How FIDO Leads the Push for Trusted AI-Driven Transactions

As AI agents move from experimental tools to active participants in digital commerce, the question is no longer what they can do, but how they can be trusted to do it. 

For financial institutions, merchants and technology providers, this shift introduces a new layer of complexity around identity, authorisation and transaction integrity.

The FIDO Alliance is positioning itself at the forefront of efforts to standardise how AI agents securely authenticate and transact on behalf of users.

What is the FIDO Alliance?

The FIDO Alliance is an industry consortium focused on reducing reliance on passwords and strengthening digital identity through open, interoperable standards.

Founded in 2013, it brings together leading technology firms, financial institutions and service providers to develop authentication frameworks that are both secure and user-friendly.

It is made up of more than 300 global technology companies and government organisations, with giants like Google, Apple, Microsoft, Amazon, Meta, Samsung, Intel and Qualcomm as some of the heavyweights.

Security specialists such as Yubico, Okta, RSA and Thales Group are also part of FIDO.

The alliance is best known for its role in advancing passkeys and has helped reshape how users access digital services by replacing traditional credentials with phishing-resistant authentication methods. 

Its specifications are now widely adopted across major platforms, enabling passwordless sign-ins at internet scale.

Because it is a member-driven organisation, the alliance develops technical standards, runs certification programmes and works with ecosystem partners to drive global adoption. 

Its latest focus on AI agent interactions marks a natural extension of its mission – addressing how identity, authentication and trust function in an increasingly automated, agent-driven digital economy.

Expanding the trust framework

The FIDO Alliance has announced a coordinated set of initiatives aimed at creating interoperable standards for how AI agents authenticate, act and transact on behalf of users. 

The move is part of a strategic expansion of FIDO’s long-standing mission – moving beyond passwordless authentication into the emerging, high-stakes domain of delegated digital decision-making.

This is because existing authentication frameworks were designed for direct human interaction, not for AI systems acting independently within predefined boundaries. 

As a result, both users and service providers face a trust gap, with limited ability to verify intent or securely delegate authority.

Building for agentic interactions

FIDO’s response is to establish a structured, standards-based approach to agentic interactions. 

Its newly-formed Agentic Authentication Technical Working Group – alongside ongoing work within its Payments Technical Working Group – aims to define the mechanisms that will enable secure delegation, verifiable intent and trusted transactions.

“AI agents are quickly becoming part of how people get things done online – from making purchases to managing everyday tasks,” says Andrew Shikiar, Executive Director and CEO of the FIDO Alliance. 

“To scale this safely, people need to trust that these actions are secure, authorised and truly reflect their intent. 

“These initiatives bring the industry together to establish a trusted foundation for agent-driven interactions across authentication and commerce.”

There are three pillars that form the foundation of this initiative.

Together, these aim to ensure that AI agents operate within clearly defined, user-approved parameters, while enabling service providers to distinguish legitimate activity from fraud or misuse.

Industry collaboration at scale

What must be emphasised is the scale of this project.

McKinsey research says that, even under moderate scenarios, AI agents could mediate US$3tn to US$5tn of global consumer commerce by 2030.

FIDO’s model – which brings together major technology and payments players to develop open, scalable standards – mirrors its earlier success in advancing passkeys as a password alternative.

And industry contributions are already shaping the framework. 

Google has introduced its Agent Payments Protocol (AP2), designed to enable secure delegation and trusted transaction execution, while Mastercard has contributed its Verifiable Intent framework, co-developed with Google.

“Contributing Agent Payments Protocol (AP2) to a trusted industry association like the FIDO Alliance ensures it stays open, platform-agnostic and community-led as the emerging standard to accelerate the adoption of secure agentic payments,” says Stavan Parikh, VP/GM of Payments at Google. 

“We look forward to contributing to support the protocol’s evolution in this next chapter.”

Pablo Fourez, Chief Digital Officer at Mastercard, adds: “For agent‑initiated commerce to scale, user intent must be explicit, verifiable and trusted.

“That’s exactly what this work with the FIDO Alliance is designed to enable. 

“By contributing Verifiable Intent to the FIDO Alliance’s standards work, and our continued work with other standards bodies, we’re supporting an approach that creates a shared record of user intent that the entire payments ecosystem can rely on.”