FIDO Alliance Develops Agentic Authentication and Commerce Standards

According to a BusinessWire release, the FIDO Alliance announced the creation of an Agentic Authentication Technical Working Group and a separate effort to develop specifications for agent-initiated commerce. Per a Google blog post, Google donated its Agent Payments Protocol (AP2) to the FIDO Alliance and concurrently published AP2 v.0.2, which Google describes as adding support for autonomous "Human Not Present" payments. Mastercard contributed its Verifiable Intent framework and, according to ID Tech Wire and the FIDO announcement, has open-sourced the specification and an initial reference implementation on GitHub and verifiableintent.dev. WIRED quoted FIDO CEO Andrew Shikiar on the project, saying the industry faces a "precipice" similar to early password-era security gaps and needs foundational standards for agentic interactions.

Editorial analysis - technical context: The public contributions combine complementary artifacts: AP2 targets protocol-level payment flows and agent-driven transaction triggers, while Verifiable Intent focuses on a tamper-resistant audit trail linking a verified identity, a user's expressed instructions, and the resulting transaction. ID Tech Wire describes selective-disclosure primitives and a biometric-first trust layer as part of the Verifiable Intent design. Industry-standard cryptographic primitives, selective disclosure, and tamper-evident intent logs are recurring elements in current proposals, which aim to enable verification of who authorized an action, under what conditions, and with what limits without exposing unnecessary data.

Editorial analysis: Standards work led by an authentication-focused body like the FIDO Alliance can shape how payments, wallets, and merchant systems authenticate agent-initiated actions at scale. For practitioners, this intersects with existing stacks for strong authentication, credential management, and payment authorization: merchant gateways, issuer fraud systems, wallet SDKs, and identity proofing flows may need to integrate new intent-assertion and agent-identification artifacts if the specifications are widely adopted. The public, cross-industry nature of the contributions, Google donating AP2 and Mastercard open-sourcing Verifiable Intent, increases the likelihood these designs will be interoperable and platform-agnostic, which is a central objective cited in the Google post.

For practitioners: monitor the working groups' specification drafts, reference implementations, and test suites. Key indicators include publication of AP2/Verifiable Intent interoperability test vectors, merchant and issuer pilot announcements, inclusion of the primitives in payment network rules or EMVCo workstreams, and evidence of privacy-preserving selective disclosure being adopted in SDKs and wallets. Also watch for implementation guidance from major wallet providers and payment processors that will determine how quickly agentic commerce moves from research to production.

Per the Google post, Stavan Parikh, VP and GM, Payments at Google, said, "Transitioning ownership to the FIDO Alliance ensures AP2 remains platform-agnostic and community-led, while accelerating adoption of secure agentic payments." ID Tech Wire quoted Pablo Fourez, Chief Digital Officer at Mastercard: "As autonomy increases, trust cannot be implied. It must be proven." WIRED quoted Andrew Shikiar, CEO of the FIDO Alliance, on the need for new foundational standards for agentic interactions.