TL;DR: Agentic commerce shifts buying, negotiation, and payment from human users to AI agents, making verified, privacy-preserving, interoperable identity the control plane for trust, payments, and customer experience, according to OneSpan. Passwordless access, machine-readable catalogues, and agent delegation controls become necessary because shared credentials and CAPTCHA do not scale to agent-to-agent commerce.
At a glance
What this is: This is OneSpan’s analysis of agentic commerce and the claim that digital identity becomes the control plane for trust in machine-mediated buying.
Why it matters: It matters because IAM, NHI, and human identity programmes now have to govern consent, verification, and delegation across both people and agents, not just login events.
By the numbers:
👉 Read OneSpan's analysis of identity in agentic commerce
Context
Agentic commerce is the point where identity stops being a login problem and becomes a transaction-control problem. In this model, AI agents compare offers, negotiate terms, execute payments, and coordinate delivery on behalf of people, which means the security boundary shifts from the user interface to verified identity, consent, and delegation.
For IAM teams, the challenge is not just authenticating a person or a workload. It is proving that an agent is acting within user-defined guardrails, that merchants can verify the agent’s assertions, and that the underlying identity signals remain interoperable across payment, commerce, and delegation flows. That makes the topic relevant to human IAM, NHI governance, and agentic AI identity at the same time.
Key questions
Q: How should organisations secure payments when AI agents can buy on behalf of users?
A: They should separate user authentication, agent delegation, and purchase approval into distinct controls. That means phishing-resistant authentication for the human, explicit policy for the agent’s scope, and verifiable claims that the merchant can validate at transaction time. Without that separation, a delegated agent becomes just another opaque buyer with too much power.
Q: Why do passwords and shared credentials fail in agentic commerce?
A: Passwords and shared credentials assume a person is present to remember, enter, and control the secret. Agentic commerce breaks that assumption because software may negotiate, compare, and execute transactions without a human at the keyboard. Shared secrets also destroy accountability, because they do not show which actor authorised the action or what scope was intended.
Q: What do security teams get wrong about trusted AI agents in commerce flows?
A: They often focus on whether the agent is authenticated and ignore whether its claims, delegation rights, and execution scope are still valid at the point of purchase. In commerce, a trusted agent is not just a signed-in agent. It is an actor whose permitted actions, privacy boundaries, and transaction rights are provable end to end.
Q: What is the difference between verifying a user and verifying an agent in commerce?
A: Verifying a user proves who initiated the relationship. Verifying an agent proves what that actor is allowed to do on the user’s behalf, what claims it can present, and whether the merchant can trust those claims at the moment of action. Agent verification is therefore a delegation and policy problem, not only an authentication problem.
Technical breakdown
FIDO-based credentials and why passwords do not scale to agentic commerce
The article frames passkeys as the bridge from human login to stronger consumer authentication because they bind a user gesture, such as biometrics, to a cryptographic authenticator. In practice, this reduces phishing risk and removes the shared-secret pattern that breaks down when multiple parties or agents need to act on behalf of a user. The deeper point is that password-based identity is too brittle for commerce paths where trust must travel with the transaction, not stop at the login screen.
Practical implication: move human customer journeys toward phishing-resistant authentication before layering agent delegation on top.
Digital credentials, claims, and agent delegation in machine-mediated payments
Agentic commerce depends on digital credentials that can carry issuer-backed attributes and be presented by a user or an agent to a relying party. That is a different trust model from a simple username and password exchange because the merchant needs to validate not only authentication but also the claims attached to the identity and the scope of delegated action. This is where verified attributes, privacy-preserving presentation, and delegation APIs become architectural, not cosmetic, requirements.
Practical implication: define which claims an agent may present, and validate them separately from raw authentication.
Machine-readable catalogues and verifiable merchant assertions
If agents are going to shop, they need catalogues they can parse and merchant claims they can trust. The article points to a world where products, promotions, and terms must be consumable by software, while the seller’s assertions must remain verifiable so agents are not optimised into bad decisions. That changes identity from a user-only control into a trust fabric spanning buyers, merchants, and intermediate agents.
Practical implication: publish structured product and policy data that agents can consume without relying on scraped web pages or brittle human workflows.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Agentic commerce creates an identity trust problem, not just a checkout problem. The central shift is that the actor making the decision is no longer always the human customer. That breaks assumptions embedded in human IAM, where authentication, consent, and transaction intent are usually coupled to the same person at the same moment. Practitioners should treat agent-mediated commerce as a new trust boundary, not a UX variant.
Identity does not stop at authentication when agents can negotiate and pay. The article shows that a verified identity must carry through delegation, presentation, and merchant verification. That makes the control plane broader than federation alone, because the relying party now needs to know who authorized the agent, what the agent is allowed to do, and whether the claims remain valid at the point of transaction. Practitioners should redesign identity flows for delegation, not just sign-in.
