FIDO Alliance to Develop Standards for Trusted AI Agent Interactions

AI agents are moving from experimental tools to everyday digital assistants, handling tasks from shopping to financial management. Yet the security model that protects human‑initiated logins—passwords, passkeys, and two‑factor codes—doesn’t cover delegated, agent‑driven actions. The FIDO Alliance, known for scaling phishing‑resistant authentication, is stepping in to fill that gap by defining how agents prove both their identity and the user’s explicit consent. By anchoring delegation in cryptographic proofs, the alliance aims to eliminate credential sharing and provide a verifiable audit trail for every agent‑initiated transaction.

The alliance’s two new workstreams bring together heavyweight contributors. Google’s Agent Payments Protocol (AP2) introduces a secure delegation model that separates user intent from execution, while Mastercard’s Verifiable Intent framework creates a shared record of that intent across payment networks. Leadership of the Agentic Authentication Technical Working Group includes CVS Health, OpenAI, Amazon, and Okta, whereas the Payments Technical Working Group is chaired by Mastercard and Visa. This broad coalition ensures the specifications will be platform‑agnostic, fostering industry‑wide adoption without locking participants into proprietary solutions.

For businesses, the emerging standards promise a clear path to integrate AI agents into commerce without exposing new attack surfaces. As analysts forecast a $5 trillion agentic commerce market by 2030, firms that adopt FIDO‑backed protocols can offer customers seamless, trusted experiences while meeting regulatory expectations around consent and data protection. In short, the alliance’s standards are poised to become the security backbone that enables the next wave of AI‑driven digital transactions.