The FIDO Alliance announced in April 2026 that it will launch two working groups aimed at developing industry standards for validating and protecting payments and other transactions carried out by AI agents. The initiative, backed by initial contributions from Google and Mastercard, responds to growing concerns that existing authentication models were not designed to handle actions performed autonomously on a user’s behalf.
The working groups will focus on producing a baseline set of protections that can be adopted across industries. These include cryptographic tools to verify that transactions genuinely reflect a user’s intent, privacy-preserving frameworks to allow merchants and service providers to validate agent-initiated activity, and accountability mechanisms to support dispute resolution. The standards are also intended to guard against agent hijacking — scenarios in which a bad actor intercepts or manipulates an agent’s instructions.
Both Google and Mastercard are contributing open-source tools to the effort. Google’s Agent Payments Protocol (AP2) provides a cryptographic mechanism for confirming that a user authorized a given transaction. Mastercard’s Verifiable Intent framework, co-developed with Google to work alongside AP2, gives users a secure way to authorize and control agent actions.
“Agents are becoming more and more common, they’re moving into mainstream use, but preexisting models aren’t necessarily designed for this sort of paradigm,” said Andrew Shikiar, CEO of the FIDO Alliance.
Google Vice President Stavan Parikh illustrated the stakes with a practical example: a user instructs an AI agent to buy a specific pair of sneakers if they come back in stock at or under $100. The goal of the new standards is to ensure that transaction happens accurately, at the right price, with the right level of authorization — and that each party in the payment ecosystem sees only the information relevant to them.
Developing broadly applicable technical standards typically takes years, but representatives from all three organizations said the pace of AI agent adoption requires a faster process. Shikiar drew a parallel to the security shortcomings of passwords, warning that without foundational standards established early, agentic AI commerce could face similarly entrenched problems.
Source: WIRED