TL;DR: FIDO’s new AP2 and Verifiable Intent standards define how AI agents can act within cryptographic limits, but they leave the root identity question unresolved: how to verify the human and business behind the delegation chain, according to Prove Identity. Without that anchor, agentic commerce becomes a trust problem disguised as a protocol problem.
NHIMG editorial — based on content published by Prove Identity: FIDO's Agentic Commerce Blueprint Is a Major Step Forward. Here's What Comes Next
By the numbers:
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: How should security teams govern AI agents that transact on behalf of users?
A: Security teams should govern AI agents as delegated actors whose permissions, consent, and evidence must be traceable from issuance to revocation.
Q: Why do agentic commerce systems still need strong identity verification?
A: Because a cryptographically valid delegation chain does not prove that the human or business at the root is genuine.
Q: What breaks when trust registries are missing in agentic commerce?
A: Without trust registries, relying parties cannot quickly determine whether a delegated identity is current, verified, and permitted.
Practitioner guidance
- Map the delegation chain end to end Document who issues the root credential, who authorises the agent, what the agent can do, and what evidence is retained for dispute handling.
- Separate scope controls from assurance controls Do not treat spend limits, merchant allow-lists, or time windows as proof that the underlying identity is trustworthy.
- Build a revocation path that reaches the relying party Ensure the party accepting the agent action can see current status, not just the original delegation state.
What's in the full article
Prove Identity's full blog covers the operational detail this post intentionally leaves for the source:
- A deeper explanation of trust registry design for verifying real people and businesses behind delegated agent actions
- The article's view on trust key management and how identity attributes, payment methods, and consent records fit into the chain
- The full discussion of dispute resolution and liability when an AI agent acts on behalf of a consumer
- Additional context on how Prove frames identity as continuous, verifiable state rather than point-in-time authentication
👉 Read Prove Identity's analysis of FIDO's agentic commerce blueprint →
Agentic commerce standards: what identity teams still need?
Explore further
Agentic commerce exposes a verification gap, not just a protocol gap. AP2 and Verifiable Intent can define what an AI agent may do, but they do not answer who should be trusted at the root of the delegation chain. That means identity proofing, business verification, and consent records remain the real control plane for agentic transactions. Practitioners should treat the standards as a transport layer for trust, not a substitute for trust itself.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
A question worth separating out:
Q: Who is accountable when an AI agent makes an unauthorised purchase?
A: Accountability depends on the consent record, the verification strength of the root identity, and the evidence retained across the delegation chain. If those controls are weak, liability becomes harder to assign because the transaction may appear valid even when the underlying identity or authority was compromised.
👉 Read our full editorial: FIDO's agentic commerce blueprint exposes the identity gap