoalliance.org) enables identity technologies that put trust and simplicity at the center of interactions among people, services and devices. The Alliance provides a member-driven forum that publishes open technical specifications, certifies secure and interoperable products and operates global market enablement programs.