Verifiable intent is the cryptographic mechanism by which an AI agent proves it has legitimate authorization from a human user to conduct a specific transaction — with defined scope, expiration, and revocation capabilities.
In agentic commerce, the fundamental trust question is: how does a merchant know that an AI agent requesting a $500 purchase actually has permission from a real human to spend that money? Verifiable intent answers this question without requiring the human to be present at the moment of transaction.
How Verifiable Intent Works
The architecture uses public key infrastructure (PKI) — the same cryptographic foundation that secures HTTPS connections and digital signatures. The flow works like this:
- The user grants authorization. Through their AI agent interface (ChatGPT, Google AI Mode, etc.), the user defines what the agent can do: purchase categories, spending limits, approved merchants, and time windows.
- A signed credential is generated. The authorization is encoded as a digitally signed document — a cryptographic proof that includes the scope of permission, expiration date, and the user’s verified identity (without exposing personal data to the merchant).
- The agent presents the credential at checkout. When the agent initiates a purchase, it presents this signed credential to the merchant. The merchant can verify the signature’s authenticity without contacting the user directly.
- The merchant validates. The merchant checks: Is the signature valid? Is the credential expired? Does the purchase fall within the authorized scope? Has the credential been revoked?
Privacy by Architecture
Verifiable intent is designed with privacy as a structural property, not an afterthought. The credential proves authorization without revealing unnecessary personal information. A merchant doesn’t need to know the user’s name to verify that an agent has valid spending authority. The cryptographic proof confirms: “this agent has permission to spend up to $X on category Y before date Z” — nothing more.
This approach aligns with the data minimization principles embedded in GDPR and emerging AI commerce regulations. The agent presents exactly the claims needed for the transaction and nothing else.
The Trust Triangle
Verifiable intent creates a three-party trust model:
- User → Agent: The user trusts the agent to act within the authorization scope. If the agent exceeds its scope, the credential won’t validate.
- Agent → Merchant: The agent presents cryptographic proof. The merchant can verify without trusting the agent’s self-reported claims.
- Merchant → Payment Network: Visa’s Trusted Agent Protocol and Mastercard’s Agent Pay both implement PKI-based verification, adding the payment network as a trust anchor.
Scope Limitations and Revocation
Credentials include explicit constraints: maximum transaction amount, allowed merchant categories, geographic restrictions, and expiration timestamps. Users can revoke authorization at any time, and the revocation propagates to merchants through the protocol’s credential verification layer.
This is architecturally different from a stored credit card, where revocation requires contacting the card issuer. In verifiable intent, revocation is built into the protocol itself.
Related Reading
- What Is Agentic Commerce?
- AI Agent Verification for Merchants
- Visa vs Mastercard Compliance Race
- How AI Shopping Agents Work
Leave a Reply