The race to stop AI agents from going on a spending spree with your credit card
Digital security was already under pressure well before artificial intelligence fully entered the game. Malware, phishing, account takeovers — the list of problems is long and well known. But now the landscape has gotten considerably more complex: AI agents are making decisions and taking actions on behalf of people, including purchases, payments, and other financial transactions that happen autonomously, without the user needing to press a single button.
And that raises a question the industry can no longer put off: who guarantees that those actions were actually authorized by you?
The authentication systems that exist today were built for a different world — a world where humans typed passwords and manually confirmed transactions. They simply were not designed to handle agents operating independently, receiving instructions, interpreting context, and acting on their own. This gap is already causing real concern among experts and major market players.
That is exactly the problem that Google and Mastercard teamed up with the FIDO Alliance — one of the most respected associations when it comes to digital authentication — to start addressing by building the first industry standards specifically aimed at the world of AI agents. The association announced on Tuesday the launch of two working groups dedicated to developing standards for validating and protecting payments and other transactions carried out by artificial intelligence agents. 🤝
What is at stake goes far beyond protecting a credit card. It is about defining the rules of the game before chaos takes over.
Why current systems are not up to the task
Think about it: when you make an online purchase today, the process involves a series of checks that depend directly on your presence. The bank analyzes your behavior, the site asks for confirmation, sometimes a code gets sent to your phone. That entire flow was designed assuming there is a human on the other end, making decisions in real time and responding to prompts consciously.
But when an artificial intelligence agent enters the equation, that entire logic falls apart. The agent acts fast, acts alone, and acts based on instructions that may have been given hours or days earlier — and today’s systems simply do not know how to verify whether that specific action still reflects the user’s current intent.
As Andrew Shikiar, CEO of the FIDO Alliance, put it well, agents are becoming increasingly common and moving toward mainstream use, but pre-existing models were not necessarily designed for this type of paradigm — they were not built to account for actions carried out on behalf of a user by an autonomous entity.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
Shikiar drew a pretty interesting comparison to the password problem. According to him, when the FIDO Alliance looks at the work done over the past several years on the enormous password problem, you have to remember that issue emerged decades ago. The security foundation for what became the connected economy was not fit for purpose. And now, in his words, we are on a similar precipice with agents and autonomous interactions, with agent-based commerce — and there is an opportunity to not go down the same path and to establish foundational principles that enable more trustworthy interactions.
The problem gets even more serious when you consider the level of autonomy these agents are already reaching. Tools like next-generation AI assistants are already capable of browsing the web, filling out forms, making reservations, and executing complete transactions without any human intervention. That is incredible from a productivity standpoint, no doubt. But from a digital security perspective, it is a minefield. Any gap in the authentication chain becomes an open door for fraud, manipulation, and unauthorized access that can go completely unnoticed.
And the worst part: the risk does not always come from the outside. Imagine an AI agent that receives a malicious instruction embedded in an email or on a webpage — what the security community calls prompt injection. Without robust verification mechanisms, that agent could carry out a harmful action thinking it is simply following legitimate orders from the user. Traditional authentication systems were not built to intercept this type of threat, because they never anticipated that software could act as an intermediary agent between the user and the digital world.
What Google, Mastercard, and the FIDO Alliance are building
The move by Google and Mastercard within the FIDO Alliance is not a small or experimental project. It is a concrete initiative to create industry standards that define how artificial intelligence agents should identify themselves, how they should prove they have authorization to act, and how each action can be traced back to a real human decision. The goal is to build a framework that works at a global scale, that gets adopted by different platforms, and that is robust enough to withstand the threats that already exist — and the ones still to come. 🔐
The aim is to produce a protective foundation that can be adopted by the entire industry. That way, users will be able to authorize agent actions using mechanisms that cannot be easily captured by phishing or hijacked by malicious agents attempting to issue unauthorized instructions. The standards will also include cryptographic tools that digital services can use to confirm that agents are carrying out an authenticated person’s instructions accurately and legitimately.
Both companies are contributing open-source tools to the initiative. Google’s Agent Payments Protocol — known as AP2 — provides a mechanism for cryptographically verifying that a user truly intended to carry out a particular transaction initiated by an agent. Mastercard’s Verifiable Intent framework, which was co-developed by Google to work in conjunction with AP2, is a secure mechanism for users to authorize and control agent actions.
Stavan Parikh, Vice President and General Manager of Payments at Google, explained that the idea is to provide cryptographic proof that a transaction was authorized by the user themselves, while maintaining privacy through selective disclosure built into the system. Different participants in the ecosystem — platforms, merchants, payment providers, networks — only see the information that is relevant to them, but the right action gets executed at the right time.
Parikh offered a practical example that illustrates how these protections work. Imagine you want to buy a pair of sneakers, but you find out they are sold out. You instruct an AI agent to automatically buy those sneakers if they come back in stock and cost 100 dollars or less. The goal of the new standards is to provide authentication and transparency around that transaction, ensuring that when the perfect pair of sneakers is back on the shelves, you get the right product at the price you set — with no unpleasant surprises on your credit card statement.
