Google and Mastercard Join FIDO Alliance to Secure AI Agent Payments

Summary

The FIDO Alliance, working with initial contributions from Google and Mastercard, has announced the launch of working groups to develop industry standards for validating and protecting payments and transactions executed by AI agents. The initiative aims to establish a protective baseline that prevents agent hijacking and rogue behavior while maintaining user authorization and transparency.

Google is contributing its Agent Payments Protocol (AP2), which uses cryptographic verification to confirm that users actually authorized agent-initiated transactions. Mastercard is providing the Verifiable Intent framework (co-developed with Google), which secures agent authorization and control. Together, these open-source tools enable privacy-preserving validation where different ecosystem participants—platforms, merchants, payment networks—only see relevant transaction information while maintaining accountability.

• Standards aim to prevent agent hijacking while maintaining privacy, transparency, and dispute recourse
• Industry prioritizing rapid standards development to match pace of mainstream agentic AI adoption

Editorial Opinion

Google and Mastercard's decision to accelerate open-source tooling through FIDO Alliance signals serious recognition that agentic AI has arrived faster than security frameworks can naturally evolve. Unlike passwords—where flawed security foundations were baked in decades ago—this collaborative approach offers a rare chance to establish trustworthy interactions from the ground up. However, the real value hinges on rapid ecosystem adoption; without widespread implementation from payment processors and fintech platforms, even the best cryptographic standards remain theoretical.