Verifiable Intent: What Mastercard's New Trust Primitive Means for AI Agents
For decades, payment authorization solved one problem: does this account have permission to spend this money? That question assumes a human at the other end — someone who consciously chose to make the payment. In March 2026, Mastercard and Santander completed Europe’s first live end-to-end payment executed by an AI agent. The verifiable intent mechanism that made it trustworthy is a new primitive — and it changes what “authorized” means in a world where the payer might not be human.
The short answer
Verifiable Intent is a cryptographic mechanism that produces signed proof an AI agent's payment action was explicitly authorized by a human principal. It establishes an auditable chain from the human's authorization decision to the agent's execution — answering not just "can this account pay?" but "did a human sanction this specific agent action?" Introduced by Mastercard as the core trust mechanism in Agent Pay, March 2026.
The problem it solves is deceptively simple: when an AI agent makes a payment, who authorized it, and when? Traditional payment systems have no answer to that question. Verifiable Intent provides one — cryptographically, before the transaction settles.
What Is Verifiable Intent?
Verifiable Intent is the record that a human made an explicit authorization decision that covers the agent’s payment action. Not a general grant of access (“here’s a card, use it”), but a scoped, signed authorization that specifies what the agent can do, under what conditions, and within what limits.
The word “verifiable” is doing real work here. It’s not enough for the human to have authorized the agent in principle — the authorization needs to be provable to the payment network at transaction time. Mastercard’s implementation produces a cryptographic artifact that travels with the transaction, allowing issuing banks and merchants to verify that a human principal was aware of and sanctioned the specific class of action being taken.
Three properties distinguish verifiable intent from ordinary payment credentials:
Scope-bound. The authorization is not a general permission to pay. It defines what the agent can purchase, at what amounts, and under what circumstances. An agent authorized to book flights is not authorized to purchase software licenses — and that distinction is enforceable, not just instructional.
Time-anchored. The authorization has a timestamp and, typically, an expiry. A human who authorized an agent to make purchases last week hasn’t necessarily authorized purchases today. Verifiable Intent makes the temporal relationship between human authorization and agent execution explicit.
Principal-linked. The authorization is cryptographically tied to a specific human identity — not just an account. This means the payment network can distinguish between “authorized by the account holder” and “someone with access to the account credentials.”
Why Traditional Payment Authorization Fails for AI Agents
Traditional authorization fails because it was designed around a synchronous assumption: a human is present when the payment happens.
Every trust mechanism in the traditional stack was built on this. A PIN assumes a human entered it. A push notification assumes a human approved it. 3DS challenge flows assume a human can respond. Card-present transactions assume a human handed over the card. Even card-not-present purchases assume a human typed in the number.
AI agents break all of these. An agent executing a task might not have any human involvement for hours, days, or weeks after the initial setup. The human who authorized the agent to “handle travel bookings” may not know a specific flight is being booked until after it’s charged.
The zero-trust model for agent finances treats every transaction as potentially unauthorized until proven otherwise. But zero-trust without the ability to prove authorization just blocks everything. Verifiable Intent provides the positive case: a mechanism for proving the authorization chain, so that transactions that should go through can go through — and those that shouldn’t can be blocked.
| Authorization mechanism | Human presence required | Agent-compatible | Authorization proof |
|---|---|---|---|
| PIN | Yes (at transaction) | No | None |
| 3DS challenge | Yes (real-time) | No | None |
| Push notification approval | Yes (real-time) | No | None |
| Card credentials | No | Yes, but risky | None |
| OAuth scope | No | Partial | Partial (scope only) |
| Verifiable Intent | No (pre-authorized) | Yes | Cryptographic |
The key column is the last one. Card credentials prove the agent has access to payment information — not that a human sanctioned the specific action. Verifiable Intent proves the authorization itself.
How Mastercard Implements Verifiable Intent
Mastercard’s implementation, detailed in their March 2026 overview and launched as part of Agent Pay, works through a pre-authorization step that produces a signed artifact before any agent execution begins.
The flow:
- Human principal sets up agent scope. The account holder defines what the agent is authorized to do — merchant categories, amount limits, time windows, specific actions.
- Authorization is signed and recorded. Mastercard’s infrastructure creates a cryptographic record of the human’s authorization decision, tied to the account holder’s identity.
- Agent receives a scoped credential. The agent gets a token or credential that is valid only within the authorized scope — not a general-purpose card number.
- At transaction time, the credential carries the intent proof. When the agent initiates a payment, the authorization artifact travels with the transaction. Issuers and merchants can verify the human authorization chain without requiring real-time human involvement.
