FIDO forms agentic authentication group

AI agents are drifting from chat into action. They can book, buy, update, and submit things for you. But the second software starts doing real-world tasks, the old question comes back hard — who authorized this, and how do you prove it later? That is the gap FIDO is trying to close now, with a new standards push around agent authentication and payments. (fidoalliance.org) ### What actually changed? On April 28, 2026, the FIDO Alliance said it was launching an Agentic Authentication Technical Working Group and parallel work on agentic payment frameworks. Then on May 4, Proof said it had joined FIDO as a sponsor member to help shape that effort as the alliance expands beyond passkeys and WebAuthn into AI agents acting for users. (fidoalliance.org) ### Why is FIDO the group doing this? FIDO already owns a big chunk of the modern login stack. It helped push phishing-resistant authentication into the mainstream through passkeys, FIDO2, and WebAuthn. So the logic here is pretty direct — if the industry learned how to prove a human is really the human at sign-in time, the next job is proving when that human has delegated authority to an agent. (fidoalliance.org) ### What is “agentic authentication” really about? Basically, it is not just logging in. It is defining the boundary between a user action and an agent action. FIDO’s working-group description says the goal is secure, privacy-preserving, phishing-resistant authentication and delegated authority for AI agents acting on behalf of users. That sounds abstract, (fidoalliance.org)ons you allowed, with a record that can be checked later. (fidoalliance.org) ### Who is in the room? This is not a side project with one vendor. FIDO said the new group is chaired by members from CVS Health, Google, and OpenAI, with co-chairs from Amazon, Google, and Okta. Mastercard is involved on the commerce side, and Proof is joining from the identity-authorization side. That mix matters because the hard part is interoperability — the same agent may need to work across apps, merchants, issuers, identity systems, and device platforms. (fidoalliance.org) ### Where do payments fit in? Payments are the sharpest use case because mistakes cost money fast. Mastercard and Google have been pushing a concept called Verifiable Intent — an open trust layer meant to let merchants, issuers, and other parties verify that a user really authorized an agent-led transaction. Mastercard frames it as a shared factual record for authorization, accountability, and consumer protection when an agent is doing the clicking. (mastercard.com) ### Why does Proof care? Proof’s whole pitch is identity authorization, not just identity verification. The company says it has secured more than $640 billion in transactions for over 9,000 organizations, and it has been leaning into cryptographic proof for high-stakes digital actions. So joining FIDO lets it push the idea that agent systems need an auditable chain from verified human to permitted action. (proof.com) ### What problem is everyone trying to avoid? The nightmare is an agent that is useful right up until it does something expensive, irreversible, or fraudulent. Booking the wrong flight is annoying. Wiring money, changing a medical record, or signing a binding document is different. In those cases, “the AI did it” is not a governance model. The system needs clear delegation, scoped permissions, and evidence. That is the trust layer these standards are trying to build. (fidoalliance.org) ### So what is the bottom line? The important shift is that identity is becoming the gating control for AI action. Not just who you are at login, but what your agent is allowed to do after that. If FIDO can make that interoperable, agentic AI gets a real permission system instead of vibes and terms-of-service screens. That is a big deal — because agents do not become mainstream when they get smarter, but when they get governable. (fidoalliance.org)