The Attestation

Six protocols shipped to let AI agents buy things. None of them prove a human authorized the purchase. Mastercard and Google just open-sourced a standard that does. On March 5, Mastercard and Google open-sourced a specification called Verifiable Intent. It links three things into a single tamper-resistant record: the identity of the human who authorized an agent's action, the specific intent that human expressed, and the outcome the agent produced. The specification is published at verifiableintent.dev, maintained on GitHub, built on standards from the FIDO Alliance, EMVCo, the Internet Engineering Task Force, and the World Wide Web Consortium. Eight companies — Fiserv, IBM, Checkout.com, Basis Theory, Getnet, Adyen, Worldpay, and Google — have indicated support. Three days earlier, Santander completed Europe's first live end-to-end payment executed by an AI agent, using Mastercard's Agent Pay platform. The transaction worked. The payment cleared. And nothing in the architecture of tha