FIDO Agentic Authentication is the FIDO Alliance’s new Technical Working Group, chartered on April 28, 2026, that’s defining how users delegate actions to AI agents while maintaining phishing-resistant authentication. It’s co-chaired by CVS Health, Google, and OpenAI. Importantly, FIDO Agentic Authentication is the credentials-layer companion to two other agent-identity efforts: the IETF Web Bot Auth working group at the transport layer, and Google’s Agent Payments Protocol (AP2) for the payment-specific case. The Working Group’s founding contributors include sixteen named partners — payments rails like Mastercard and Visa, identity providers like Okta, 1Password, and Dashlane, and OpenAI and Google from the frontier-model labs. Anthropic and Cognition are notably absent. The first interim drafts are expected within the next six to twelve months.
What is FIDO Agentic Authentication?
FIDO Agentic Authentication is a Technical Working Group within the FIDO Alliance dedicated to defining how users delegate actions to AI agents with phishing-resistant credentials. The FIDO Alliance launched it on April 28, 2026 alongside a sister Payments Technical Working Group co-chaired by Mastercard and Visa. Notably, the Agentic Authentication WG is co-chaired by three organizations: CVS Health representing enterprise consumers, Google representing the agent-runtime side, and OpenAI representing the foundation-model side.
The Working Group’s stated scope, per the FIDO Alliance announcement, is to define standards for “how users securely and privately delegate actions to AI agents while maintaining strong, phishing-resistant authentication, including establishing clear boundaries between user identity and agent identity.” In short, FIDO Agentic Authentication answers a question that traditional authentication standards don’t: when a user lets an agent act on their behalf, how does the agent prove it’s authorized?
📌 Quick definition. FIDO Agentic Authentication is a new Technical Working Group at the FIDO Alliance, chartered April 28, 2026, that defines credentials-layer standards for user-to-agent delegation. It builds on FIDO’s existing phishing-resistant passkey / WebAuthn primitives and is co-chaired by CVS Health, Google, and OpenAI.
How user-to-agent delegation works under FIDO Agentic Authentication
The core technical problem FIDO Agentic Authentication addresses is the delegation chain. Specifically, when a user instructs an agent to do something — “book a flight under $500” — the agent needs cryptographic proof that the user actually authorized that action. As a result, downstream services (airlines, payment rails, identity providers) can verify the agent’s claim without trusting it on faith.
FIDO’s approach builds on the same passkey primitives that already replaced passwords for human authentication. Specifically, the user signs a delegation credential with their FIDO-bound device (phone, hardware key, platform authenticator). That credential captures the user’s intent, the agent’s identity, and the scope of authorized actions. Then the agent presents the credential to services as proof of delegation.
Intent capture
The credential records what the user wants done. By design, this can be open-ended (“shop for me”) or narrow (“buy this specific item under this specific price”). Importantly, the credential is signed by the user’s existing FIDO authenticator, so the authenticity chain mirrors how passkey-based login already works.
Scope enforcement
The credential bounds what the agent can do. Specifically, it captures permissions: which domains the agent can interact with, which payment methods it can use, which actions are out of bounds. As a result, even a compromised agent can’t exceed the scope a user explicitly granted.
Revocation
The user can revoke a delegation credential at any time. In practice, this likely happens through a centralized revocation service the FIDO Alliance operates, similar to how PKI handles certificate revocation today. The Working Group’s first interim drafts are expected to define the revocation mechanism.
“AI agents are quickly becoming part of how people get things done online — from making purchases to managing everyday tasks. To scale this safely, people need to trust that these actions are secure, authorized and truly reflect their intent.”
Andrew Shikiar, Executive Director and CEO, FIDO Alliance — April 28, 2026
Founding members and governance of FIDO Agentic Authentication
The FIDO Agentic Authentication Working Group launched with sixteen named founding contributors beyond the three co-chairs. Specifically, the founding list includes Amazon, Okta, 1Password, American Express, Dashlane, Egis Technology, LastPass, OneSpan, PayPal, Prove Identity, and Thales. Notably, the composition leans heavily toward payments rails and identity providers — exactly the two segments that have the most to lose if agent identity goes wrong.
Importantly, there are also conspicuous absences. Anthropic — the company shipping the leading enterprise agent runtime — is not a chair, vice-chair, or founding contributor. Neither is Cognition (Devin) or Sierra. As a result, the founding list represents the payments-and-identity establishment plus Google and OpenAI from the frontier-model labs. The agent-native runtime companies shipping multi-agent systems today are largely outside the room.
That’s not an oversight. In short, it’s a positioning choice — by either Anthropic or by FIDO, possibly both. Which side made it, and how quickly the missing names join, will shape how broadly FIDO Agentic Authentication gets adopted.
FIDO Agentic Authentication vs other agent identity standards
FIDO Agentic Authentication isn’t the only proposal for cryptographically identifying AI agents. By contrast, three other efforts operate at different layers of the agent identity stack. Each addresses a different part of the problem; importantly, they’re complementary, not competing.
