{"id":20749,"date":"2026-04-28T22:45:09","date_gmt":"2026-04-28T22:45:09","guid":{"rendered":"https:\/\/www.europesays.com\/ai\/20749\/"},"modified":"2026-04-28T22:45:09","modified_gmt":"2026-04-28T22:45:09","slug":"fido-alliance-wants-to-keep-ai-agents-from-going-rogue-on-online-payments","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ai\/20749\/","title":{"rendered":"FIDO Alliance wants to keep AI agents from going rogue on online payments"},"content":{"rendered":"

AI agents<\/a> are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user\u2019s behalf.<\/p>\n

\"FIDO<\/p>\n

The FIDO Alliance has announced a set of initiatives to build shared standards for these interactions, covering how AI agents authenticate, follow instructions, and carry out transactions.<\/p>\n

\u201cAI agents are quickly becoming part of how people get things done online \u2013 from making purchases to managing everyday tasks,\u201d said Andrew Shikiar<\/a>, executive director and CEO of the FIDO Alliance. \u201cTo scale this safely, people need to trust that these actions are secure, authorized and truly reflect their intent. These initiatives bring the industry together to establish a trusted foundation for agent-driven interactions across authentication and commerce.\u201d<\/p>\n

The FIDO Alliance outlined three focus areas.<\/p>\n

The first is verifiable user instructions, aimed at letting users authorize AI actions through phishing-resistant methods without exposing credentials. <\/p>\n

The second is agent authentication, where services confirm that an agent is acting for a specific user within defined limits. <\/p>\n

The third is trusted delegation for commerce, which covers how transactions initiated by agents are approved and verified across payment systems.<\/p>\n

New working groups target AI agent authentication and payments<\/p>\n

The FIDO Alliance said<\/a> its work on AI agent standards will be carried out through two workstreams focused on authentication<\/a> and payments.<\/p>\n

The Agentic Authentication Technical Working Group will address how users delegate actions to AI agents while maintaining strong, phishing-resistant authentication. The group will also define boundaries between actions taken directly by users and those carried out by agents. It is chaired by members from CVS Health, Google, and OpenAI, with vice-chairs from Amazon, Google, and Okta.<\/p>\n

In parallel, the Payments Technical Working Group will focus on specifications for agent-initiated commerce. This group is chaired by members from Mastercard and Visa, and will build on early technical contributions from Google and Mastercard.<\/p>\n

Google has contributed its Agent Payments Protocol (AP2), which outlines a model for secure delegation, verifiable authorization, and transaction execution.<\/p>\n

\u201cContributing Agent Payments Protocol (AP2) to a trusted industry association like the FIDO Alliance ensures it stays open, platform-agnostic, and community-led as the emerging standard to accelerate the adoption of secure agentic payments. We look forward to contributing to support the protocol\u2019s evolution in this next chapter,\u201d said Stavan Parikh<\/a>, VP\/GM, Payments, Google.<\/p>\n

Mastercard has contributed its Verifiable Intent framework, developed with Google, which aims to create a shared record of user-approved actions and give users control over how agents act on their behalf.<\/p>\n

\u201cBy contributing Verifiable Intent to the FIDO Alliance\u2019s standards work, and our continued work with other standards bodies, we\u2019re supporting an approach that creates a shared record of user intent that the entire payments ecosystem can rely on,\u201d noted Pablo Fourez<\/a>, Chief Digital Officer at Mastercard.<\/p>\n

The contributions will be reviewed and further developed through the FIDO Alliance\u2019s standards process within the Payments Technical Working Group, alongside coordination with other industry groups working on agent-driven commerce.<\/p>\n","protected":false},"excerpt":{"rendered":"AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is…\n","protected":false},"author":2,"featured_media":20750,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[179,405,7537,10649,14543,132,675,4182,157,676],"class_list":{"0":"post-20749","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-agentic-ai","8":"tag-agentic-ai","9":"tag-ai-agents","10":"tag-artificial-intelligence-agents","11":"tag-authentication","12":"tag-fido-alliance","13":"tag-google","14":"tag-mastercard","15":"tag-okta","16":"tag-openai","17":"tag-visa"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/20749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=20749"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/20749\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/20750"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=20749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=20749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=20749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}