TL;DR: Agentic AI is changing online shopping by offloading research, deal hunting, cart building and even higher-stakes purchase tasks, while merchants start seeing shorter sessions, thinner device signals and more AI-chat referrals, according to Signifyd. The governance challenge is no longer whether agents buy, but how to distinguish legitimate agent-led commerce from automation that breaks legacy fraud models.
At a glance
What this is: Signifyd argues that agentic AI is already changing ecommerce behaviour, and that merchants are seeing new fingerprints such as ultra-efficient sessions, weaker device identifiers and more AI-chat influence.
Why it matters: For IAM, fraud and identity teams, agent-led commerce matters because trust, attribution and transaction risk now depend on recognising when software is acting on behalf of a person and when that behaviour is crossing policy boundaries.
By the numbers:
- 38% of U.S. consumers are already leveraging AI for help with their online shopping tasks.
- 86% of ecommerce shoppers say saving money is a motivator to use agentic AI agents, with 46% specifically interested in getting help finding the best prices and deals.
- 50% of all Cyber Week orders in 2025 included a discount code, signaling heightened consumer demand for value and increasing agent activity.
👉 Read Signifyd's analysis of how agentic AI is changing ecommerce trust and fraud signals
Context
Agentic commerce is the use of AI systems to research, compare, assemble and increasingly execute purchases on a shopper’s behalf. The security issue is that merchant controls were designed around human browsing patterns, not software that can move through product pages, coupons and checkout flows with machine speed.
That shift creates an identity and trust problem as much as a fraud problem. When an agent presents as a legitimate buyer but behaves like automation, teams need stronger signals for intent, device trust and transaction legitimacy rather than relying on page views or session length alone.
For IAM and fraud programmes, this is a boundary case between customer identity, delegated action and transaction assurance. The starting position in this article is typical of the market: merchants are seeing the behavioural change before they have adjusted governance, detection or policy models.
Key questions
Q: How should merchants distinguish AI agents from fraud bots in ecommerce traffic?
A: Merchants should combine behavioural analytics with device trust, transaction history and policy scope rather than relying on browsing depth alone. Legitimate AI agents often move quickly and with fewer human signals, so the control goal is to identify customer-authorised automation without opening the door to hostile bots. That requires risk scoring before checkout, not after the order is already complete.
Q: Why do AI agents complicate ecommerce fraud detection?
A: They complicate fraud detection because they remove the browsing patterns legacy models were built to trust. A legitimate agent can look like a bot, with thin device data, direct product-page access and unusually efficient sessions. If teams do not add identity and intent context, they will either block valid purchases or allow abusive automation through.
Q: What breaks when merchants treat agent-led shopping like normal human browsing?
A: The main failure is signal misclassification. Human-centred heuristics assume attention, hesitation and page wandering, but agentic shopping compresses all three. That means ordinary traffic quality rules lose precision, checkout can be blocked incorrectly, and malicious automation can hide inside patterns that now look normal for AI-assisted commerce.
Q: Who is accountable when an AI agent completes a purchase the customer did not intend?
A: Accountability sits across the merchant, the platform and the customer, but the merchant still owns the policy that decides whether a transaction is accepted. Teams need clear rules for confirmation, chargeback handling and delegated scope, because once agentic action reaches payment or returns, governance becomes a transaction-control issue as much as an identity issue.
Technical breakdown
Agent-led commerce changes the browsing-to-buying pattern
Agentic AI compresses discovery, comparison and purchase into a much shorter interaction model. Instead of a person reading reviews, comparing options and manually building a cart, an agent can perform those steps programmatically and surface a narrow set of choices. That changes the telemetry merchants rely on. Short sessions, direct product-page access, thin device signals and low page depth can all look suspicious to fraud tooling even when the activity is legitimate. The architectural problem is not just speed. It is that the control model was built around human friction, while agent-led shopping removes that friction by design.
Practical implication: merchant risk models need agent-aware scoring that distinguishes high-intent automation from hostile bots.
Trust expands from low-risk shopping tasks to delegated transactions
The article describes a trust ladder. Consumers start with low-risk tasks such as product research, deal hunting and cart building, then gradually delegate more consequential actions like replenishment, returns and payment optimisation. That matters because each step expands the decision surface. What begins as recommendation support becomes action execution, which raises questions about authorisation, policy scope and rollback when the agent makes a bad choice. In identity terms, this looks like delegated access without the same lifecycle discipline used in enterprise IAM. The merchant may know the customer, but not the software making the purchase decision.
Practical implication: teams should define where delegated agent action ends and customer confirmation must begin.
Fraud controls need to separate automation risk from agentic intent
Legacy fraud systems often treat fast, sparse or device-light sessions as abuse patterns. That logic still matters, but agentic commerce creates a new class of false positives because legitimate shoppers may now arrive with fewer human signals and more machine-like behaviour. This is where trust and identity governance intersect. If the system cannot distinguish a customer-authorised agent from a malicious bot, it will either block valid commerce or admit risky traffic. The right technical response is not to ignore automation signals, but to enrich them with context about intent, task scope and transaction history.
Practical implication: combine behavioural analytics, device intelligence and policy checks before checkout decisions are made.
Threat narrative
Attacker objective: The attacker objective is to complete transactions or abuse commerce workflows while appearing similar to legitimate AI-assisted shoppers.
- Entry occurs when an attacker or malicious automation mimics agent-led shopping behaviour to blend into merchant traffic and reach product and checkout flows.
- Escalation happens when the session exploits weak device identity and compressed browsing patterns to bypass rule sets tuned for human navigation.
