When you tap a credit card, intent is obvious — you held the card, you pressed the button. When an AI agent spends money on instructions you gave it three days ago, proving what you actually authorized becomes a genuine problem.

Mastercard thinks it has the answer.

Verifiable Intent: The Core Idea

On March 5, Mastercard introduced Verifiable Intent, an open-source, standards-based framework that creates a tamper-resistant cryptographic record linking three things together:

  1. Your identity — who authorized the action
  2. Your specific instructions — what you told the agent to do
  3. The transaction outcome — what actually happened

This audit trail travels with the transaction. If something goes wrong — the agent booked a $2,000 hotel instead of a $200 one, or a prompt injection redirected funds — all parties can consult the same verifiable proof rather than playing blame games.

“As autonomy increases, trust cannot be implied,” said Pablo Fourez, Mastercard’s chief digital officer. “It must be proven.”

Why This Matters Now

The timing isn’t coincidental. Mastercard published a companion piece that opens with a scenario OpenClaw users will recognize: an AI agent browsing travel sites encounters a corrupted webpage with hidden instructions that redirect it to transfer money to an unknown wallet.

This isn’t hypothetical. OpenClaw has faced documented prompt injection risks throughout 2026, and the March CVE tsunami demonstrated how quickly new attack vectors emerge when autonomous agents interact with untrusted content.

The specific danger for agentic commerce: semi- or fully autonomous agents being commandeered by malicious actors to redirect and steal money. Mastercard called OpenClaw out by name as an example of why the industry needs standards — not because OpenClaw is uniquely bad, but because it’s the most visible example of what happens when agent autonomy outpaces security infrastructure.

The Partner Stack

What gives Verifiable Intent weight beyond a press release:

  • Google — co-developed the framework, aligned with their Agent Payments Protocol (AP2) and Universal Commerce Protocol (UCP)
  • Fiserv — integrating for merchant fraud reduction and dispute resolution
  • IBM — aligning with their enterprise agent orchestration layer
  • Checkout.com — cryptographic intent validation without oversharing sensitive data
  • Basis Theory and Getnet — additional payment infrastructure partners

Google’s endorsement was explicit: “Strong, interoperable trust infrastructure like Verifiable Intent that is compatible with Agent Payments Protocol is a natural accelerator for scaling agentic commerce.”

The specification is built on existing standards from FIDO Alliance, EMVCo, IETF, and W3C. It uses Selective Disclosure — sharing only the minimum information needed with each party in a transaction.

Verifiable Intent + Agent Pay

This isn’t Mastercard’s first move in agentic commerce. They launched Mastercard Agent Pay in 2024, which handles registering and authenticating AI agents before they transact on Mastercard’s network.

In March, we covered how DBS Bank + Visa and Santander + Mastercard completed the first live AI agent payments in Asia Pacific and Europe respectively.

Verifiable Intent adds a proof layer on top of Agent Pay — the identity is verified, and now the intent behind each transaction is cryptographically recorded too. Integration into Agent Pay’s intent APIs is expected in the coming months.

Mastercard is also expanding Start Path, its startup engagement program, specifically to advance agentic commerce startups. And they’re working with Microsoft to bring Agent Pay to Copilot Checkout.

What This Means for OpenClaw Users

Right now, if your OpenClaw agent makes a purchase — say, through a browser automation skill or an e-commerce API — there’s no standardized way to prove:

  • That you authorized that specific purchase
  • That the agent followed your instructions correctly
  • That no one tampered with the intent between your command and the transaction

Verifiable Intent doesn’t solve OpenClaw’s security challenges directly. But it creates the infrastructure layer that future commerce integrations can build on. When (not if) OpenClaw skills start integrating with payment networks, frameworks like this determine whether those integrations are trustworthy.

The practical implication: agentic commerce is being standardized by the payment networks, not the AI companies. Mastercard and Google are setting the rules for how agents spend money. OpenClaw and similar platforms will need to comply with these standards to participate.

The Bigger Picture

43% of CFOs expect high impact from AI agents handling dynamic budget reallocation. 47% expect moderate impact. The money is moving toward agent-executed transactions whether the security is ready or not.

Mastercard is essentially saying: before that floodgate opens, let’s build the trust infrastructure. The open-source approach — publishing the specification on GitHub, inviting contributions from developers and merchants — is a bet that broad participation makes a standard stick.

Whether the industry coalesces around Verifiable Intent or a competing standard, the underlying question is the same one OpenClaw users face daily: how do you prove an autonomous agent did what you wanted?

For commerce, Mastercard thinks cryptographic proof is the answer. For everything else agents do, we’re still figuring it out.

Verifiable Intent is open-source on GitHub. Integration with Mastercard Agent Pay APIs is expected in coming months.