On April 28, 2026, the FIDO Alliance announced two new working groups dedicated to agentic AI: an Agentic Authentication Technical Working Group and an Agentic Payments group. The Authentication WG is chaired by CVS Health, Google, and OpenAI, with Amazon, Google, and Okta as vice-chairs. Google contributed its Agent Payments Protocol (AP2). Mastercard contributed its Verifiable Intent framework. OpenAI joined the same week.
This is good news for exact.works. Not because FIDO is building what exact.works builds — they are not. Because FIDO is building the layer directly below what exact.works builds.
FIDO’s three stated deliverables are phishing-resistant user-to-agent authorization, service-side verification that an agent acts within defined parameters, and trusted transaction boundaries. Google’s AP2 covers secure delegation and verifiable authorization for payments. Mastercard’s Verifiable Intent confirms that the agent intended to take the action the transaction represents.
These are identity and payment infrastructure problems. Who is the agent? Is the agent authorized to act? Is this payment legitimate? Critical infrastructure. Not what exact.works does.
Authentication answers the question of identity — can this agent prove it is who it claims to be? Payment authorization answers the question of capability — is this agent permitted to initiate this transaction? Contractual accountability answers the question of obligation — what did the agent agree to do, who bears liability when it does not, and how do we resolve the dispute?
These are three distinct layers. FIDO is building layers one and two. exact.works occupies layer three. No entity in the FIDO working group charter addresses service agreements, audit trails tied to contractual obligations, or dispute resolution.
The agentic economy is assembling itself into a standards stack. At the identity layer, FIDO Alliance plus AP2 plus Verifiable Intent handle authentication and payment authorization. At the contractual layer, SAISA plus Paper plus Trace handles scope, accountability, and evidence. At the runtime layer, Microsoft AGT plus NemoClaw handles behavioral enforcement and model safety.
Each layer is necessary. None is sufficient alone. An authenticated agent without a service agreement is a verified stranger. A governed agent without authentication is accountable to no one verifiable. A service agreement without runtime enforcement is prose without teeth.
FIDO’s working groups explicitly do not cover the contractual layer. Their charter targets authentication and payment boundaries — not service agreements, not audit trails tied to bilateral obligations, not dispute resolution. Amazon v. Perplexity showed that even authenticated agents can violate authorization scope. The agreement layer is what defines authorized scope.
Mastercard’s Verifiable Intent — what the agent intended to do — is not the same as SAISA’s execution scope — what the agent was contractually authorized to do. Intent and authorization are different constructs. FIDO will verify the former. exact.works records and enforces the latter.
FIDO authenticates the agent. exact.works holds the agreement. The identity layer is being built by the right people. The contractual layer is live.
Every AI agent needs a contract.
exact.works →