The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards

2026-04-28 · Source: WIRED - Ai · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, short

Summary

The FIDO Alliance, in collaboration with Google and Mastercard, has launched two working groups to establish industry standards for securing transactions conducted by AI agents. This initiative aims to create a protective baseline against agent hijacking and rogue instructions, ensuring users can authorize agent actions securely and that digital services can cryptographically confirm agents are legitimately carrying out instructions. The standards will also include privacy-preserving frameworks for validating agent-initiated transactions. This effort addresses the emerging security risks associated with the increasing mainstream adoption of agentic AI, aiming to prevent issues similar to past foundational security failures like passwords. Google is contributing its Agent Payments Protocol (AP2) and Mastercard its Verifiable Intent framework to accelerate the development of these crucial standards.

Key takeaway

For AI product managers and engineering leaders deploying agentic AI solutions, prioritizing the adoption of the FIDO Alliance's new transaction standards is critical. These standards, supported by Google's AP2 and Mastercard's Verifiable Intent, offer essential cryptographic and privacy frameworks to build trust and mitigate significant security risks like agent hijacking. Integrating these protections early will ensure your AI agents operate with verifiable user intent and accountability, fostering broader user adoption and preventing costly disputes.

Key insights

New FIDO Alliance standards will secure AI agent transactions, preventing hijacking and ensuring user intent.

Principles

• Establish foundational security principles early.
• Cryptographic proof for agent-initiated transactions.
• Privacy-preserving validation for all parties.

Method

The FIDO Alliance, with Google and Mastercard, is developing industry standards and open-source tools (AP2, Verifiable Intent) to cryptographically verify user intent and secure AI agent transactions against hijacking and unauthorized actions.

In practice

• Implement AP2 for agent payment verification.
• Utilize Verifiable Intent for agent action control.
• Adopt FIDO standards for agentic commerce.

Topics

• AI Agents
• FIDO Alliance
• Digital Payment Security
• Authentication Standards
• Cryptographic Verification

Best for: CTO, VP of Engineering/Data, AI Product Manager, AI Security Engineer, AI Architect, Director of AI/ML

Related on AIssential

• Inside AMEX’s agentic commerce stack: How intent contracts and single-use tokens enforce AI transactions — Amex's ACE kit offers a closed-loop system for AI agents to conduct secure, controlled transactions within its payment network.
• The Agent Protocol Handbook — Standardized protocols like MCP and AP2 are crucial for enabling autonomous AI agents to interact and transact securely.
• Enable safe agentic payments with built-in guardrails using Amazon Bedrock AgentCore payments — Amazon Bedrock AgentCore payments enables secure agentic transactions by enforcing infrastructure-level guardrails against financial risks.
• We’re donating Agent Payments Protocol to the FIDO Alliance to support the future of secure, agentic payments. — Donating Agent Payments Protocol (AP2) to FIDO Alliance aims to standardize secure, autonomous AI agent transactions.
• Is the Internet Really Ready for Agentic Commerce? — Agentic commerce promises efficiency but introduces significant fraud and integrity challenges requiring advanced identity verification.
• Securing AI agents: How AWS and Cisco AI Defense scale MCP and A2A deployments — Automated security scanning and unified governance are crucial for scaling enterprise AI agent deployments securely.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by WIRED - Ai.