By NHI Mgmt Group Editorial TeamPublished 2026-03-23Domain: Identity Beyond IAMSource: Signifyd

TL;DR: Agentic commerce is creating a “signal blackout” for traditional fraud controls because AI agents can shop from data centres without the IP, device, or cookie signals merchants rely on, while consumer trust and fraud patterns vary sharply by age group, according to Signifyd. The governance challenge is no longer only fraud detection, but deciding how to authorise, inspect, and differentiate legitimate delegated activity from automation abuse.


At a glance

What this is: This article argues that agentic commerce is changing fraud prevention by removing the traditional signals merchants use to judge trust and by increasing pressure on fraud teams to distinguish legitimate AI delegation from abuse.

Why it matters: It matters to IAM practitioners because delegated AI shopping creates a new identity and authorisation problem at the edge of commerce, where trust decisions now have to account for AI agents, human intent, and transaction risk together.

By the numbers:

👉 Read Signifyd's analysis of MRC Vegas and the future of fraud prevention


Context

Agentic commerce is the use of AI agents to discover products, build carts, and complete purchases on behalf of a person. The governance gap is that traditional fraud stacks were built around human browsing signals, but delegated automation can remove those signals entirely while still representing legitimate customer intent.

For IAM, fraud, and identity verification teams, the issue is not just bot detection. It is the boundary between authorised delegation and unauthorised automation, which makes AI identity, transaction-level trust, and policy enforcement increasingly intertwined across commerce systems.


Key questions

Q: What breaks when fraud controls are built only for human browsing sessions?

A: Fraud controls built only for human browsing sessions lose critical context when AI agents act on behalf of customers. Device fingerprints, cookies, and IP reputation may disappear or become unreliable, which makes legitimate delegated activity look suspicious and can also hide malicious automation. Teams need identity-aware delegation signals, not just browser-era telemetry.

Q: Why do AI agents complicate fraud and identity governance?

A: AI agents complicate governance because they can act with delegated authority while lacking the stable user-session signals that older controls assume. That creates a policy problem at the boundary between identity, authorisation, and transaction risk. Teams have to decide what proves intent, how delegation is bounded, and when human review is still required.

Q: How do security and fraud teams know whether agentic commerce controls are working?

A: They should measure both fraud loss and customer friction. If controls block too many legitimate delegated orders, the programme is overfitting to automation. If suspicious agent-driven transactions still pass without auditability or escalation, the controls are too weak. Effective governance shows up in lower false positives, clear delegation records, and consistent review outcomes.

Q: Who should be accountable for AI agent shopping risk?

A: Accountability should sit across identity, fraud, and commerce risk, but one team must own the policy. Agentic shopping crosses traditional boundaries, so unclear ownership creates gaps in approval logic, telemetry, and incident response. The right model is shared execution with named accountability for delegation rules, exception handling, and customer-impact decisions.


Technical breakdown

Why agentic commerce breaks legacy fraud signals

Legacy fraud models depend on environmental and behavioural clues such as IP reputation, device fingerprinting, session cookies, and familiar browsing patterns. When an AI agent executes commerce from a data centre or a cloud runtime, those signals either disappear or become misleading. That creates a signal blackout: automated activity may look suspicious even when it is legitimate, while malicious activity can hide behind the same delegated workflow. The core technical problem is that the transaction still happens, but the trust evidence that once surrounded it is no longer present in the same form.

Practical implication: fraud and identity teams need alternative trust signals that validate delegated intent, not just device or session origin.

Agentic commerce protocols and delegated tokens

New commerce protocols such as ACP and UCP are designed to let an agent present delegation context to merchants rather than rely on browser-era trust cues. In practice, this means the system has to carry proof of who authorised the task, what scope the agent was given, and how far that delegation should extend. That is an identity problem as much as a payments problem, because the merchant needs to decide whether the agent’s authority is bounded, revocable, and auditable. Without those properties, the delegation layer becomes another opaque automation path.

Practical implication: teams should require auditable delegation context and scope boundaries for any agent-driven checkout flow.

Why fraud analytics now need behavioural and business context

The article also points to a broader shift: fraud teams cannot rely only on chargeback counts or binary approve and decline rules. Agent-driven transactions require behavioural analytics, model review, and human escalation for ambiguous cases, because intent and legitimacy may diverge in ways traditional models do not capture. That creates a governance requirement around explainability, review loops, and false-positive recovery. In other words, the fraud stack now has to understand both the transaction and the business value of letting a good order through.

Practical implication: build review workflows that can reassess ambiguous agent-generated orders before the customer relationship is lost.


Threat narrative

Attacker objective: The attacker wants to exploit delegated commerce workflows to complete fraudulent purchases, disguise intent, or bypass conventional fraud controls.

  1. Entry begins when consumers delegate shopping activity to AI agents that operate outside the normal browser trust stack.
  2. Escalation occurs when those agents use automation paths that obscure identity, intent, and device context, making malicious activity harder to distinguish from legitimate delegation.
  3. Impact follows when payment-initiation fraud, friendly fraud, or automated abuse can move through transaction systems with reduced visibility.

NHI Mgmt Group analysis

Agentic commerce creates a trust boundary problem, not just a fraud problem. The article shows that AI agents can complete commerce actions while stripping away the device and session signals that fraud systems were built to interpret. That means the real governance question is who or what is authorised to act, under what delegation, and with what audit trail. Practitioners should treat delegated commerce as an identity and authorisation control surface, not as a purely payments issue.