⚠️ What is still missing. Three load-bearing questions remain open in v0. First, how do the FIDO delegation credentials interoperate with the IETF’s HTTP-layer Web Bot Auth at the transport boundary? Second, how do multi-agent delegation chains compose — when one orchestrator agent dispatches to sub-agents, does each handoff need a fresh user signature? Finally, how is revocation handled at scale? Expect drafts on all three in the next 12 months.
| Standard | Layer | Question answered | Governance |
|---|---|---|---|
| FIDO Agentic Authentication | User-to-agent delegation credentials | Did the user authorize this agent action? | FIDO Alliance (April 2026) |
| IETF Web Bot Auth | HTTP transport layer | Who is this HTTP client? | IETF (chartered 2026) |
| AP2 (Agent Payments Protocol) | Payment authorization | Did the user authorize this transaction? | FIDO Alliance Payments TWG |
| OAuth 2.0 | Delegated API authorization | What API access does this client have? | IETF (legacy) |
What this means for builders
First, if you build an agent runtime, plan to accept FIDO delegation credentials as the authoritative signal that an agent action is user-authorized. In short, your runtime’s authorization layer should treat these as the equivalent of OAuth tokens — but with finer-grained scope and stronger phishing-resistance.
Next, if you operate a marketplace or commerce platform, deploy FIDO Agentic Authentication verification at the request edge. Specifically, accept agent requests that present a valid FIDO delegation credential as a higher-trust class. As a result, agent-initiated transactions get verified before they reach your application logic — much like how AP2 Cart Mandates get verified for payment-specific flows.
Finally, if you build payment-facing products, expect the delegation credentials to interoperate with AP2 within twelve months. In practice, the two protocols are governed by the same Alliance and were designed to compose. By contrast, OAuth-only authentication will look increasingly insufficient as agent-initiated traffic grows.
Builder’s take
I run 158 agents in production through Cyntr, and the user-to-agent delegation question FIDO is solving is exactly the gap I’ve been working around. Today every agent holds an opaque API key — no way to express user-scoped intent, no cryptographic revocation path, no audit chain. If FIDO Agentic Authentication ships on schedule, it replaces what I’m running today with something boards will actually approve for enterprise workflows.
- For orchestrator runtimes like Cyntr: expect to refactor the agent-permission layer from API keys to FIDO delegation credentials within 12 months of the v1 spec. The pattern won’t be optional once enterprise customers ask.
- The phishing-resistance framing matters for adoption. Boards will require this signal before approving agent-initiated workflows that touch money or sensitive data. Passkeys took five years to mainstream because banks held out; this one moves faster precisely because FIDO has banks in the founding list.
- Anthropic’s absence is the most consequential gap. Claude is the leading enterprise agent runtime today, and FIDO’s spec won’t be operationally complete until Anthropic adopts. Watch the 6-month mark — that’s when the political shape becomes clear.
Frequently asked questions
The FIDO Alliance chartered the Agentic Authentication Technical Working Group on April 28, 2026, alongside a sister Payments Technical Working Group. The announcement is at fidoalliance.org.
The Working Group has three co-chairs: CVS Health representing enterprise consumer applications, Google representing agent-runtime providers, and OpenAI representing foundation-model labs. By contrast, the sister Payments Technical Working Group is co-chaired by Mastercard and Visa.
Passkeys authenticate a human user to a service. By contrast, FIDO Agentic Authentication authenticates an agent acting on behalf of a user — adding a delegation layer. Importantly, both build on the same FIDO2/WebAuthn cryptographic primitives, so an existing FIDO-bound device (phone, hardware key) can sign both passkey logins and delegation credentials.
Yes. The FIDO Alliance is a vendor-neutral standards body. Specifically, all FIDO specifications are publicly available at fidoalliance.org/specifications and are royalty-free for implementers. Importantly, the Agentic Authentication WG’s draft documents will be similarly open as they’re produced.
The sixteen named founding contributors lean toward payments rails (Mastercard, Visa, Amex, PayPal) and identity providers (Okta, 1Password, Dashlane, LastPass, Thales). By contrast, Anthropic, Cognition (Devin), and Sierra — the agent-native runtime companies shipping multi-agent systems today — are not founding contributors. This is a positioning choice, by either side. How quickly the missing names join will shape adoption.
Primary sources
- FIDO Alliance — Trusted AI Agent Interactions announcement — April 28, 2026
- FIDO Alliance — The Agentic Era Is Here. Now We Need to Make It Trustworthy
- BusinessWire — FIDO Alliance to Develop Standards for Trusted AI Agent Interactions
- Help Net Security coverage — April 29, 2026
- Biometric Update coverage
- PYMNTS — Google and Mastercard Contribute Agentic Commerce Standards to FIDO Alliance
- Google blog — Donating AP2 to the FIDO Alliance
Last updated: May 20, 2026. Related: Commerce, Agent Infrastructure.