The FIDO Alliance already has a solid track record with this type of work. It was the organization that helped popularize passkeys — those passwordless credentials that replace the traditional login and password combination with biometric authentication or cryptographic keys stored on the device. Now, the challenge is to adapt that logic to a completely different context: instead of authenticating a human, the system needs to authenticate an agent acting on behalf of a human. And that requires thinking about concepts like delegation of authority, permission limits, temporal validity of authorizations, and revocation mechanisms that can be triggered quickly if something goes wrong.
On Mastercard’s side, the perspective is especially relevant because it directly involves the world of financial transactions. The company had already been developing its own security initiatives for digital payments, and now it brings that knowledge into a collective effort that could shape how the entire industry addresses this issue. The idea is not to create a proprietary solution that only benefits those sitting at the negotiating table, but to establish open protocols that any developer, platform, or financial institution can implement.
The urgency to act fast in a landscape that changes every day
Developing broadly applicable technical standards that enable interoperability across different industries is a meticulous process that, under normal circumstances, usually takes years. But given the rapid advancement and adoption of agentic AI, representatives from the FIDO Alliance, Google, and Mastercard emphasized that this process needs to move much faster than usual.
And that sense of urgency makes complete sense. AI agents are not waiting for regulation to be ready before they start operating. They are already being used to schedule appointments, research products, compare prices, and in some cases, complete purchases in a fully autonomous way. Every day that passes without clear standards is another day these transactions happen in a protection vacuum, where users remain vulnerable and the mechanisms for recourse when problems arise are virtually nonexistent.
The contribution of open-source tools from both Google and Mastercard is an important signal that the intention goes beyond talk. Making these solutions available openly allows developers around the world to start integrating verification mechanisms into their own systems, accelerating adoption and enabling the technical community to contribute to improving these protocols.
What changes in practice for people who use AI every day
For the average user, this discussion might feel distant — something happening behind the scenes with no direct impact on the day-to-day experience. But that is not really the case. As artificial intelligence agents become more present in people’s routines, the quality of the industry standards governing how these agents behave will directly determine the level of trust anyone can place in these tools.
If the standards are weak or nonexistent, the risks of fraud and misuse grow proportionally. If they are solid and well implemented, the productivity promise that AI carries can actually become reality, without compromising the digital security of the people using it.
Think about how convenient it would be to have an AI agent that organizes your schedule, handles recurring purchases, renews subscriptions, and even pays bills — all autonomously, without you needing to lift a finger. That future is already being built. But it will only truly work if there is a reliable authentication mechanism ensuring that each of those actions was, in fact, authorized by you — and that it can be challenged or reversed if something goes off script. That is exactly the layer of trust that the FIDO Alliance’s work, backed by Google and Mastercard, is trying to build right now, before the problem scales to a point of no return. 🛡️
As Parikh himself pointed out, establishing these foundational protections is critical to fostering trust in agentic AI and driving adoption of tools powered by artificial intelligence. And even if some users are not necessarily looking to adopt AI capabilities, the reality of these technologies proliferating makes minimum guardrails absolutely necessary regardless.
The question of accountability and transparency
Another central point in the standards being developed is the creation of transparency and accountability mechanisms to ensure there is recourse in case of disputes. When a human makes a fraudulent transaction, there is an entire legal structure to deal with it. But when an AI agent executes an unauthorized action — whether due to a technical failure or external manipulation — who is responsible? The user? The company that developed the agent? The platform hosting the service?
The standards under development include frameworks that preserve privacy while giving users, merchants, and other service providers the ability to validate transactions initiated by agents. This means that if something goes wrong, there will be a verifiable trail that makes it possible to identify what happened, when it happened, and whether the action fell within the scope of what the user actually authorized.
This traceability is fundamental not only for resolving individual disputes, but for building a trust framework that allows the entire ecosystem to function in a healthy way. Without it, every transaction executed by an AI agent would essentially be a leap of faith — and nobody wants to rely on faith when money is involved.
A defining moment for the tech industry
Rarely does the tech industry have the opportunity — and the awareness — to build safeguards before problems reach uncontrollable proportions. The track record, unfortunately, tends to be the opposite: launch first, fix later. With digital security in the world of artificial intelligence agents, it seems like at least part of the industry has understood that this time around, following the same script is not an option.
The initiative involving Google, Mastercard, and the FIDO Alliance is a positive sign that there is real willingness to establish clear rules before mass adoption makes any correction far more expensive and complicated. And the fact that both companies are contributing open-source tools reinforces that the intention is not to dominate the market with closed solutions, but to create common ground where everyone can operate more securely.
Of course, good intentions are not enough. The industry standards that emerge from this collaboration need to be technically robust, widely adopted, and constantly updated to keep pace with the evolution of AI agents themselves. A standard that works well today could be insufficient two years from now, when language models are even more capable and autonomous. That is why the process needs to be continuous — not a static document, but a living framework that evolves alongside the technology it is trying to regulate.
What is happening right now is, at its core, the construction of the trust infrastructure for the next phase of the internet — a phase where intelligent machines routinely act on our behalf. And just as the protocols that sustain the web today were essential for it to become what it is, the authentication standards for AI agents will determine whether this new phase is defined by trust and security, or by fraud, uncertainty, and a widespread distrust that could hold back everything promising about this technology. 🚀
