OpenAI has joined the FIDO Alliance, the industry standards body responsible for passkeys and authentication protocols used by Apple, Google, and Microsoft, with the goal of shaping how phones authenticate AI agents that act autonomously on behalf of users. MobileIDWorld reported on April 15 that OpenAI’s focus is “not passkeys themselves but what comes next: authentication frameworks for AI agents that act autonomously on behalf of mobile users.”

“We’ve joined FIDO to participate in emerging work to evolve authentication for agentic intelligence,” OpenAI stated.

The Delegated Authentication Problem

Today’s authentication assumes a human is present at the moment of each authenticated action. You tap your fingerprint to approve a payment. You enter a PIN to unlock an account. AI agents break this assumption: they act continuously on behalf of users, often without the user being present for each individual action. An agent booking a flight, transferring money, or sending a message needs the receiving system to verify that the request is legitimately authorized, even when the human who authorized the agent isn’t actively confirming.

This is delegated authentication: the user grants the agent authority to act, and the authentication system needs to verify that delegation chain every time the agent takes an action. No widely adopted standard exists for this yet.

Why FIDO Matters for Agents

FIDO Alliance standards are implemented in every major consumer operating system. Apple uses them for passkeys across iOS and macOS. Google implements them in Android. Microsoft uses them in Windows Hello. When FIDO defines how AI agents authenticate, every device and enterprise authentication system that follows FIDO standards will implement that model.

OpenAI’s membership is peer-level: FIDO’s roster includes Apple, Google, Microsoft, Amazon, Meta, and over 250 other organizations. OpenAI is joining the table where the authentication architecture for the next decade gets decided.

The Security Stack’s Missing Layer

The AI agent security landscape has been building from the application layer down. This week alone: Cisco’s rumored acquisition of Astrix Security targets non-human identity management, KnowBe4 launched Agent Risk Manager for agent governance, Capsule Security raised $7M for a runtime trust layer, and the MCPwn vulnerability demonstrated what happens when agent endpoints lack proper authentication. All of these operate above the identity layer.

OpenAI’s FIDO membership addresses the layer beneath all of them. If an AI agent can’t be authenticated at the OS level, the runtime trust layers, governance platforms, and identity management tools above it have no reliable foundation. Authentication is the root of the trust chain for autonomous agents, and FIDO is where that root gets standardized.