By NHI Mgmt Group Editorial TeamPublished 2026-06-03Domain: Cyber SecuritySource: Signifyd

TL;DR: AI agent referrals in Commerce Network were 13.5 times higher in October 2025 than a year earlier, with sales from those referrals up 894%, as ecommerce brands face a new visibility and checkout environment, according to Signifyd. The governance challenge is not only discovery quality but also whether fraud and identity controls can interpret agent-shaped buying behaviour without blocking legitimate sessions.


At a glance

What this is: Signifyd argues that ecommerce AI agents are reshaping product discovery, and that merchants must make their content, policies, and checkout signals machine-readable enough to be recommended accurately.

Why it matters: For IAM and fraud teams, the important issue is that AI-assisted shopping changes how trust is expressed, how legitimate sessions look, and how identity and risk signals need to be interpreted across the customer journey.

By the numbers:

👉 Read Signifyd's analysis of how AI agents are changing ecommerce discovery and checkout risk


Context

AI agents in ecommerce sit between product discovery and purchase execution. They interpret shopper intent, compare options, and can influence which brands get surfaced, which creates a new governance problem for merchants: content now has to be understandable to both people and machine systems, and that requirement extends into fraud and checkout controls.

This matters to IAM and fraud practitioners because AI-assisted commerce changes the shape of a legitimate session. A fast, low-click, direct-to-product path may be normal when an assistant has already narrowed the options, but the same pattern can resemble automated abuse unless identity, device, payment, and behavioural signals are assessed together.


Key questions

Q: How should merchants make sure AI assistants describe their brand accurately?

A: Merchants should test the same prompts across multiple assistants and compare the answers to their source-of-truth pages. Focus on product facts, policies, intended use cases, and differentiators. Then fix the pages and schema that assistants are most likely to use. The goal is consistent machine-readable truth, not more marketing language.

Q: Why do AI agents complicate ecommerce fraud controls?

A: Because AI assistants can compress the discovery phase outside the merchant site, legitimate sessions may look unusually fast, direct, or shallow once they reach checkout. That breaks assumptions built into many fraud models. Teams should combine behavioural signals with identity, device, payment, and address context before escalating risk.

Q: What do security teams get wrong about AI-assisted checkout?

A: They often assume that low page depth or rapid checkout is automatically suspicious. In AI-assisted commerce, those signals may simply mean the shopper did the comparison work elsewhere. The better approach is to evaluate whether the session is consistent across account history, device, payment method, and fulfilment details.

Q: Who is accountable when AI systems misrepresent product or policy information?

A: Accountability sits with the merchant because the assistant is summarising the merchant’s public signals. That makes content governance, policy accuracy, and structured data quality part of operational control. Merchants should own the review process the same way they own pricing, returns, and checkout risk decisions.


Technical breakdown

How AI agents change ecommerce discovery signals

AI agents do not just retrieve pages. They interpret prompts, infer shopper intent, and choose which products, policies, and brands to use in their response. That means the store is no longer being judged only by search ranking or click-through behaviour. It is being parsed by systems that rely on structured data, policy clarity, product attributes, and consistency across pages. When those signals conflict, the agent can misstate the offer or omit the brand entirely. The governance issue is not visibility alone. It is whether the underlying data is machine-readable, current, and specific enough to support accurate recommendation.

Practical implication: treat product content and policy pages as machine-facing control surfaces, not just marketing assets.

Why agent-assisted checkout complicates fraud and identity review

Traditional fraud models often assume a longer browsing path, more behavioural noise, and more visible comparison activity before checkout. AI-assisted shopping compresses that journey. A shopper can spend time in the assistant, then arrive at checkout with a short on-site session that still reflects legitimate intent. That does not remove fraud risk. It changes the signals. Risk teams need to evaluate device, account history, payment method, address consistency, and behavioural context together rather than over-weighting page depth or session duration. In other words, the identity story is broader than the browser path.

Practical implication: recalibrate fraud rules that penalise fast checkout or low page depth without additional context.

Why structured data now affects recommendation quality

Structured data gives AI systems a more reliable way to interpret product facts, pricing, sizing, availability, and policy details. Without it, the agent must infer from unstructured copy, which increases the chance of stale, incomplete, or inconsistent answers. This is especially important where the product is differentiated by use case, fit, or policy rather than obvious feature lists. In practice, structured data becomes part of governance because it reduces ambiguity between what the merchant intends to say and what the assistant can safely summarise.

Practical implication: audit schema, product attributes, and policy metadata together so the same facts are available to search and AI systems.


Threat narrative

Attacker objective: The objective is not classic compromise but demand diversion, where inaccurate machine interpretation shifts purchases away from the intended merchant or forces unnecessary risk friction.

  1. Entry occurs when an AI assistant or shopping agent ingests merchant content, product pages, policies, and structured data to decide what to recommend.
  2. Escalation happens when inconsistent, outdated, or incomplete signals cause the agent to overstate a product, miss a differentiator, or surface the wrong brand.
  3. Impact is lost revenue, misrouted demand, and higher fraud-review friction when legitimate agent-assisted sessions are misclassified as suspicious.

NHI Mgmt Group analysis

AI-assisted commerce creates a recommendation governance problem, not just a search problem. Merchants are no longer optimising only for human browsing and keyword ranking. They are optimising for how external assistants interpret product intent, policy language, and differentiators. That makes machine readability a governance control, not a marketing preference. Practitioners should treat content consistency, schema quality, and policy clarity as part of the trust boundary.