Delegation context becomes the new control plane for AI-enabled shopping. If merchants cannot verify what a consumer authorised the agent to do, then checkout decisions become guesses about intent. That is a familiar IAM failure pattern in a new form: access decisions made without durable context. For practitioners, the boundary between identity verification and fraud detection is narrowing, and policy has to follow that shift.

False positives now carry a stronger revenue and customer-trust penalty. Signifyd’s framing of profit not captured is a reminder that fraud controls can damage growth when they are too blunt. In agentic commerce, the cost of blocking legitimate delegated activity is not just a missed transaction, but a broken customer journey that may not recover. Practitioners should recalibrate controls around business impact as well as loss prevention.

Organised fraud will adapt to agentic commerce faster than legacy teams expect. The article’s description of fraudsters operating as admins, workers, and callers shows that attackers already work as coordinated networks. That makes agent-driven commerce a likely target for policy abuse, payment-initiation fraud, and synthetic trust exploitation. Security and fraud teams should assume the adversary will industrialise around these new workflows first.

Agentic commerce will force IAM and fraud governance to converge. The article highlights a category shift where authorisation, identity assurance, and transaction integrity are now coupled. The teams that keep these functions separate will struggle to define where responsibility ends. Practitioners should plan for shared policy, shared telemetry, and shared accountability across identity verification and fraud prevention.

What this signals

Delegated commerce will push fraud programmes toward identity-led policy design. Merchant controls that still depend on browser trust will become less reliable as AI agents take over more shopping and payment initiation steps. The next control gap is not only detection quality, but whether authorisation context survives long enough to inform decisioning. Teams should start treating agent delegation as a governed identity event, not a background automation task.

This shift will also raise the value of review workflows that can distinguish bad automation from legitimate delegated intent. If fraud and identity data are not shared, false positives will keep eroding revenue while true abuse slips through. The practical test is whether a team can explain why an AI-driven order was accepted or declined without relying on opaque model output alone.


For practitioners

  • Define delegation scopes for AI shopping flows Specify which actions an agent may take, what purchase thresholds apply, and when human confirmation is required for cart finalisation or payment submission.
  • Replace browser-only trust checks with delegated-context signals Supplement IP, device, and cookie signals with authorisation metadata, task scope, and revocation state so legitimate agent activity is not treated as generic automation.
  • Create review paths for ambiguous agent-driven orders Route uncertain transactions into analyst or customer-confirmation workflows before approval decisions become final, especially where intent and behaviour do not align.
  • Align fraud and identity teams on shared policy Bring identity verification, fraud operations, and commerce risk into a single policy model so delegated AI activity is governed consistently across channels.

Key takeaways

  • Agentic commerce is turning fraud prevention into an identity and delegation governance problem, not just a detection problem.
  • Traditional trust signals are losing value as AI agents transact from environments that do not look like human sessions.
  • Practitioners need shared policy, auditable delegation context, and review paths that protect both revenue and control integrity.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 address the attack surface, NIST AI RMF, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, and GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10Agentic commerce introduces delegation, tool-use, and trust boundary risks for AI-driven transactions.
NIST AI RMFGOVERNAI governance is relevant because commerce agents influence decisions and actions with customer impact.
NIST CSF 2.0PR.AC-4The article centers on access and authorisation decisions for delegated activity.
NIST SP 800-53 Rev 5AC-6Least privilege is central when agents can act on behalf of users in commerce workflows.
GDPRArt.32Commerce agents can process personal data, so security of processing is directly relevant.

Document controls that protect personal and transactional data processed through AI-mediated commerce.


Key terms

  • Agentic Commerce: Commerce where AI agents can discover products, build carts, and complete purchases on behalf of a consumer. The security challenge is that the transaction may be legitimate while the usual human-session signals disappear, forcing merchants to prove delegated intent rather than just detect a browser session.
  • Signal Blackout: A loss of the normal evidence used to make trust decisions, such as device fingerprints, cookies, and IP reputation. In agentic commerce, signal blackout creates ambiguity for fraud systems because automation can be both legitimate and hard to distinguish from abuse.
  • Profit Not Captured: Revenue lost when legitimate customers are wrongly declined and do not return. This is a fraud governance metric, not just a finance metric, because it captures the hidden business cost of overly aggressive controls and helps teams balance prevention with customer experience.
  • Delegation Context: The information that shows what a human authorised an AI agent to do, within what scope, and with what limits. For practitioners, delegation context is the key evidence needed to distinguish bounded automation from uncontrolled or fraudulent activity.

What's in the full article

Signifyd's full post covers the operational detail this post intentionally leaves for the source:

  • How Signifyd describes agentic commerce workflows from discovery through checkout and where merchant controls start to fail
  • The specific guidance shared by Greg Smith and Varun Kumar on getting started with agent-involved transactions
  • How the report frames profit not captured, dark pool testing, and model stack ranking for operational use
  • The fraud team collaboration patterns discussed for ticketing, hospitality, and entertainment environments

👉 Signifyd's full post covers the agentic commerce themes, total cost of fraud framing, and collaboration tactics in more detail.

Deepen your knowledge

NHI Mgmt Group’s NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, agentic AI identity, and secrets management in practical terms. It is designed for practitioners who need to connect identity control to wider security and governance programmes.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-03-23.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org