Two weeks ago, Google's Agent Payments Protocol (AP2) and Mastercard's Verifiable Intent existed as independent, vendor-led initiatives with open-source code but no shared governance. As of April 28, both have been formally contributed to the FIDO Alliance and placed under the stewardship of newly created working groups - a structural shift that moves agentic commerce standards from corporate projects to an industry-governed process. 1FIDO Alliance to Develop Standards for Trusted AI Agent Interactions
Two Working Groups, Two Problems
The FIDO Alliance has stood up separate technical working groups for the two sides of the agent trust equation.
The Agentic Authentication Technical Working Group addresses how users securely delegate actions to AI agents while maintaining phishing-resistant authentication. At launch, the group is chaired by members from CVS Health, Google, and OpenAI, with vice-chairs from Amazon, Google, and Okta. 1FIDO Alliance to Develop Standards for Trusted AI Agent Interactions Its scope covers verifiable user instructions, agent identity verification, and clear boundaries between user-initiated and agent-initiated actions.
The Payments Technical Working Group, chaired by Mastercard and Visa, focuses on how agent-initiated transactions can be executed within user-controlled boundaries with verifiable authorization. 1FIDO Alliance to Develop Standards for Trusted AI Agent Interactions Google's AP2 and Mastercard's Verifiable Intent serve as the initial technical contributions.
What Google Donated - and Updated
Google has placed AP2 under FIDO governance and simultaneously released v0.2 on GitHub. The key addition in AP2 v0.2 is support for "Human Not Present" payments - a mode that enables AI agents to execute purchases autonomously based on pre-authorized user instructions, without requiring real-time interaction. 2The Payers: Google donates Agent Payments Protocol to FIDO Alliance The use case is time-sensitive transactions such as purchasing limited-availability items the moment they become available. 2The Payers: Google donates Agent Payments Protocol to FIDO Alliance
The donation model matters. As Google's VP/GM of Payments Stavan Parikh stated, contributing AP2 to FIDO "ensures it stays open, platform-agnostic, and community-led." 1FIDO Alliance to Develop Standards for Trusted AI Agent Interactions Under FIDO, competing payment networks and technology providers can shape the specification rather than adopt a single vendor's design.
Why Governance Matters Now
The FIDO Alliance frames the urgency around a market estimate: agentic commerce could reach $5 trillion globally by 2030. 1FIDO Alliance to Develop Standards for Trusted AI Agent Interactions Current authentication and authorization models were designed for direct human interaction, not delegated agent actions. Without interoperable standards, users may be forced to share credentials with agents, while service providers lack reliable ways to verify user intent - who authorized an action, under what conditions, and with what limits. 1FIDO Alliance to Develop Standards for Trusted AI Agent Interactions
The breadth of backing is notable. Board-level supporters now include credential managers (1Password, Dashlane, LastPass), payment networks (American Express, Mastercard, PayPal, Visa), identity platforms (Okta, Prove, Thales), and AI labs (OpenAI). 1FIDO Alliance to Develop Standards for Trusted AI Agent Interactions This cross-sector alignment is unusual for a specification effort still in its formative stage.
What Comes Next
The three core technical problems the working groups will tackle - verifiable user instructions, agent authentication, and trusted delegation for commerce - map directly onto gaps that recent CSA research has documented in production environments. With specifications now under active development, enterprise security and product teams evaluating agentic workflows should track the working groups' output. The standards are not yet available for implementation, but the governance structure and industry commitment signal that whatever emerges will carry significant weight across the authentication and payments ecosystem.
