FIDO Alliance forms working groups to lock down AI agent payments
FIDO Alliance launches two working groups to define open standards for AI agent authentication and agentic payments, targeting a market at $5 trillion by 2030.
AI
The FIDO Alliance announced on April 28, 2026, initiatives to develop interoperable standards for agentic interactions and commerce. Two new technical bodies - an Agentic Authentication Technical Working Group and a Payments Technical Working Group - will define how AI agents authenticate users, verify intent, and execute transactions on their behalf. The announcement also confirmed that Google has donated its Agent Payments Protocol (AP2) to the Alliance, with Mastercard contributing its Verifiable Intent framework.
At the center of the announcement is a problem the authentication industry has not yet solved at scale. Today's authentication and authorization models were designed for direct human interaction, not delegated, agent-initiated actions. As AI agents increasingly make purchases, book appointments, and manage tasks without a human clicking a button in real time, the infrastructure underneath those actions remains largely untested. Who authorized the action? Under what conditions? What were the limits?
Why this matters: the trust gap in agentic commerce
The FIDO Alliance is best known for developing the passkey standard, which replaced passwords across billions of accounts at companies including Google, Apple, and Microsoft. That body of work, built on the FIDO2 specification and the WebAuthn API, established phishing-resistant authentication that now covers a substantial share of the consumer internet. The new agentic initiative applies the same logic to a different problem: not how a person proves identity to a service, but how a software agent proves it is acting within the bounds a person authorized.
According to the FIDO Alliance's announcement, some analysts estimate that agentic commerce could reach $5 trillion globally by 2030. McKinsey research, cited by PPC Land in November 2025, projected global agentic commerce reaching between $3 trillion and $5 trillion. That scale creates real urgency. Without clear standards, gaps in authorization risk slowing adoption of agent-driven use cases.
The announcement identifies three areas where standards are lacking. First, verifiable user instructions: users need phishing-resistant mechanisms to authorize agents so those agents only perform approved actions, including transactions, without exposing underlying credentials. Second, agent authentication: services need reliable ways to verify that an AI agent is acting on behalf of an authenticated user, within defined parameters, and is not an unauthorized actor impersonating a legitimate system. Third, trusted delegation for commerce: the mechanisms for executing agent-initiated transactions must include verifiable authorization aligned with actual payment flows, not simply a technical assertion that "the user approved this."
The working groups: who sits at the table
The Agentic Authentication Technical Working Group is chaired by members from CVS Health, Google, and OpenAI. Vice-chairs come from Amazon, Google, and Okta. The breadth of that roster is notable. Retailers, cloud platforms, and identity management companies rarely converge in a single working group. The inclusion of CVS Health suggests the working group has ambitions beyond retail commerce, into healthcare authorizations and other high-stakes delegated actions.
The Payments Technical Working Group, which will develop specifications for agent-initiated commerce, is chaired by members from Mastercard and Visa. Those two companies together process the majority of global card transactions. Their presence at the chair level indicates the specifications are intended to integrate with live payment infrastructure, not operate as a parallel academic exercise.
AP2: what Google contributed and why
Google's Agent Payments Protocol was first introduced alongside the Universal Commerce Protocol in January 2026, when Google and major retailers including Shopify, Etsy, Walmart, and Target published open-source technical specifications for autonomous agent commerce. AP2 introduced cryptographically-signed digital mandates - verifiable proof of user intent creating non-repudiable audit trails for every transaction.
On April 28, Google simultaneously released AP2 v.0.2 on GitHub. According to Google's announcement, the new version introduces critical updates for autonomous transactions, including "Human Not Present" payments. This capability will allow agents to securely execute payments without a human in the loop at the moment of purchase - for example, securing limited-run event tickets the moment they become available, based on pre-authorized user instructions. That is a materially different trust model than anything today's payment networks were built to handle.
Stavan Parikh, VP/GM of Payments at Google, explained the rationale for donating the protocol: "Contributing Agent Payments Protocol (AP2) to a trusted industry association like the FIDO Alliance ensures it stays open, platform-agnostic, and community-led as the emerging standard to accelerate the adoption of secure agentic payments."
