Google moves agent payments into the FIDO Alliance

Google said on April 28 that its Agent Payments Protocol, AP2, is moving into the FIDO Alliance.

The news is not simply another shopping assistant. Google is donating AP2 to an independent standards body, publishing AP2 v0.2 on GitHub and adding support for transactions where the human is not present at the moment of payment. Mastercard is contributing Verifiable Intent, an AP2-compatible mechanism for tamper-resistant records of what a user actually authorized an agent to do.

The facts: Google describes AP2 as an open framework for secure agentic commerce. FIDO Alliance confirmed the same day that it will develop standards for trusted AI agent interactions. WIRED framed the issue around the real operational risk: once agents can buy on behalf of people or companies, organizations need to know who granted the mandate, what limits applied and how the decision can be audited afterwards.

For Norwegian and European leaders, this makes agent payments a payments-infrastructure topic, not a user-interface experiment. If an agent can buy tickets, consumables, advertising or cloud services automatically, the controls must exist before the transaction: policy, spend limits, role-based approvals, logging, revocation and dispute handling.

CIOs should read this as an early architecture signal. Agents will need identity, mandate and audit trails in the same way enterprises already govern API keys, service accounts and payment cards. CFOs should require budget controls and anomaly alerts before any autonomous buying is allowed in production.

Assessment: AP2 does not by itself make agentic commerce safe, and the standard is still young. But when Google, Mastercard and FIDO converge around Verifiable Intent, it becomes a likely reference point for banking, retail, travel and B2B procurement. Organizations testing AI agents should map which agent actions can create financial obligations and ask vendors how consent, identity and auditability are handled.

Practical advice: do not begin with fully autonomous payment. Start with read access, recommendations and human approval. When payment is enabled, use narrow limits, explicit mandates and logs that finance, security and compliance teams can all inspect.