FIDO Alliance to Develop Standards for Trusted AI Agent Interactions
Formation of Agentic Authentication Working Group and development of agentic payment frameworks will support trusted, interoperable agentic workflows MOUNTAIN VIEW, Calif., April 28, 2026–(BUSINESS WIRE)–The FIDO Alliance today announced initiatives to develop interoperable standards for agentic interactions and commerce. These initiatives include the formation of an Agentic Authentication Technical Working Group and efforts to develop…
Formation of Agentic Authentication Working Group and development of agentic payment frameworks will support trusted, interoperable agentic workflows
MOUNTAIN VIEW, Calif., April 28, 2026–(BUSINESS WIRE)–The FIDO Alliance today announced initiatives to develop interoperable standards for agentic interactions and commerce. These initiatives include the formation of an Agentic Authentication Technical Working Group and efforts to develop specifications for agent-initiated commerce, drawing from initial contributions from Google (AP2) and Mastercard (Verifiable Intent). Together, these efforts aim to define trusted mechanisms for how AI agents authenticate, act, and transact on behalf of users.
As AI-powered agents rapidly transition from novelty to mainstream, interactions performed on behalf of users must be simple and trusted. However, todayโs authentication and authorization models were designed for direct human interaction, not delegated, agent-initiated actions. Users may be required to share credentials, while service providers lack reliable, interoperable ways to verify user intent – including who authorized an action, under what conditions, and with what limits. Without clear standards, these gaps risk slowing adoption of agent-driven use cases, including agentic commerce, which some analysts estimate could reach $5 trillion globally by 2030.
The FIDO Alliance will leverage its track record of delivering standards at internet scale, building on its work to replace passwords with passkeys and advance digital credentials, to address emerging trust and interoperability challenges.
These efforts focus on three core areas:
Verifiable User Instructions – Enabling users to authorize AI agents through clear, phishing-resistant mechanisms so agents only perform approved actions, including transactions, without exposing credentials.
Agent Authentication – Allowing services to verify that an AI agent is acting on behalf of an authenticated user and within defined parameters, distinguishing legitimate agents from unauthorized actors.
Trusted Delegation for Commerce – Defining how agent-initiated transactions can be executed within user-controlled boundaries, with verifiable authorization. This work recognizes that trusted agentic transactions require not only strong authentication, but also clear, verifiable authorization mechanisms aligned with real-world commerce and payment flows.
“AI agents are quickly becoming part of how people get things done online – from making purchases to managing everyday tasks,” said Andrew Shikiar, executive director and CEO of the FIDO Alliance. “To scale this safely, people need to trust that these actions are secure, authorized and truly reflect their intent. These initiatives bring the industry together to establish a trusted foundation for agent-driven interactions across authentication and commerce.”
New FIDO workstreams to advance trusted agentic standards The FIDO Allianceโs agentic standards work will be carried out by its members through the newly formed Agentic Authentication Technical Working Group and the Payments Technical Working Group.
The Agentic Authentication Technical Working Group is focused on how users securely and privately delegate actions to AI agents while maintaining strong, phishing-resistant authentication, including establishing clear boundaries between user-initiated and agent-initiated actions. At launch, the Agentic Authentication Technical Working Group is chaired by members from CVS Health, Google and OpenAI and vice-chaired by members from Amazon, Google and Okta.
In parallel, the FIDO Alliance is developing specifications for agent-initiated commerce within its Payments Technical Working Group, chaired by members from Mastercard and Visa. Technical contributions from Google and Mastercard are providing an initial foundation for these specifications.
Google has contributed its Agent Payments Protocol (AP2), which introduces a model for secure delegation, verifiable authorization and trusted transaction execution. Mastercard has contributed its Verifiable Intent framework, co-developed with Google and designed to work with AP2, enabling users to securely authorize and control actions performed by digital agents on their behalf. These contributions will be reviewed and further developed through the FIDO Allianceโs collaborative standards process within the Payments Technical Working Group. The FIDO Alliance is liaising with other industry standards bodies to ensure harmony amongst agentic commerce initiatives.
“Contributing Agent Payments Protocol (AP2) to a trusted industry association like the FIDO Alliance ensures it stays open, platform-agnostic, and community-led as the emerging standard to accelerate the adoption of secure agentic payments,” said Stavan Parikh, VP/GM, Payments, Google. “We look forward to contributing to support the protocolโs evolution in this next chapter.”
“For agentโinitiated commerce to scale, user intent must be explicit, verifiable and trusted,” said Pablo Fourez, Chief Digital Officer at Mastercard. “Thatโs exactly what this work with the FIDO Alliance is designed to enable. By contributing Verifiable Intent to the FIDO Allianceโs standards work, and our continued work with other standards bodies, weโre supporting an approach that creates a shared record of user intent that the entire payments ecosystem can rely on.”
Work has commenced within these workstreams, and the FIDO Alliance will provide reports as it progresses.
About the FIDO Alliance The FIDO Alliance (www.fidoalliance.org) enables identity technologies that put trust and simplicity at the center of interactions among people, services and devices. The Alliance provides a member-driven forum that publishes open technical specifications, certifies secure and interoperable products and operates global market enablement programs.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.