By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
  • Home
  • Products
  • Agents
  • Capital
  • Commerce
Reading: What Is Verifiable Intent? The Complete 2026 Guide
Sign In
  • Join US
Font ResizerAa
  • Home
  • Products
  • Agents
Search
  • Home
  • Products
  • Agents
  • Capital
  • Commerce
Have an existing account? Sign In
Follow US
> Blog > Identity & Provenance > What Is Verifiable Intent? The Complete 2026 Guide
What Is Verifiable Intent? The Complete Guide
Identity & Provenance

What Is Verifiable Intent? The Complete 2026 Guide

Surya Koritala
Last updated: May 31, 2026 9:49 pm
By Surya Koritala
15 Min Read
Share
SHARE

Verifiable Intent is an open specification, co-developed by Mastercard and Google, for cryptographically capturing what a user authorized an AI agent to do. Specifically, it defines SD-JWT credentials with eight cryptographic constraint types covering non-payment intent — access, action, delegation scope. Mastercard announced Verifiable Intent on March 5, 2026 as a v0.1 draft under Apache 2.0. Importantly, Mastercard then contributed it to the FIDO Alliance in April 2026 alongside Google’s Agent Payments Protocol (AP2). In short, the two specs are designed to interoperate — the spec’s user-delegation credentials feed into AP2’s Intent Mandate when the agent action is a purchase.

Contents
  • What is Verifiable Intent?
  • How Verifiable Intent works
    • The eight constraint types
    • Selective disclosure
  • Verifiable Intent in the FIDO Alliance
  • Verifiable Intent vs AP2 vs other agent identity standards
  • What this means for builders
  • Builder’s take
  • Frequently asked questions
    • When did Verifiable Intent launch?
    • Is Verifiable Intent open source?
    • How does Verifiable Intent differ from AP2?
    • What is SD-JWT?
    • Who built Verifiable Intent?
  • Primary sources

What is Verifiable Intent?

Verifiable Intent is an open specification for cryptographically capturing what a user authorized an AI agent to do. Specifically, it defines a credential format — based on SD-JWT (Selective Disclosure JSON Web Tokens) — that records the user’s instruction, the agent’s identity, and the scope of permitted actions. Then downstream services can verify the credential before letting the agent act on the user’s behalf. As a result, agent actions become auditable end-to-end.

Mastercard announced Verifiable Intent on March 5, 2026, co-developed with Google, as a v0.1 draft under Apache 2.0. Importantly, the spec is broader than AP2 — it covers non-payment intent (access permissions, action constraints, delegation scope) as well as payment-specific cases. In April 2026, Mastercard contributed Verifiable Intent to the FIDO Alliance alongside AP2, giving both specs vendor-neutral governance under the same standards body.

Verifiable Intent — Mastercard and Google's open specification for AI agent delegation credentials, using SD-JWT format
Verifiable Intent — Mastercard’s open spec for capturing user-to-agent delegation cryptographically.

📌 Quick definition. It is an SD-JWT-format credential specification for capturing user-to-agent delegation cryptographically. Open spec under Apache 2.0, co-developed by Mastercard and Google, contributed to the FIDO Alliance in April 2026. Specification at verifiableintent.dev.

How Verifiable Intent works

The core primitive in It is a credential — an SD-JWT signed by the user’s authenticator that captures what they authorized. Specifically, the credential includes the user’s identity, the agent’s identity, and an array of constraints that bound what the agent can do. Then the agent presents this credential to downstream services. As a result, services can verify cryptographically that the agent’s intended action falls within the user’s authorization.

The eight constraint types

the v0.1 draft defines eight cryptographic constraint types. First, action constraints — what the agent is allowed to do (browse, purchase, send). Next, resource constraints — which APIs or domains the agent can interact with. Then monetary constraints — spending limits. Time constraints — when the authorization expires. Geographic constraints — where the action can happen. Counterparty constraints — which merchants the agent can transact with. Identity constraints — which sub-agents in a delegation chain can act. Finally, data-handling constraints — what personal data the agent can disclose.

Selective disclosure

The SD-JWT format gives Verifiable Intent a privacy property that traditional JWTs lack. Specifically, the user signs the full credential, but the agent can selectively reveal only relevant constraints to each downstream service. By contrast, a traditional JWT requires revealing the entire payload. As a result, the agent can prove to a merchant “the user authorized a purchase under $500” without also revealing where the user lives or how long the authorization lasts.

“People need to trust that these actions are secure, authorized and truly reflect their intent.”

