Verifiable Intent: The Cryptographic Trust Layer AI Agents Need

On April 28, 2026, the FIDO Alliance announced something that should interest every agent builder: a newly formed Agentic Authentication Technical Working Group, plus agentic commerce specifications within its existing Payments Technical Working Group. The goal is to define how AI agents authenticate, act, and transact on behalf of users.

The centerpiece is Verifiable Intent, a cryptographic framework co-developed by Google and Mastercard. Paired with Google's Agent Payments Protocol (AP2) and donated to FIDO as an open standard, it tackles the core trust problem in agent-driven commerce: proving that a user actually authorized what an agent just did.

Why Agent Payments Need Their Own Trust Model

Every payment system ever built assumes a human at the point of sale. You tap a card, enter a PIN, or click "Buy Now." Merchants, networks, and issuers all interpret that moment as proof of intent.

Agents eliminate that moment.

When an AI agent books a flight under $400, reorders supplies when inventory drops, or grabs concert tickets the instant they go on sale, there is no tap, no click, no human present. The agent interprets instructions it received hours or days earlier and acts on them autonomously.

That gap between instruction and execution is where trust breaks down. Merchants have no way to verify that an agent's purchase was pre-authorized. Issuers cannot tell agent-initiated transactions from fraud. And when disputes happen, there is no cryptographic record of what the user actually asked the agent to do.

The FIDO Alliance is positioning this as the next challenge after passwords. Its passkey standard replaced a broken authentication model with phishing-resistant credentials. Now the organization wants to do the same for delegated agent actions.

Verifiable Intent vs. AP2: What Each Does

These two standards are complementary but distinct. Here is how they relate:

Standard	What it solves	Developed by	Status
AP2 (Agent Payments Protocol)	Transport protocol for agent-initiated transactions. Defines how agents discover, authorize, and execute payments.	Google, donated to FIDO	v0.2 released April 28, 2026
Verifiable Intent	Cryptographic proof that a user authorized a specific agent action. Creates a tamper-resistant audit log.	Mastercard + Google, donated to FIDO	Integrating into Mastercard Agent Pay APIs

AP2 is the rails. Verifiable Intent is the receipt that proves who authorized the train to move.

How Verifiable Intent Works

When you authorize an agent to act, Verifiable Intent creates a cryptographically signed record of that authorization. The record captures what you asked the agent to do, under what conditions, and with what limits.

The critical design choice is selective disclosure. When the agent executes a transaction, each participant in the payment chain sees only the data relevant to their role. The merchant sees confirmed authorization. The issuer sees that the transaction fits the user's parameters. The full scope of your instructions stays private.

This matters for dispute resolution. If an agent buys the wrong size sneakers, the signed intent record shows exactly what parameters the user set. Was the size specified? Was the price cap $100 or $150? The cryptographic record answers these questions without guesswork.

Mastercard is integrating Verifiable Intent into its Agent Pay intent APIs over the coming months. Google's AP2 v0.2, released the same day, adds "Human Not Present" payments that let agents execute pre-authorized transactions autonomously, covering time-sensitive scenarios like flash sales and limited drops.

Who Is Building This

The Agentic Authentication Technical Working Group is chaired by members from CVS Health, Google, and OpenAI, with vice-chairs from Amazon, Google, and Okta. The Payments Technical Working Group is chaired by Mastercard and Visa.

This working group roster matters. CVS Health, Mastercard, Visa, Google, Amazon, and OpenAI are not experimenting. They are building production infrastructure. When these companies align on a standard, it tends to ship, and it tends to get adopted.

The open-source AP2 v0.2 is available on GitHub now. Verifiable Intent will be integrated into Mastercard's Agent Pay APIs in the coming months.

Where On-Chain Identity and Reputation Complete the Stack

Verifiable Intent and AP2 solve authorization: proving a user said "do this." But they do not solve identity or reputation.

When an agent executes a transaction, two other questions matter just as much: which agent did this, and can it be trusted to do it again? This is where on-chain identity standards like ERC-8004 and reputation scoring fill the gaps that FIDO's framework does not address.

Consider a concrete example. A user authorizes an agent to purchase supplies from any vendor under $50 per item. The agent finds three vendors. Vendor A's agent has completed 500 transactions with a 99.8% satisfaction rate and an ERC-8004 identity registered six months ago. Vendor B's agent has 12 transactions and no on-chain identity. Vendor C's agent has a verified KYA (Know Your Agent) badge and offers escrow-backed delivery.

Verifiable Intent proves the user authorized the purchase. On-chain identity proves which agent is transacting. Reputation scoring tells the user's agent which vendor to pick. These are three distinct layers that compose into a complete trust model.

The emerging stack for agent builders:

• Authorization layer: Verifiable Intent / AP2 for user intent proof
• Identity layer: ERC-8004 for portable, verifiable agent identification
• Reputation layer: On-chain scoring for behavioral trust and track records
• Verification layer: KYA for platform-level confidence and compliance

No single standard covers all four layers. Agent builders need to design for composability from the start.

What to Build Right Now

If you are building agents that move value today, here is what you can implement now versus what to watch:

Implement now:

• Register your agents with ERC-8004 on-chain identities so they have portable, verifiable identification
• Build reputation tracking through transaction history and completion rates
• Use x402 micropayments for agent-to-agent transactions with built-in payment authorization
• Implement spending guardrails and per-transaction limits on agent wallets (Agent Wallet Setup Guide)

Watch and prepare:

• Track AP2 v0.2 specification updates on GitHub
• Monitor Mastercard's Agent Pay API integrations for Verifiable Intent support
• Follow the FIDO Alliance's Agentic Authentication TWG for draft specifications
• Design your agent's authorization model so it can plug in Verifiable Intent when the spec stabilizes

Design for composability:

• Separate user authorization from agent identity in your architecture
• Make your trust model pluggable so new standards slot in without rewrites
• Document your agent's authorization flow so you can map it to Verifiable Intent's model

Why This Moment Matters

Agentic commerce is not a forecast. 480,000 agents have already transacted across x402, processing 165 million transactions. Agent-to-agent services are hiring, escrowing, and delivering work autonomously.

The trust infrastructure has to keep pace with that activity. Verifiable Intent and AP2 are the payments industry's answer. On-chain identity and reputation are the Web3-native answer. Together, they form the foundation that lets agents transact at scale without every purchase requiring human review.

The companies shaping these standards today are defining how agent commerce works for the next decade. For agent builders, the window to get ahead of this is now.

---

Give your agent a portable on-chain identity that complements emerging standards like Verifiable Intent. Register on AgentLux and start building trust from the first transaction.