The decision to donate rather than retain control mirrors a pattern visible across the broader ecosystem. Google's Universal Commerce Protocol is similarly available through GitHub. PPC Land's analysis of UCP in January 2026 noted that open-source commerce standards carry the potential to commoditize the interfaces that e-commerce platforms have previously used as competitive moats - a structural dynamic that AP2 and Verifiable Intent now sit directly on top of.
Verifiable Intent: Mastercard's complementary contribution
Mastercard's Verifiable Intent framework was introduced alongside AP2 by Mastercard and Google in March 2026 and was co-developed specifically to be compatible with AP2. It creates what Mastercard describes as a tamper-proof log of user-authorized agent actions. Both specifications are now available on GitHub and at verifiableintent.dev.
The technical foundation of Verifiable Intent spans four standards bodies: the FIDO Alliance, EMVCo, the Internet Engineering Task Force (IETF), and the World Wide Web Consortium (W3C). That multi-body architecture is deliberate. Each represents a different layer of the authentication and web standards ecosystem, and building on them means the specification does not require proprietary infrastructure.
Pablo Fourez, Chief Digital Officer at Mastercard, articulated the problem his company is trying to solve: "For agent-initiated commerce to scale, user intent must be explicit, verifiable and trusted. By contributing Verifiable Intent to the FIDO Alliance's standards work, and our continued work with other standards bodies, we're supporting an approach that creates a shared record of user intent that the entire payments ecosystem can rely on."
Mastercard had previously launched its Agent Pay infrastructure at the National Retail Federation's conference on January 11, 2026, establishing payment infrastructure for AI agents using network tokens to create audit trails. Verifiable Intent is the authorization layer on top of that payment infrastructure.
Board members weigh in on the stakes
The FIDO Alliance's board member statements in the announcement read less like endorsements and more like a catalog of what could go wrong without standards. Jeff Malnick, VP of Engineering at 1Password, identified what he called "the hard problem": binding human intent to agent action with cryptographic guarantees that hold across organizational boundaries. That is a different challenge from the original passkey problem, which operated within a single relying party's domain.
Frédéric Rivain, CTO at Dashlane and an active contributor to the FIDO Alliance's Credential Exchange standard, noted that Dashlane has been building toward this problem by combining browser-native credential security with confidential computing - enabling secure passkey use by agents without exposing sensitive data. That technical detail points to one of the core engineering challenges: an AI agent needs to use a credential without having direct access to that credential's underlying secret.
Karim Toubba, CEO of LastPass, framed the urgency around the current moment: "Credentials have become the mechanism by which agents act, transact, and make decisions on behalf of real people. Clear standards for how that authorization is established and protected are long overdue."
Rakan Khalid, Head of Identity Product at PayPal, called out the need for cryptographic verifiability: "Phishing-resistant authentication and trust infrastructure into a model where user intent is cryptographically verifiable, delegation is bounded, and agents can transact only within authorized limits." PayPal is described as a founding member of the FIDO Alliance with more than a decade of commitment.
Visa's Jalpesh Chitalia, VP of Growth Products, connected the announcement to existing payment network principles: "Open standards are foundational to trusted, scalable digital commerce. As AI agents act on a user's behalf, interoperable authentication standards are critical to maintaining trust, enabling responsible innovation and facilitating consumer consent." Visa had also built its own tokenized payment infrastructure for agentic commerce, centering on authenticated tokens rather than exposing Primary Account Numbers to AI agents.
The FIDO Alliance membership structure
The FIDO Alliance operates on a tiered membership model that shapes how these working groups function. According to FIDO Alliance membership documentation, Board membership costs $60,500 annually and is open only to Sponsor-level members - at $30,250 annually - who have been actively participating in working groups for a minimum of six months. Associate membership ranges from $3,250 for organizations with 100 or fewer employees to $18,000 for organizations with more than 100 employees. Government membership is set at $18,000.
Board members can vote in board meetings and set strategic direction. Sponsor and higher-tier members are eligible to chair and vice-chair working groups, which is why the Agentic Authentication and Payments working groups are led by companies at that level. Associate members can participate in working groups and contribute to specification development, but cannot serve in leadership roles. The fee structure has been in effect as of January 2026, subject to change at the Alliance's discretion.
