Mastercard and Google have launched Verifiable Intent, an open, standards-based trust layer designed for AI-driven agentic commerce.
Following this announcement, Mastercard and Google have jointly introduced Verifiable Intent, an open, standards-based trust framework designed to address the authorisation and accountability challenges arising from AI-driven agentic commerce, where AI systems execute transactions autonomously on behalf of consumers.
The initiative comes as AI agents are increasingly positioned to perform purchasing decisions, from reordering household items to booking travel, without real-time consumer involvement at the point of transaction. As the degree of autonomy grows, so does the need for a verifiable record of what a consumer originally instructed an agent to do, and under what conditions.
A cryptographic record of consumer authorisation
According to the official press release, at its core, Verifiable Intent creates a tamper-resistant log that links identity, intent, and action into a single record. It provides cryptographic proof of what a consumer authorised when delegating a task to an AI agent, generating a shared source of truth accessible to consumers, merchants, and card issuers. In the event of a dispute, all parties can reference a clear audit trail rather than relying on contested or incomplete records.
The framework is aligned with Google's Agent Payments Protocol (AP2) and Universal Commerce Protocol (UCP), and is designed to be protocol agnostic, meaning it is intended to function across different agentic platforms, devices, wallets, and payment networks. In addition, for scenarios in which a consumer remains present during an agent-assisted transaction, Verifiable Intent confirms their approval of the shopping cart and authorisation of the purchase. In more autonomous arrangements, it provides merchants with sufficient transparency to assess whether additional confirmation is warranted before completing a transaction.
The specification draws on standards from the FIDO Alliance, EMVCo, the Internet Engineering Task Force, and the World Wide Web Consortium. Over time, Mastercard intends to strengthen the framework through integration with Verifiable Credentials, which would make consumer authorisation more portable and explicitly cryptographically verifiable.
Privacy by design and open-source availability
To address data minimisation concerns, Verifiable Intent incorporates a technique called Selective Disclosure, which limits the information shared across parties to what is strictly necessary for a given purpose, whether fraud mitigation or dispute resolution, without exposing broader transaction data.
Mastercard has open-sourced the Verifiable Intent specification and an initial reference implementation, available on GitHub and at verifiableintent.dev. API specifications and developer tools for integrating Verifiable Intent with Mastercard Agent Pay are expected to follow. In the coming months, Verifiable Intent will be integrated directly into Mastercard Agent Pay's intent APIs to support broader deployment with partners.
The framework is positioned as relevant not only for consumer transactions but also for machine-to-machine commerce, programmable money implementations, and business procurement scenarios involving cross-border payments, contexts in which spending authority is delegated to automated systems operating at scale. Moreover, several industry participants, including Adyen, Checkout.com, Fiserv, Worldpay (now part of Global Payments), IBM, Basis Theory, and Getnet, have indicated support for the framework.
Mastercard has stated it will continue working with industry bodies to define complementary standards for conversational AI in commerce. The company describes Verifiable Intent as a foundational component of responsible and scalable agentic commerce deployment, positioning it alongside consumer protection considerations rather than as a standalone technology feature.
