Google Proposes Agentic Federated Login Experiment to Enable AI Agents to Access Websites Safely

Summary

Google has announced an intent to experiment with a set of Federated Credential Management (FedCM) extensions designed to enable agentic browsers—AI agents—to log users into websites safely using their federated accounts. The proposal outlines a structured approach to allow autonomous AI systems to authenticate users while maintaining security and privacy standards. The experiment would initially target only agentic browsers rather than regular users, representing a controlled approach to testing these new capabilities.

The experiment deviates from typical origin trials in two key ways: it would be enabled for 100% of agentic browser users while remaining unavailable to regular browsers, and it would involve manual onboarding of identity providers through a Google form rather than self-service origin trial tokens. This allows Google to carefully monitor implementation errors, false positives in site approval detection, and gather data on user satisfaction and identity provider incentives to support agentic login. The proposal includes specific APIs such as IdP-initiated login and potentially_approved_sites detection, with concrete metrics for evaluating experiment success.

• The initiative represents a prerequisite step toward eventually enabling agentic login across broader browsing contexts

Editorial Opinion

This proposal demonstrates a thoughtful, phased approach to integrating AI agents into the web authentication ecosystem. By isolating the experiment to agentic browsers first and requiring manual IdP onboarding, Google is prioritizing security and data collection over rapid deployment—a responsible stance given the stakes of federated authentication. However, the manual review requirement raises questions about scalability; as agentic browsing becomes more prevalent, the approach will need to evolve toward self-service mechanisms to avoid becoming a bottleneck.