The rise of AI agents brings new digital security challenges, including malware, online impersonation, and account takeovers. With more activity being carried out by agents on behalf of humans, the potential for things to go wrong increases. ### FIDO Alliance Takes Action The **FIDO Alliance**, an authentication-focused industry association, is responding to these challenges by launching working groups to develop industry standards for validating and protecting payments and other transactions carried out by AI agents. This initiative is supported by initial contributions from **Google** and **Mastercard**. The goal is to create a protective baseline that can be adopted across industries. This will enable users to authorize agent actions using mechanisms that are resistant to phishing and prevent malicious actors from manipulating agents. The standards will include cryptographic tools for digital services to verify that agents are accurately and legitimately carrying out authenticated instructions. Privacy-preserving frameworks will also be implemented to allow users, merchants, and service providers to validate agent-initiated transactions. ### Addressing the Risks of AI Agents "Agents are becoming more and more common, they're moving into mainstream use, but preexisting models aren’t necessarily designed for this sort of paradigm—they weren't built to contemplate actions performed on a user’s behalf,” said **Andrew Shikiar**, CEO of the **FIDO Alliance**, to WIRED. He added, “If we look back on our work in recent years on the massive problem space of passwords, that originated decades ago. The security foundation for what became our connected economy wasn’t fit for purpose. Now we’re at a similar precipice with agentic agents and agentic interactions, agentic commerce where we have an opportunity to not go down that same path and establish some foundational principles that will allow for more trusted interactions." ### Collaborative Development and Open Source Contributions Developing widely applicable and interoperable technical standards is a complex process that typically takes years. However, given the rapid advancement and adoption of agentic AI, the **FIDO Alliance**, **Google**, and **Mastercard** are emphasizing the need for a faster timeline. Both **Google** and **Mastercard** are contributing open-source tools to the initiative. **Google's** Agent Payments Protocol (AP2) offers a mechanism for cryptographically verifying that a user intended for a given agent-initiated transaction to take place. **Mastercard's** Verifiable Intent framework (co-developed by **Google** to work with AP2) provides a secure mechanism for users to authorize and control agent actions. "We want to provide cryptographic proof that a transaction was authorized by the user themself, but keep it private so there is built-in selective disclosure," said **Stavan Parikh**, **Google’s** vice president and general manager of payments. "Different players in the ecosystem—platforms, merchants, payment providers, networks—only see the information that’s relevant to them, but the right action gets fulfilled at the right time. Payments is a complex ecosystem problem." ### Real-World Application **Parikh** illustrated the concept with an example: a person wants to buy a pair of sneakers that are currently sold out. The buyer instructs an AI agent to purchase the sneakers autonomously if they come back in stock and cost $100 or less. The goal is to provide authentication and transparency around this transaction, ensuring the consumer gets the right shoes at the intended price. Establishing these baseline protections is crucial for promoting trust in agentic AI and encouraging the adoption of AI-powered tools. Whether users are actively adopting AI capabilities or not, the proliferation of AI necessitates minimum guardrails to ensure security and privacy.