Andrew Shikiar, FIDO Alliance CEO — April 28, 2026

Verifiable Intent in the FIDO Alliance

Mastercard contributed Verifiable Intent to the FIDO Alliance on April 28, 2026, the same day Google donated AP2. Specifically, both specifications now sit within the FIDO Alliance’s new Agentic Authentication and Payments Technical Working Groups. As a result, the spec gains the same vendor-neutral governance, multi-stakeholder review, and durability that AP2 gains.

Importantly, the donation also locks in the spec’s interoperability with AP2. By design, the spec’s user-delegation credentials are intended to feed into AP2’s Intent Mandate when the agent action is a purchase. In short, the two specs were designed together, by the same teams, to compose. Notably, both teams emphasize that It works for non-payment intent too — making it broader in scope than AP2 alone.

#Mastercard et @Google présentent Verifiable Intent, une solution conçue pour sécuriser les achats réalisés par l’IA.

À l’heure où les agents d’#IA commencent à effectuer nos achats, le commerce entre dans une nouvelle dimension.

À mesure que cette transformation s’accélère,…

— Mastercard France (@MastercardFR) March 24, 2026
Mastercard France official launch tweet — March 24, 2026.

Verifiable Intent vs AP2 vs other agent identity standards

Verifiable Intent isn’t the only agent-related credential specification. By contrast, three other standards address related but distinct questions. Specifically, AP2 is payment-specific; Verifiable Intent is broader. FIDO Agentic Authentication is the governing framework; Verifiable Intent is a specific credential format. Web Bot Auth operates at HTTP transport; Verifiable Intent at the credentials layer. In short, the four are complementary.

⚠️ What is still missing. Three load-bearing questions remain open in the v0.1 draft. First, revocation — how does a user invalidate a credential they already issued? The spec defers this to the FIDO Alliance’s broader revocation work. Next, multi-agent delegation chains — when an orchestrator agent dispatches to sub-agents, how does each handoff preserve the original intent? Finally, audit trail composition — when an action spans multiple services, who produces the unified audit log?

StandardScopeFormatGovernance
Verifiable IntentAll agent actions (payment + non-payment)SD-JWT with 8 constraint typesOpen spec → FIDO Alliance (April 2026)
AP2Payment authorizationVerifiable Credentials (3 Mandates)FIDO Alliance (April 2026)
FIDO Agentic AuthenticationUser-to-agent delegation frameworkWorking Group umbrellaFIDO Alliance (April 2026)
Web Bot AuthHTTP-layer agent identityHTTP Message Signatures (RFC 9421)IETF (chartered 2026)
The four agent identity standards each cover a distinct layer of the problem.

What this means for builders

First, if you build an agent runtime, plan to accept the credentials as the authoritative signal that an action is user-authorized. In short, your runtime’s authorization layer reads the SD-JWT’s constraints and bounds the agent’s behavior accordingly.

Next, if you operate a SaaS product that agents will interact with, verify the credentials at the API boundary. Specifically, your API should accept the credential, verify the user’s signature, check the action constraint matches the requested operation, and only then allow the call. As a result, your API gains audit-grade authorization data without depending on any specific agent runtime.

Finally, if you build a payment-facing product, Verifiable Intent will likely feed into AP2’s Intent Mandate as the user-delegation layer. In short, the two specs are designed together. By contrast, building only against AP2 misses the broader non-payment intent capture that Verifiable Intent enables.

Builder’s take

Verifiable Intent is the spec I keep coming back to when I think about Cyntr‘s authorization layer. Today my agents use coarse API-key permissions; the spec’s 8 constraint types are exactly the granularity I’d want. The SD-JWT selective disclosure is the killer feature — agents can prove they’re authorized for one specific action without leaking everything else the user authorized. That privacy property is what unlocks enterprise trust.

  • If you build a SaaS product that AI agents will interact with, design your authorization model around the spec’s 8 constraints — even before the spec is final. The eight types map cleanly to real-world permission scopes you’d want anyway.
  • The “designed with AP2” framing matters. Verifiable Intent is the user-delegation layer; AP2 is the payment leg. Builders should adopt them together, not separately. The two-credential composition is the design feature, not an integration overhead.
  • Watch the FIDO Alliance Working Group output over the next 12 months — the missing piece is revocation, and how it’s solved will shape whether enterprises trust the spec at scale. Without good revocation, even the best constraint model fails the legal-team review.

Frequently asked questions

When did Verifiable Intent launch?

Mastercard announced Verifiable Intent on March 5, 2026 as a v0.1 draft under Apache 2.0, co-developed with Google. Then on April 28, 2026, Mastercard contributed Verifiable Intent to the FIDO Alliance alongside Google’s AP2.

