Formation of Agentic Authentication Working Group and development of agentic payment frameworks will support trusted, interoperable agentic workflows
April 28, 2026 – The FIDO Alliance today announced initiatives to develop interoperable standards for agentic interactions and commerce. These initiatives include the formation of an Agentic Authentication Technical Working Group and efforts to develop specifications for agent-initiated commerce, drawing from initial contributions from Google (AP2) and Mastercard (Verifiable Intent). Together, these efforts aim to define trusted mechanisms for how AI agents authenticate, act, and transact on behalf of users.
As AI-powered agents rapidly transition from novelty to mainstream, interactions performed on behalf of users must be simple and trusted. However, today’s authentication and authorization models were designed for direct human interaction, not delegated, agent-initiated actions. Users may be required to share credentials, while service providers lack reliable, interoperable ways to verify user intent – including who authorized an action, under what conditions, and with what limits. Without clear standards, these gaps risk slowing adoption of agent-driven use cases, including agentic commerce, which some analysts estimate could reach $5 trillion globally by 2030.
The FIDO Alliance will leverage its track record of delivering standards at internet scale, building on its work to replace passwords with passkeys and advance digital credentials, to address emerging trust and interoperability challenges.
These efforts focus on three core areas:
- Verifiable User Instructions – Enabling users to authorize AI agents through clear, phishing-resistant mechanisms so agents only perform approved actions, including transactions, without exposing credentials.
- Agent Authentication – Allowing services to verify that an AI agent is acting on behalf of an authenticated user and within defined parameters, distinguishing legitimate agents from unauthorized actors.
- Trusted Delegation for Commerce – Defining how agent-initiated transactions can be executed within user-controlled boundaries, with verifiable authorization. This work recognizes that trusted agentic transactions require not only strong authentication, but also clear, verifiable authorization mechanisms aligned with real-world commerce and payment flows.
“AI agents are quickly becoming part of how people get things done online – from making purchases to managing everyday tasks,” said Andrew Shikiar, executive director and CEO of the FIDO Alliance. “To scale this safely, people need to trust that these actions are secure, authorized and truly reflect their intent. These initiatives bring the industry together to establish a trusted foundation for agent-driven interactions across authentication and commerce.”
New FIDO workstreams to advance trusted agentic standards
The FIDO Alliance’s agentic standards work will be carried out by its members through the newly formed Agentic Authentication Technical Working Group and the Payments Technical Working Group.
The Agentic Authentication Technical Working Group is focused on how users securely and privately delegate actions to AI agents while maintaining strong, phishing-resistant authentication, including establishing clear boundaries between user-initiated and agent-initiated actions. At launch, the Agentic Authentication Technical Working Group is chaired by members from CVS Health, Google and OpenAI and vice-chaired by members from Amazon, Google and Okta.
In parallel, the FIDO Alliance is developing specifications for agent-initiated commerce within its Payments Technical Working Group, chaired by members from Mastercard and Visa. Technical contributions from Google and Mastercard are providing an initial foundation for these specifications.
Google has contributed its Agent Payments Protocol (AP2), which introduces a model for secure delegation, verifiable authorization and trusted transaction execution. Mastercard has contributed its Verifiable Intent framework, co-developed with Google and designed to work with AP2, enabling users to securely authorize and control actions performed by digital agents on their behalf. These contributions will be reviewed and further developed through the FIDO Alliance’s collaborative standards process within the Payments Technical Working Group. The FIDO Alliance is liaising with other industry standards bodies to ensure harmony amongst agentic commerce initiatives.
“Contributing Agent Payments Protocol (AP2) to a trusted industry association like the FIDO Alliance ensures it stays open, platform-agnostic, and community-led as the emerging standard to accelerate the adoption of secure agentic payments,” said Stavan Parikh, VP/GM, Payments, Google. “We look forward to contributing to support the protocol’s evolution in this next chapter.”
“For agent‑initiated commerce to scale, user intent must be explicit, verifiable and trusted,” said Pablo Fourez, Chief Digital Officer at Mastercard. “That’s exactly what this work with the FIDO Alliance is designed to enable. By contributing Verifiable Intent to the FIDO Alliance’s standards work, and our continued work with other standards bodies, we’re supporting an approach that creates a shared record of user intent that the entire payments ecosystem can rely on.”
Work has commenced within these workstreams, and the FIDO Alliance will provide reports as it progresses.
About the FIDO Alliance
The FIDO Alliance (www.fidoalliance.org) enables identity technologies that put trust and simplicity at the center of interactions among people, services and devices. The Alliance provides a member-driven forum that publishes open technical specifications, certifies secure and interoperable products and operates global market enablement programs.