Fraud controls now need to understand compressed purchase journeys. AI assistants can move evaluation upstream, leaving the merchant with a shorter and less obviously “human” on-site session. Legacy rules that penalise low page depth or rapid checkout will increasingly create false positives unless they are balanced with identity, payment, and device context. Teams should revisit review logic before agent-assisted traffic becomes the default pattern.

AI visibility is becoming a revenue integrity issue. The immediate risk is not only that a brand is absent from an assistant’s answer. It is also that the assistant summarises stale policies, out-of-date product facts, or weak differentiators in ways that redirect demand elsewhere. The control gap is content governance across the full commerce stack, from product detail pages to checkout rules. Practitioners should measure recommendation accuracy the same way they measure conversion and fraud loss.

Machine-readable brand signals are emerging as a distinct operational concept. This is the layer where product truth, policy truth, and intent language must align so AI systems can evaluate a store correctly. If that layer is thin or contradictory, the assistant fills in gaps with inference. Teams should make this concept explicit in governance so merchandising, fraud, and identity stakeholders work from the same facts.

What this signals

Machine-readable brand signals are becoming part of the commerce control plane. When assistants source answers from inconsistent product pages, policy text, and schema, the merchant loses control over how demand is routed. The practical response is to treat content governance as an operational risk issue, not a copywriting exercise.

The identity angle is subtle but important. AI-assisted shopping changes what a legitimate session looks like, which means fraud teams and IAM-adjacent stakeholders need shared context before making escalation decisions. The right control set is not a single score, but a combination of account, device, and fulfilment evidence.

Practitioners should also watch for drift between what merchants intend, what structured data says, and what AI systems repeat. That gap is where recommendation errors, conversion loss, and unnecessary review friction accumulate. Stronger signals reduce both commerce risk and trust ambiguity.


For practitioners

  • Audit AI-facing brand signals Test how multiple assistants describe your brand, products, and policies, then compare the answers against your source-of-truth pages. Focus on what they get wrong, miss, or overstate, and fix the highest-value inconsistencies first.
  • Strengthen machine-readable product facts Update product detail pages, FAQs, schema markup, and policy pages so product attributes, use cases, return terms, and availability are available in clear, consistent language that agents can parse.
  • Rebalance checkout fraud rules Review rules that over-penalise direct-to-product visits, low page depth, or rapid checkout. Add account, device, payment, and delivery context so legitimate AI-assisted sessions are not treated as suspicious by default.
  • Build quarterly visibility testing into workflow Rerun priority prompts across the assistants your customers use every quarter, then compare changes in recommendation quality, policy accuracy, and competitor placement to catch drift early.

Key takeaways

  • AI agents are reshaping ecommerce discovery, which means brand visibility now depends on machine-readable product, policy, and intent signals.
  • Agent-assisted shopping compresses on-site behaviour, so legacy fraud rules that rely on long browsing paths will generate more false positives.
  • Merchants need to govern content, schema, and checkout risk together because AI recommendations and identity decisions are now linked in the same customer journey.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 address the attack surface, NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST AI RMF set the technical controls, and GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0PR.AC-4Identity and access context affects how AI-assisted commerce sessions are evaluated.
NIST SP 800-53 Rev 5AC-6Least privilege thinking applies to what AI systems can infer from merchant content.
OWASP Agentic AI Top 10The article sits in the agentic AI commerce surface where assistant misinterpretation matters.
NIST AI RMFMAPThe AI RMF supports identifying where AI-mediated commerce creates governance and trust risk.
GDPRThe article touches personal data through identity, device, and order context in checkout.

Review whether your data handling and risk signals remain proportionate when AI-assisted sessions use personal data.


Key terms

  • AI Visibility: AI visibility is the degree to which assistants can correctly understand and surface a brand, product, or policy from available public signals. It depends on structured data, clear copy, and consistency across source pages, because models summarise what they can reliably parse.
  • Machine-Readable Brand Signals: Machine-readable brand signals are the structured facts and consistent language that help an AI system interpret what a merchant sells, who it is for, and how it should be described. They include attributes, FAQs, schema markup, policy text, and product context.
  • Agent-Assisted Checkout: Agent-assisted checkout is a purchasing flow where an AI system has already narrowed the options or shaped the buyer’s intent before the shopper lands on the merchant site. The on-site session may look shorter or thinner than traditional shopping, which affects fraud review and identity interpretation.
  • Commerce Identity Context: Commerce identity context is the combination of account, device, payment, address, and behavioural evidence used to decide whether a transaction is legitimate. In AI-assisted journeys, it is more reliable than browsing depth alone because the discovery work may have happened outside the site.

What's in the full article

Signifyd's full post covers the operational detail this analysis intentionally leaves for the source:

  • Step-by-step guidance for auditing product pages, FAQs, and policy text so AI assistants can summarise your brand more accurately.
  • Examples of the exact prompts merchants can use to test how different assistants describe their brand and products.
  • Practical advice on balancing rapid checkout signals against identity, device, payment, and delivery context in fraud review.
  • Workflow suggestions for making AI visibility testing a recurring part of ecommerce operations.

👉 Signifyd's full post walks through AI visibility testing, structured data, and fraud rule review in more operational detail.

Deepen your knowledge

NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, workload identity, and secrets management in the context security teams need to govern. It helps practitioners connect identity control to the broader operating realities their programmes depend on.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-06-03.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org