AI agents are rapidly becoming part of our online shopping experience, leading to concerns about security and unauthorized transactions. In response, the FIDO Alliance, alongside tech giants like Google and Mastercard, is spearheading efforts to establish robust standards for secure payments initiated by these AI agents.
As malicious cyber activities continue to be prevalent, the emergence of AI agents introduces new risks associated with transactions conducted on behalf of users. To address these concerns, FIDO Alliance has announced the formation of two working groups aimed at creating industry standards for validating and protecting AI-driven financial transactions. The collaboration includes input from both Google, which has developed the Agent Payments Protocol (AP2), and Mastercard, which has designed the Verifiable Intent framework.
These initiatives are geared toward developing a set of baseline protections that can be widely adopted, allowing users to confidently authorize transactions made by AI agents. The intent is to build security measures that are resistant to phishing and manipulation, ensuring that user instructions are followed accurately with proper verification methods in place.
Andrew Shikiar, CEO of the FIDO Alliance, emphasized the necessity for a new security foundation tailored to the interactive and transactional nature of AI agents. He noted that existing models were not built to govern actions taken on a person’s behalf, highlighting a critical inflection point in digital security standards.
The urgency of this initiative is underscored by the rapid evolution of agentic AI. The FIDO Alliance, alongside its partners, aims to expedite the development of these protocols, which could typically take years. Both Google and Mastercard are contributing open-source tools to help set these standards into motion quickly.
Stavan Parikh, a senior executive at Google, detailed the goal of providing cryptographic proof for transactions initiated by AI agents while ensuring privacy for all involved parties. This promotes a frictionless transaction process where users grant authority without revealing unnecessary sensitive information.
In practical terms, consider a scenario where a user instructs an AI agent to monitor inventory for a desired pair of sneakers and execute the purchase once they are back in stock at a set price. The systems being developed aim to ensure that such transactions are securely processed and authentically authorized.
Both Shikiar and Pablo Fourez, Mastercard’s Chief Digital Officer, noted the critical need for immediate adoption of these standards to protect consumers and merchants from increasing cyber threats attached to this technology. As the landscape shifts towards AI-driven commerce, establishing foundational protections will be essential in fostering user trust and facilitating broad acceptance of AI capabilities in transactions.