The broader context: a crowded race toward standards
The April 28 announcement does not emerge in isolation. Google launched AP2 as part of the Universal Commerce Protocol in September 2025, when it also introduced agentic checkout capabilities for holiday shoppers. OpenAI and Stripe launched a competing Agentic Commerce Protocol in September 2025. Microsoft launched Copilot Checkout in January 2026. The field is moving fast, and the absence of common authentication and authorization standards means each of these platforms currently operates on different trust assumptions.
The FIDO Alliance's intervention is an attempt to prevent fragmentation. Andrew Shikiar, executive director and CEO of the FIDO Alliance, described the challenge: "AI agents are quickly becoming part of how people get things done online - from making purchases to managing everyday tasks. To scale this safely, people need to trust that these actions are secure, authorized and truly reflect their intent."
Nate Soffio, Head of Reusable and Agentic Products at Prove Identity, identified a specific structural requirement that the working groups will need to address: "Trust in agents can't be built on one-time checks at delegation. It has to travel through the action and produce a verifiable record that ties every transaction back to a real, verified human." That statement describes a departure from how most current authentication systems work. They check identity at the beginning of a session. Agentic commerce requires continuous, propagating proof across the full lifecycle of a transaction.
For the marketing and advertising community, the stakes are concrete. Agentic commerce will eventually determine how programmatic transactions, subscription renewals, and media buys initiated by AI agents are authorized and attributed. PPC Land has tracked the agentic AI market since Google Cloud published projections in mid-2025 showing potential for over 90% enterprise adoption within three years. Standards like those the FIDO Alliance is developing will directly shape what those agent-initiated transactions look like - and whether advertisers, merchants, and platforms can trust the signals they receive from them.
The FIDO Alliance said work has commenced within both workstreams and that it will provide reports as progress is made. No timeline for draft specifications was announced.
Timeline
- September 2025 - Google launches Agent Payments Protocol (AP2) and agentic checkout for the holiday shopping season. PPC Land coverage
- November 2025 - Google Cloud releases a comprehensive agentic AI framework guideline covering a five-level architecture for autonomous AI agent systems. PPC Land coverage
- November 2025 - McKinsey research projects global agentic commerce could reach between $3 trillion and $5 trillion. PPC Land coverage
- January 11, 2026 - Google and major retailers launch the Universal Commerce Protocol. Mastercard launches Agent Pay. Target and Walmart bring checkout into Google Gemini and AI Mode. PPC Land coverage
- January 11, 2026 - Visa announces tokenized payment infrastructure for agentic commerce. PPC Land coverage
- January 11, 2026 - Mastercard launches Agent Pay infrastructure at NRF, partnering with Shopify, Etsy, Wayfair, Target, Walmart, Visa, Stripe, Adyen, and others. PPC Land coverage
- March 5, 2026 - Mastercard and Google introduce Verifiable Intent, a cryptographic authorization standard for AI agent purchases, co-developed with IBM, Worldpay, Fiserv, Adyen, and others. PPC Land coverage
- April 28, 2026 - FIDO Alliance announces formation of the Agentic Authentication Technical Working Group and confirms AP2 and Verifiable Intent donations from Google and Mastercard. AP2 v.0.2 released on GitHub.
Summary
Who: The FIDO Alliance, a standards organization whose members include Google, Mastercard, Visa, OpenAI, Amazon, Okta, CVS Health, PayPal, 1Password, Dashlane, LastPass, American Express, and others.
What: Formation of two technical working groups - the Agentic Authentication Technical Working Group and the Payments Technical Working Group - to develop open, interoperable standards for how AI agents authenticate users, verify authorization, and execute transactions. Google donated its Agent Payments Protocol (AP2 v.0.2) and Mastercard donated its Verifiable Intent framework as the initial technical foundations.
When: Announced on April 28, 2026. Work has already commenced within both workstreams. AP2 v.0.2 was released on GitHub on the same date.
Where: FIDO Alliance standards process. AP2 and Verifiable Intent specifications are publicly available on GitHub and at verifiableintent.dev. The working groups operate within the FIDO Alliance's collaborative member-driven structure.
Why: Current authentication and authorization systems were built for direct human interaction, not software agents acting on delegated authority. As AI agents begin executing purchases, managing credentials, and initiating transactions autonomously, the absence of interoperable standards creates trust gaps - and fragmentation risk - across a market some analysts estimate could reach $5 trillion globally by 2030.