TL;DR: As AI agents conduct more commerce, merchants lose interaction signals such as device, location, and behavioural context that fraud models rely on, weakening transaction assessment and increasing the risk of false positives and missed fraud, according to Riskified. The practical shift is toward networked intelligence, agent detection, and monitoring for transaction spikes rather than relying on human-style behaviour signals.
At a glance
What this is: The article argues that agentic commerce strips out interaction data, weakening a core fraud signal set used to judge whether a transaction looks legitimate.
Why it matters: This matters because fraud and identity teams must reassess how transaction risk is scored when AI agents act on behalf of customers and the usual behavioural evidence is no longer available.
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
👉 Read Riskified's analysis of how agentic commerce changes fraud detection
Context
Agentic commerce changes fraud detection because the transaction is no longer initiated through the same human interaction patterns that most scoring systems were built to observe. When an AI agent places an order, the usual clues from device, connection, geolocation, and behaviour can disappear or become too generic to trust, which makes the primary keyword here, agentic commerce, a governance problem as much as a fraud problem.
For fraud, identity verification, and IAM teams, the issue is not whether automation exists, but whether the security model still has enough evidence to decide who or what is acting. That boundary between human intent, delegated action, and machine-originated transactions is where identity governance and fraud controls increasingly overlap.
The merchant response described in the source is typical of an industry entering an instrumentation gap. Systems designed around human interaction are being asked to score agent-driven activity with less context than before.
Key questions
Q: What breaks when fraud systems lose interaction data in agentic commerce?
A: Fraud systems lose one of their strongest context layers. Device fingerprinting, behavioural patterns, geolocation checks, and connection analysis normally help distinguish legitimate customers from abuse. When AI agents place orders, those signals can vanish or become generic, which makes scoring less precise and can increase both missed fraud and false positives.
Q: Why do AI agents complicate transaction risk assessment?
A: AI agents complicate transaction risk assessment because they can act on a customer’s behalf without producing the human behavioural cues that fraud models expect. That blurs the boundary between normal automation and malicious activity, so merchants need better classification, stronger identity context, and more shared intelligence across transactions.
Q: How do security teams know whether agentic commerce controls are working?
A: Look for stable fraud loss rates, reduced false positives on agent-driven orders, and consistent classification of legitimate automation versus malicious bots. If agentic order volumes rise but your alert quality and review accuracy collapse, the controls are not keeping pace with the new transaction pattern.
Q: Who is accountable when AI agents place fraudulent transactions?
A: Accountability usually sits across fraud operations, identity governance, and the business owner of the delegated workflow. The key question is whether the organisation had a control model that recognised agent-mediated activity and applied appropriate verification, review, and monitoring before allowing commerce at scale.
Technical breakdown
Why interaction data is the missing fraud signal in agentic commerce
Fraud models often combine interaction, customer, and order data. Interaction data is the behavioural layer: device fingerprints, time zone mismatch, connection type, location patterns, and click or touch behaviour. In agentic commerce, that layer can collapse because the agent performs the transaction without the physical cues a human normally creates. The result is not just less data, but less discriminating data, which weakens scoring confidence and can make legitimate agent-driven orders look anomalous. For fraud operations, that means the model input changes, not merely the volume of transactions.
Practical implication: re-tune transaction models for lower interaction-signal availability before agentic order volume scales.
How fraud intelligence networks replace local interaction evidence
When local behavioural evidence disappears, consortium and intelligence-network data can restore some of the context. These networks correlate buying patterns, repeat identities, device histories, and observed abuse patterns across merchants. That does not recreate the lost interaction signal, but it changes the question from whether this single session looks normal to whether the account or pattern has been seen behaving suspiciously elsewhere. For merchants, this is a move from isolated detection to shared pattern recognition, which is especially useful when the customer journey is mediated by an AI agent rather than a browser session.
Practical implication: integrate consortium intelligence into fraud review workflows for transactions where behavioural evidence is thin.
Detecting agentic commerce requires separating legitimate automation from malicious bots
Older bot detection often assumes a binary choice between human and malicious automation. Agentic commerce breaks that assumption because a legitimate customer-authorised agent may look structurally similar to an abusive bot. Detection therefore has to identify the source and purpose of the transaction, not only its automation characteristics. That is where identity-linked signals, prior customer history, and policy context become important. In practice, the control problem shifts from blocking automation to classifying it correctly so the right risk logic, challenge flow, or manual review path is applied.
Practical implication: classify agentic transactions explicitly so legitimate automation is not routed through generic bot controls.
Threat narrative
Attacker objective: The attacker aims to hide fraudulent purchases inside transaction flows that look like legitimate AI-assisted commerce.
- Entry occurs when an agentic commerce session reaches the merchant without the human behavioural cues the fraud engine expects.
- Escalation follows when the transaction is scored with degraded interaction data, making malicious and legitimate activity harder to separate.
- Impact is a rise in missed fraud or false positives because the model no longer has enough evidence to distinguish intent from automation.
NHI Mgmt Group analysis
Agentic commerce creates a transaction-verification gap, not just a fraud gap. When the customer is mediated by an AI agent, the evidence set used by fraud teams becomes materially thinner. That changes how identity, device trust, and behavioural assurance intersect in payment flows. Practitioners should treat this as a governance issue that spans fraud, identity verification, and delegated access decisions.