Human passwords are becoming the weakest link in a machine-to-machine purchasing path. Shared credentials, magic links, and CAPTCHA were built for human friction and human abuse patterns. They do not express bounded delegation, claim-level trust, or machine-readable consent, which is why they fail once an agent is expected to execute commerce at scale. Practitioners should stop treating human login controls as sufficient for downstream autonomous or delegated action.
Digital credentials for commerce are a policy problem disguised as an authentication problem. The article’s strongest idea is that interoperable identity has to move with the user, the merchant, and the agent. That is a governance shift, because the enterprise must decide which assertions are acceptable, how much privacy to preserve, and where the proof of authorization lives. Practitioners should expect identity, payments, and fraud teams to converge on one control model.
Verified agent consent is now part of the identity perimeter. The named concept here is identity portability for delegated commerce. It means identity must be portable enough to move across channels and actors, but still constrained enough to preserve accountability. For IAM leaders, the implication is clear: if the credential cannot express delegation safely, the commerce model will default back to brittle human workarounds.
From our research:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
- Agentic commerce becomes easier to govern when identity and delegation are treated as one lifecycle problem, which is why the Ultimate Guide to NHIs , 2025 Outlook and Predictions is a useful next step.
What this signals
Identity portability for delegated commerce is the control problem this article exposes. As more purchasing moves into assistants and agents, security teams will need to decide which assertions travel with the identity, which ones expire at the edge, and which ones must be rechecked at transaction time.
If you already manage human authentication and NHI governance separately, this topic shows why the boundaries are starting to blur. Agent-mediated buying will force IAM, fraud, payments, and platform teams to agree on a shared delegation model, or else risk building controls that work in isolation but fail in commerce flows.
The governance signal is clear: passwordless access helps at the edge, but it does not solve the policy layer inside the transaction. Teams that are already thinking about agent identity should compare their control model with the OWASP Agentic AI Top 10 and align it with a broader trust architecture.
For practitioners
- Phish-proof consumer authentication first Replace password-heavy consumer journeys with passkeys where the remaining human login path still creates friction or phishing exposure. Use the stronger authenticator to reduce account takeover before you introduce delegated agent flows or richer transaction logic.
- Define delegation boundaries for agents Write explicit policy for what an agent may do, what claims it may present, and which approvals are required before payment or purchase completion. Treat this as a governance control, not a product configuration exercise.
- Publish machine-readable merchant trust signals Expose catalogue, terms, and verification data in formats that software agents can consume directly. If the offer cannot be parsed and validated by an agent, the commerce flow will revert to manual friction or brittle scraping.
- Separate identity proof from transaction consent Require a clear distinction between authenticating the user, authorising the agent, and approving the purchase. That separation is what lets you trace liability and reduce the risk of an agent acting beyond the user’s intended guardrails.
Key takeaways
- Agentic commerce moves identity from login assurance to transaction assurance, which changes the control surface for IAM teams.
- Passwordless authentication helps reduce human friction, but delegated agent activity still needs explicit policy, claim validation, and merchant verification.
- The practical challenge is not whether agents can buy, but whether organisations can prove what they were allowed to do, on whose behalf, and under what rules.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agent-mediated commerce depends on bounded delegation and trust in autonomous actions. | |
| NIST AI RMF | The article centers on governance, accountability, and trustworthy AI in transactions. | |
| NIST Zero Trust (SP 800-207) | PR.AC-4 | Verified identity and least privilege are required across commerce and delegation boundaries. |
Apply least-privilege access to delegated commerce actions and revalidate trust at each transaction step.
Key terms
- Agentic Commerce: Commerce in which AI agents can search, compare, negotiate, and complete transactions for a person or organisation. The identity problem shifts from proving a user is present to proving that delegated actions are authorised, bounded, and verifiable at the moment of execution.
- Delegated Identity: An identity model where one actor performs actions on behalf of another under defined limits. In commerce, delegated identity must carry scope, consent, and accountability through the transaction chain, otherwise the agent becomes an unbounded proxy rather than a controlled delegate.
- Phishing-Resistant Authentication: Authentication that is designed to survive credential phishing, replay, and secret reuse. It uses cryptographic proof rather than shared secrets, which is especially important when humans remain the root of trust but agents or services act downstream.
- Identity Portability: The ability for identity evidence and claims to move across systems, channels, and relying parties without losing integrity or privacy. In delegated commerce, portability only works when claims can be verified by merchants and constrained by policy at the point of use.
Deepen your knowledge
Agentic commerce identity and delegation are core themes in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are designing controls for agent-mediated transactions, the course can help anchor that work in a broader governance model.
This post draws on content published by OneSpan: Sécuriser l'identité à l'ère du commerce agentique. Read the original.
Published by the NHIMG editorial team on 2025-11-21.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