- Out-of-scope transactions are declined. If the agent attempts a transaction outside the authorized scope — wrong merchant category, amount exceeds the limit, time window expired — the transaction is declined at the network level.
The Santander pilot, completed in March 2026, was the first live demonstration of this end-to-end flow: a human sets up authorization, an AI agent executes the payment, the payment clears through the Mastercard network with a verifiable authorization chain, without any real-time human involvement in the transaction itself.
This is where the agent payment protocol landscape is converging. Multiple protocols — Mastercard Agent Pay, Google AP2’s mandate system, Stripe ACP — are all solving variations of the same problem: how do you prove a human authorized an agent action when the human isn’t present at execution time?
The Relationship Between Verifiable Intent and Spending Limits
Verifiable Intent and spending limits are complementary, not redundant. They protect against different failure modes.
Spending limits cap how much an agent can spend. Verifiable Intent constrains what the agent can spend it on. You need both.
A spending limit without verifiable intent means an agent can spend up to its cap on anything — including things the human principal never intended. An agent authorized to “handle business expenses” with a $1,000 limit and no intent verification could, in principle, charge any merchant up to that limit.
Verifiable intent without a spending limit means every transaction is within scope, but there’s no upper bound on cumulative exposure. An authorized agent making 1,000 in-scope transactions at $5 each has a $5,000 exposure — all “authorized” in the sense that each transaction is within the defined category.
The production model needs both:
- Verifiable Intent proves the category and type of transaction is authorized
- Spending limits cap the total financial exposure regardless of transaction count
For developers: this means agent authorization setup requires two parallel decisions. What is the agent allowed to buy (scope, categories, merchants) — that’s the verifiable intent layer. How much can it spend (per-transaction cap, total balance, time-bound limit) — that’s the spending limit layer.
What Verifiable Intent Means for Developers
The practical implication for developers: agent authorization can no longer be an afterthought. The scoped credential has to be created before the agent runs, tied to explicit human authorization decisions made at setup time.
This changes agent architecture in a specific way. The “give the agent a card and let it go” pattern doesn’t work with Verifiable Intent — because the credential only covers pre-authorized scope. Agents need to be designed around the scope they’ll be given, not around general-purpose payment access.
Three things every developer building payment-capable agents should understand:
Scope design is part of agent design. What merchant categories, transaction types, and amount ranges will the agent need? Define those before writing the agent, because they determine what credentials the agent can receive.
Agent credential isolation matters more, not less. A scoped credential limits per-agent blast radius. Different agents doing different tasks should have different scopes — a flight-booking agent and a software-purchasing agent should have categorically different authorizations.
What an agent account contains changes when intent verification is part of the picture. The account is no longer just a balance and credentials — it’s a signed record of human authorization. The identity layer and the payment layer are now coupled.
Mastercard Agent Pay is currently live with selected banking partners. For most developers today, the nearest equivalent is building explicit authorization scope into your agent setup flow and using per-agent isolated credentials with IOU spending limits as the ceiling — the same architectural principle as Verifiable Intent, implemented at the platform level through ATXP.
FAQ
What is Verifiable Intent in AI payments?
Verifiable Intent is Mastercard’s cryptographic proof that an AI agent’s payment was authorized by a human principal. It establishes a signed, auditable chain from the human’s authorization decision to the agent’s execution — addressing the trust gap created when agents pay without real-time human involvement.
What is Mastercard Agent Pay?
Mastercard Agent Pay is a payment infrastructure product that enables AI agents to initiate payments on behalf of human principals. Verifiable Intent is its core trust mechanism. The first live end-to-end payment was completed with Santander in March 2026.
How does Verifiable Intent differ from traditional payment authorization?
Traditional authorization asks: does this account have funds and valid credentials? Verifiable Intent asks: did a human principal explicitly authorize this specific class of agent action? It adds an authorization-proof layer that traditional payment systems don’t have.
Why can’t existing payment systems handle AI agents without modification?
Every existing trust mechanism — PINs, push approvals, 3DS challenges — assumes a human is present at transaction time. AI agents break that assumption. Without a mechanism like Verifiable Intent, there’s no way to prove the human authorization chain when the agent acts hours or days later.
What does Verifiable Intent mean for developers?
Agent authorization must be designed before deployment. The agent’s scope — what it can buy, at what amounts, in what categories — must be defined and signed by a human principal before the agent runs. “Give the agent a card and let it go” is architecturally incompatible with verifiable intent.
Is Verifiable Intent available to developers now?
Mastercard Agent Pay is live with selected banking partners as of March 2026. For most developers, the practical equivalent today is explicit authorization scope at agent setup combined with isolated, pre-funded credentials — the architectural principle is the same.