Interaction-signal loss is the defining control problem in agentic commerce. The merchant no longer receives the same behavioural telemetry that traditional fraud models were calibrated against. That does not mean transaction risk is unknowable, but it does mean the old assumption that a session will provide enough human-style evidence is no longer safe. Practitioners should rebuild controls around alternative context sources and explicit agent identification.
Fraud intelligence networks become more valuable as local telemetry declines. Shared signals, repeat pattern recognition, and cross-merchant context can partly offset the disappearance of device and interaction data. This is not a replacement for local control, but it is a necessary supplement when the merchant cannot observe a user interacting in a conventional way. Practitioners should view network intelligence as a compensating control, not a standalone answer.
Agentic commerce will force identity and fraud teams to share a control plane. The question is no longer only whether a transaction is fraudulent, but whether the acting entity is a person, a delegated agent, or a malicious bot. That boundary affects authorisation, customer verification, and risk scoring at the same time. Practitioners should align fraud controls with identity governance before agent volumes become operationally material.
What this signals
Agentic commerce will push fraud programmes toward a more explicit identity model for delegated action. The practical issue is not simply missing telemetry, but the loss of confidence in who or what initiated the transaction, which means fraud review, customer verification, and policy enforcement have to become more tightly coupled.
Delegated-activity blind spot: when AI agents act for customers, the organisation may be unable to prove whether a transaction was customer-intended or agent-induced. That creates reporting pressure, especially for teams trying to reconcile fraud signals with identity governance and audit obligations. Security leaders should expect these workflows to demand more explicit controls over authorisation, provenance, and monitoring.
Merchant teams should also expect false-positive tuning to become a standing operational task rather than a periodic model exercise. As agentic traffic grows, the quality of shared intelligence, classification accuracy, and escalation policy will matter more than any single detection feature, and the organisations that prepare early will absorb the transition more cleanly.
For practitioners
- Recalibrate fraud models for low-interaction sessions Test how scoring changes when device, click, geolocation, and connection signals are absent or generic. Set new thresholds for review and challenge flows before agentic commerce volume expands.
- Add explicit agentic transaction classification Tag transactions that originate from AI agents so review rules can distinguish authorised automation from abusive bot traffic. That classification should feed both fraud logic and customer risk reporting.
- Use consortium intelligence as a compensating control Incorporate cross-merchant intelligence to recover context when local behavioural evidence is weak. Prioritise signals that identify repeat abuse patterns, shared identities, and known malicious buying behaviour.
- Monitor for abnormal spikes in agentic orders Set alerting for sudden changes in agent-driven transaction volume, especially when the increase is not aligned with customer onboarding or product changes. Investigate spikes as possible attack probes, not just demand shifts.
Key takeaways
- Agentic commerce weakens fraud detection because it removes the behavioural evidence that transaction models were built to trust.
- The scale of the AI agent risk is already visible in adjacent governance data, with 80% of organisations reporting agents acting outside intended scope.
- Merchants should respond by classifying agentic transactions, using intelligence networks, and retuning review logic before automation volume grows further.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, while GDPR define the regulatory obligations.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Agentic transaction classification depends on knowing who or what is initiating access. |
| NIST SP 800-53 Rev 5 | IA-2 | Authentication and identity assurance matter when agents replace human session evidence. |
| GDPR | Art.5 | Customer data and identity-linked transaction records raise processing and minimisation concerns. |
Limit and document transaction data use under Art.5 when building fraud and agentic commerce controls.
Key terms
- Agentic Commerce: Commerce in which software agents initiate or complete purchases on behalf of a customer. In security terms, it changes the evidence available for fraud detection because the transaction may no longer carry the normal behavioural signals produced by a human user.
- Interaction Data: The behavioural and technical evidence generated by a user during a transaction, including device signals, geolocation, connection type, and navigation patterns. Fraud teams use it to estimate whether the actor behaves like a legitimate customer or a malicious actor.
- Fraud Intelligence Network: A shared data source that aggregates abuse patterns, customer histories, and risk indicators across multiple merchants or participants. It helps compensate when local session data is sparse by adding broader context about repeat abuse and emerging patterns.
- Delegated Transaction: A transaction initiated by one entity on behalf of another, often through an AI agent or automation workflow. The governance challenge is proving the authority, intent, and provenance of the action when the initiator is not the end customer directly.
What's in the full article
Riskified's full article covers the operational detail this post intentionally leaves for the source:
- How its fraud models separate interaction, customer, and order data in agentic commerce flows.
- Examples of the transaction signals merchants lose when AI agents place orders on behalf of customers.
- Why consortium intelligence can supplement weaker local telemetry for fraud review.
- Operational monitoring ideas for spikes in agentic transactions that may indicate abuse.
Deepen your knowledge
The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, identity lifecycle, and secrets management for practitioners building stronger access control models. It is designed for security teams that need to connect identity decisions to the broader governance demands created by AI-driven workflows.
Published by the NHIMG editorial team on 2026-01-15.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org