When an AI agent buys something on your behalf, how does the merchant know you actually authorized it? That question sits at the center of Verifiable Intent, an open-source cryptographic framework introduced by Mastercard and Google to bring biometric, passkey-grade trust to autonomous AI transactions.
The framework works by bundling three pieces of information into a single tamper-resistant cryptographic record: the consumer’s verified identity, the specific instructions they gave their AI agent, and the transaction that resulted. Before an AI agent can complete a purchase, the consumer must establish a verifiable intent to pay through a biometric step, creating a cryptographic link between the human and the autonomous action taken on their behalf.
That biometric layer draws on standards from the FIDO Alliance, the same body whose passkey specifications have been reshaping mobile authentication across banking and payments. Verifiable Intent also incorporates EMVCo, Internet Engineering Task Force, and World Wide Web Consortium standards, making it protocol-agnostic and compatible with Google’s Agent Payments Protocol and Universal Commerce Protocol.
A Selective Disclosure mechanism handles privacy: each party in a transaction, whether a merchant verifying authorization, an issuer checking for fraud patterns, or a dispute resolution system, receives only the minimum data needed. No single participant sees the full record. The approach mirrors the selective disclosure principles built into mobile wallet credential standards, applied here to the agentic payment context.