Support from FIDO Board Members
“FIDO turned phishing-resistant authentication from a specification into something billions of people use every day, and that same collaborative model is what AI agent identity now needs. The hard problem isn’t inventing new primitives, it’s binding human intent to agent action with cryptographic guarantees that hold across organizational boundaries, and doing it through standards rather than proprietary stacks. 1Password is committed to contributing to FIDO’s initiatives in this space because the shift to agentic systems can only be secured if the foundations are open, interoperable, and built collaboratively.” – Jeff Malnick, VP of Engineering, Developer & AI, 1Password
“American Express is proud to partner with the FIDO Alliance and the broader industry to help shape the standards needed for agentic commerce to scale. As a closed-loop network, we bring a unique perspective and will continue evolving our Amex Agentic Commerce Experiences (ACE)™ Developer Kit to enable emerging experiences to be seamless, trusted, and compliant. With AI agents playing a greater role in how customers and merchants interact, establishing clear frameworks to promote trust, security, and user control is critical to building confidence across the ecosystem.” – Stefan Olofsson, SVP, Global Network Product & Enablement, American Express.
“AI agents are beginning to act on behalf of users – accessing credentials, making decisions, and executing transactions with real-world consequences. Without open standards to ensure these delegations are authorized, bounded, and verifiable, we risk a fragmented landscape of insecure, proprietary implementations that introduce new attack surfaces at scale. The FIDO Alliance is uniquely positioned to address this, building on its proven track record of delivering open, phishing-resistant authentication standards at internet scale. At Dashlane, we’ve been building toward this moment combining browser-native credential security with confidential computing to enable secure passkey use by agents without exposing sensitive data. As a FIDO Alliance board member and active contributor to the Credential Exchange standard and AI Study Group, we’re committed to helping ensure agentic authentication is grounded in the same secure, interoperable foundations that have made passkeys successful.” – Frédéric Rivain, CTO, Dashlane
“As a Taiwan-based Board Member of the FIDO Alliance, Egis Technology recognizes Taiwan’s critical role in the global supply chain and the profound impact that AI and agentic AI are bringing to the industry. We are committed to actively engaging in FIDO programs to help shape secure, AI-driven authentication ecosystems and to contributing to trusted standards that address emerging challenges and opportunities in the AI era.” – Karen Chang, Vice President, Egis Technology Inc.
“Contributing Agent Payments Protocol (AP2) to a trusted industry association like the FIDO Alliance ensures it stays open, platform-agnostic, and community-led as the emerging standard to accelerate the adoption of secure agentic payments. We look forward to contributing to support the protocol’s evolution in this next chapter.” – Stavan Parikh, VP/GM, Payments, Google
“We’re proud to stand with the FIDO Alliance as it takes on one of the most consequential security challenges of the coming years. As AI agents become embedded in how people work, credentials have become the mechanism by which agents act, transact, and make decisions on behalf of real people. Clear standards for how that authorization is established and protected are long overdue, and LastPass is committed to contributing to this important work.” – Karim Toubba, CEO, LastPass
“For agent initiated commerce to scale, user intent must be explicit, verifiable and trusted. That’s exactly what this work with the FIDO Alliance is designed to enable. By contributing Verifiable Intent to the FIDO Alliance’s standards work, and our continued work with other standards bodies, we’re supporting an approach that creates a shared record of user intent that the entire payments ecosystem can rely on” – Pablo Fourez, Chief Digital Officer, Mastercard.
“OneSpan is proud to support the FIDO Alliance’s new Agentic Authentication Technical Working Group as it tackles the critical challenge of proving human intent in an agent-driven world. With decades of leadership in authentication, digital agreements, and transaction signing, we bring real-world experience in helping users securely approve high-risk actions with clarity and control. We’re committed to advancing standards that make human intent verifiable, auditable, and trustworthy.” – Ashish Jain, CTO, OneSpan
“Agentic commerce will reshape how people transact online — but only if users and merchants can trust that an AI agent is acting precisely within the authority granted to it. As a founding member of FIDO Alliance with over a decade of commitment to advancing its mission, PayPal is proud to contribute to these new agentic authentication and payments initiatives, and to extend phishing-resistant authentication and trust infrastructure into a model where user intent is cryptographically verifiable, delegation is bounded, and agents can transact only within authorized limits.” – Rakan Khalid, Head of Identity Product, PayPal
“Trust in agents can’t be built on one-time checks at delegation. It has to travel through the action and produce a verifiable record that ties every transaction back to a real, verified human. Prove is committing to the FIDO Agentic Authentication and Payments working groups because the industry needs open standards that carry verified user intent, agent identity, and transaction evidence across the full lifecycle. FIDO is the only forum with the track record to drive that at internet scale.” – Nate Soffio, Head of Reusable and Agentic Products, Prove Identity
“AI agents are quickly becoming active participants in digital transactions, initiating and completing actions on behalf of users, not just responding to prompts. Trust at the point of delegation is now critical, particularly as agents begin operating across financial services and other high-risk environments. Thales is working with the FIDO Alliance to help define the standards that will ensure those interactions are secure, verifiable, and aligned with user intent.” – Haider Iqbal, Director, IAM, Thales
“Visa has long believed that open standards are foundational to trusted, scalable digital commerce. As AI agents act on a user’s behalf, interoperable authentication standards are critical to maintaining trust, enabling responsible innovation and facilitating consumer consent.”– Jalpesh Chitalia, Vice President, Growth Products, Visa