- Impact is fraudulent purchase completion, policy bypass or false-positive blocking of legitimate agent-led orders, both of which damage revenue and trust.
NHI Mgmt Group analysis
Agentic commerce is becoming a delegated identity problem, not just a fraud problem. The article focuses on shopper convenience, but the security implication is that software is increasingly acting with purchase authority on behalf of a person. That changes the boundary of trust, because the merchant is now judging an action chain rather than a human-only session. For IAM and fraud teams, the question becomes how to govern delegated action without collapsing customer identity into automation heuristics.
Merchant analytics are entering a visibility gap that mirrors other shadow-automation problems. When sessions become shorter, cleaner and more API-like, conventional behavioural rules lose resolution. The market needs controls that can recognise agent-led intent without mistaking it for bot abuse. Agentic commerce visibility gap: this is the point where merchants can no longer infer legitimacy from browsing shape alone, and must use richer identity and transaction signals. Practitioners should treat that gap as a governance defect, not just a tuning issue.
Fraud and identity teams should expect more policy conflict as AI agents move up the trust ladder. Low-risk shopping tasks are only the beginning. Once agents handle replenishment, returns and payment selection, the same systems that protect revenue will also need to answer who authorised the action, what scope was granted, and when human confirmation is mandatory. That is the same lifecycle question IAM asks of every delegated identity, even if the identity lives inside a consumer transaction.
The category is moving toward trust orchestration across identity, device and transaction layers. A merchant can no longer rely on one control plane to separate good automation from bad automation. The practical future is layered assurance: intent signals, device reputation, transaction history and step-up checks where the task becomes higher risk. Teams that do not design for that convergence will either over-block customers or under-protect checkout flows.
What this signals
Agentic commerce will force merchants to treat software-assisted buying as a first-class trust category. The practical issue is not whether AI agents will generate revenue, but whether the control stack can tell authorised delegation from automation abuse before the transaction is finalised.
Delegated transaction drift: the commerce layer is now absorbing identity decisions that used to sit in checkout policy, fraud review and customer confirmation. Teams should expect more overlap between IAM-style authorisation questions and fraud operations, especially where returns, subscriptions and payment selection are handled by agents.
Practitioners should prepare for a world where customer intent is inferred from mixed signals rather than page behaviour alone. That means better linkage between session telemetry, transaction policy and device trust, plus clearer step-up rules for anything that changes financial exposure.
For practitioners
- Define delegation boundaries for agent-assisted shopping Map which shopping tasks can be completed by an AI agent without further confirmation and which require an explicit human decision before checkout, subscription changes or returns.
- Retune fraud models for agent-like behaviour Update detection logic to account for short sessions, direct PDP access, thin device identifiers and rapid checkout patterns so legitimate agent-led commerce is not flagged as hostile automation.
- Add identity context to transaction scoring Combine customer history, device reputation, session consistency and policy scope so the platform can tell a customer-authorised agent from an unauthorised bot.
- Set step-up controls for higher-stakes agent actions Require additional verification when an agent changes payment methods, initiates returns, manages subscriptions or crosses from low-risk research into financial execution.
Key takeaways
- Agentic commerce changes the control problem from human browsing supervision to delegated transaction governance.
- The article’s own data points to a new merchant visibility gap, with agent-led sessions looking increasingly different from human traffic.
- Fraud and identity teams need policy, telemetry and step-up controls that recognise authorised automation before checkout is approved.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack surface, NIST AI RMF and NIST CSF 2.0 set the technical controls, and ISO/IEC 27001:2022 define the regulatory obligations.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent-led shopping maps to agent misuse, tool abuse and delegated action risks. | |
| NIST AI RMF | GOVERN | AI RMF GOVERN applies to delegated commerce accountability and oversight. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access and authorisation logic underpin delegated transaction controls. |
| ISO/IEC 27001:2022 | A.5.15 | Access control policy is relevant where agents can initiate or complete transactions. |
Use agentic controls to define task scope, confirmation points and tool-use boundaries before checkout.
Key terms
- Agentic Commerce: Agentic commerce is online purchasing where AI systems research, compare, build and sometimes execute transactions on a person’s behalf. The security concern is that the buying decision becomes a delegated software action, which changes fraud detection, authorisation and customer verification expectations.
- Delegated Transaction: A delegated transaction is a purchase or account action performed by software under some level of user authority. In practice, the key governance question is whether the delegation scope is explicit, bounded and revocable, especially when the action touches payment, returns or subscription changes.
- Agent-Led Session: An agent-led session is a customer interaction that is initiated or carried materially forward by AI rather than by direct human browsing. These sessions often appear unusually efficient, with fewer clicks, thinner device identity and more direct paths to product pages or checkout.
- Transaction Assurance: Transaction assurance is the set of controls used to decide whether a commerce action should be trusted, reviewed or blocked. It combines identity context, device signals, session behaviour and policy checks so merchants can separate legitimate automation from abuse.
What's in the full article
Signifyd's full blog post covers the operational detail this post intentionally leaves for the source:
- Signifyd's examples of the shopping signals merchants can use to detect agent-led behaviour in live analytics.
- Its breakdown of consumer trust progression from low-risk shopping tasks to higher-stakes delegated purchasing.
- The merchant-side implications for fraud review, checkout decisions and false-positive handling when automation looks human enough to pass basic filters.
- The specific commerce scenarios where agentic AI may shift from assistance to payment and returns execution.
Deepen your knowledge
The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, identity lifecycle and secrets management. It helps practitioners connect delegated access decisions to broader identity and security operating models.
Published by the NHIMG editorial team on 2026-03-13.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org