Is Verifiable Intent open source?

Yes. The specification at verifiableintent.dev is open under Apache 2.0. Since April 2026, the FIDO Alliance governs the spec with vendor-neutral policies. Reference implementations and tooling are being developed under the FIDO Alliance Agentic Authentication Working Group.

How does Verifiable Intent differ from AP2?

AP2 is payment-specific — it handles the authorization of agent-initiated transactions. By contrast, Verifiable Intent is broader — it covers all agent actions (purchases, but also access, delegation, data handling). In short, the spec’s user-delegation credentials feed into AP2’s Intent Mandate when the agent action is a purchase. The two were designed together to compose.

What is SD-JWT?

SD-JWT (Selective Disclosure JSON Web Tokens) is an IETF draft standard for JWTs that let the holder reveal only a subset of claims to each verifier. Specifically, it uses SD-JWT so an agent can prove to a merchant “the user authorized a purchase under $500” without revealing other constraints (location, time, identity details). As a result, Verifiable Intent provides privacy that traditional JWTs cannot.

Who built Verifiable Intent?

Mastercard and Google co-developed Verifiable Intent. Specifically, Mastercard led the credential format design; Google contributed the integration story with AP2 and the broader agent identity framework. Both contributed the spec to the FIDO Alliance in April 2026 for vendor-neutral governance.

Primary sources

  • Verifiable Intent — official specification site
  • Mastercard — Verifiable Intent newsroom story — March 5, 2026
  • FIDO Alliance — Trusted AI Agent Interactions announcement — April 28, 2026
  • PYMNTS — Google and Mastercard Contribute Agentic Commerce Standards to FIDO Alliance
  • IETF SD-JWT specification draft

Last updated: May 20, 2026. Related: Commerce, Agent Infrastructure.

Google Gemini Timeline: PaLM to Gemini 3
OAuth for AI Agents: The Complete 2026 Delegation Guide
AI agent identity crisis — what Uber’s Zero Trust extension actually does
Web Bot Auth: Sign Agents to Skip CAPTCHA Walls
What Is MXC (Microsoft Execution Containers)? Explained
TAGGED:Agent DelegationCryptographic CredentialsFIDO AllianceGoogleMastercardPrivacy-Preserving AuthenticationSD-JWTVerifiable Intent
Share This Article
Facebook Email Copy Link Print
2 Comments
  • Pingback: What Is AP2? The Complete Agent Payments Protocol Guide
  • Pingback: C2PA vs SynthID: Complete 2026 Guide to Verify AI Images - Alatirok — AI Agent Industry

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

More Popular from Alatirok

Dashboard visualizing token consumption per agentic coding task across frontier AI models
Observability

Tokens Per Agentic Coding Task: The 2026 Variance Data

By Surya Koritala
21 Min Read
What Is Cognition Devin? The Enterprise Guide for

What Is Cognition Devin? The Enterprise Guide for 2026

By Surya Koritala
Diagram of an AI agent holding a USDC wallet with spending-limit guardrails enforced before an onchain transfer
Commerce

What Is Circle Agent Stack? USDC Wallets for AI Agents

By Surya Koritala
24 Min Read
Identity & Provenance

AI Agent Identity: Entra Agent ID vs Okta vs SailPoint

AI agent identity governance, Entra vs Okta vs SailPoint: a 2026 buyer matrix on what each…

By Surya Koritala
Observability

Why Does My AI Agent Context Window Fill Up So Fast?

Why does my AI agent context window fill up so fast? Tool definitions eat two-thirds of…

By Surya Koritala
Agent Infrastructure

Migrate OpenAI Agent Builder to Agents SDK Before Nov 30

A hands-on tutorial to migrate OpenAI Agent Builder to Agents SDK before the Nov 30, 2026…

By Surya Koritala
Agent Infrastructure

Best Voice AI Agent Framework 2026: Vapi vs LiveKit vs Pipecat

The best voice AI agent framework 2026 depends on your call volume. Our neutral ranking covers…

By Surya Koritala

Purpose-Built Legal AI vs General LLM: 2026 Verdict

Purpose-built legal AI vs general LLM, settled with real 2026 benchmark data: where ChatGPT and Claude…

By Surya Koritala

what’s actually being built in AI agents, who’s building it, and why it matters. Independent. Opinionated.

Categories

  • Home
  • Products
  • Agents
  • Capital
  • Commerce

Quick Links

  • Home
  • Products
  • Agents

© Alatirok by Loomfeed. All Rights Reserved.

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?