By NHI Mgmt Group Editorial TeamPublished 2026-04-23Domain: Governance & RiskSource: Riskified

TL;DR: Retailers are moving conversational commerce into AI-driven discovery, checkout, and support, but external platforms still lack access to product, inventory, and customer context, according to Riskified. The identity question is no longer whether AI can sell, but whether merchants can keep decision authority, customer trust, and abuse controls inside their own environment.


At a glance

What this is: This is an analysis of how conversational commerce and merchant-side AI change who controls customer interactions, with the key finding that native brand AI can use proprietary data to make better decisions than external platforms.

Why it matters: It matters because IAM, fraud, and identity teams now have to govern AI-mediated customer decisions in real time, where access to customer history, risk signals, and transaction context determines both service quality and abuse exposure.

👉 Read Riskified's analysis of merchant-side AI in conversational commerce


Context

Conversational commerce is the use of AI chat interfaces to guide product discovery, comparison, and purchase decisions. The security and governance problem is not whether these interfaces work, but where decision authority sits and which identity signals the agent can see before it acts. In merchant environments, that becomes an access and context problem as much as a customer-experience problem.

External platforms can drive referral traffic, but they do not naturally carry the proprietary product catalog, inventory, and customer-history context that merchants need to make accurate decisions. That creates a governance gap for identity-led commerce: the same AI pattern can either be a controlled extension of the merchant’s operating model or an uncontrolled handoff of the customer relationship and the fraud decision surface.


Key questions

Q: How should retailers govern AI agents that handle refunds and returns?

A: Retailers should govern refund and return agents as decisioning identities with bounded authority. The agent needs only the data required for the specific action, plus real-time risk context before it approves anything. Final authorisation should remain constrained by policy, with clear escalation paths for ambiguous or high-value cases.

Q: Why do external AI platforms create governance risk in conversational commerce?

A: External platforms can improve discovery, but they usually lack the merchant’s proprietary inventory, catalog, and customer-history context. That means the AI can look capable while making decisions with incomplete identity and transaction signals. The risk is not only poor customer experience, but also loss of accountability and control over abuse-prone actions.

Q: What breaks when AI agents issue customer service decisions without risk context?

A: Without risk context, an agent cannot reliably tell a loyal customer from a repeat abuser, so it will either approve too much or block too aggressively. In both cases, the business absorbs the cost. The control failure is acting before the identity signal has been enriched and validated.

Q: Should organisations keep conversational AI inside their own environment?

A: Where the AI is making or influencing high-stakes commercial decisions, keeping it inside the merchant environment usually preserves better governance and clearer accountability. External platforms can still support discovery, but the business should retain the decision path, the supporting signals, and the ability to enforce policy at runtime.


Technical breakdown

Why merchant-side context changes AI decision quality

An AI system is only as useful as the data and permissions behind its answers. In retail, catalog data, inventory state, customer history, and prior abuse signals determine whether an automated recommendation or refund decision is accurate. Without that context, external AI becomes a thin discovery layer that can talk fluently but cannot safely decide. Merchant-side deployment changes the identity problem because the agent is no longer just a conversational front end. It becomes a decision point that depends on tightly governed access to operational and behavioural data.

Practical implication: Practitioners should treat merchant AI as an identity-controlled decision system, not a chat interface, and scope its data access accordingly.

How identity intelligence supports refunds and post-purchase actions

Refunds, returns, claims, and shipping exceptions are high-risk actions because the same workflow serves legitimate customers and policy abusers. Identity intelligence reduces ambiguity by correlating behavioural patterns across transactions and accounts, allowing the system to distinguish a loyal customer from a repeat exploit pattern. That is a non-human identity problem when the AI agent is making or recommending the action, because the agent needs authoritative signals at the moment of decision. The key technical issue is real-time enrichment: the model must see risk context before the action is finalised.

Practical implication: Teams need policy enforcement and enrichment hooks at the exact decision point, not after the refund or return has already completed.

What changes when AI takes over customer service workflows

When AI begins handling customer service autonomously, the trust boundary moves from the human agent to the decision system. That system can scale abusive behaviour if it is too permissive, or damage loyalty if it is too rigid. The technical challenge is not simply automation, but identity-aware orchestration: the agent must combine customer context, risk scoring, and policy thresholds in a controlled runtime flow. In practice, this is where merchant AI either becomes a governance asset or a liability. The deciding factor is whether the system is allowed to act with sufficient context and bounded authority.

Practical implication: Merchant teams should separate conversational handling from final authorisation so the AI cannot exceed approved decision bounds.


NHI Mgmt Group analysis

Merchant AI turns conversational commerce into an identity governance problem, not just a customer-experience feature. The article is really about where trust and decision authority live when an AI agent can influence purchase and post-purchase outcomes. Once the agent is given customer context and action rights, access control, policy enforcement, and data minimisation become the real design variables. Practitioners should govern the agent as a decisioning identity, not as a front-end chatbot.

Cross-merchant identity intelligence is the differentiator that makes AI decisions safer at scale. The article shows that no single retailer can fully understand abuse patterns from its own data alone. That is a NHI governance lesson as much as a fraud lesson: the quality of an automated decision depends on the quality of the identity signals feeding it. Practitioners should think in terms of context federation, not isolated customer records.

Identity blast radius is the right concept for AI-mediated commerce. When an agent has access to refunds, claims, and customer history, a bad policy decision can ripple across revenue, trust, and abuse exposure at the same time. The article’s core insight is that the merchant is not choosing between convenience and control. It is choosing how far one AI decision can spread before human review or policy limits intervene. Practitioners should define that blast radius explicitly.

Real-time decisioning matters more than retrospective review in conversational commerce. The article describes a moment-of-interaction model where the agent needs the right signal before it acts. Post-event fraud review cannot undo a wrongly approved refund or a badly handled loyal customer. The implication is that governance must move upstream into the runtime path, where access, identity signal, and policy meet.

Native deployment does not eliminate risk, but it does preserve accountability. The article argues that external AI can still be useful as a discovery layer, yet the merchant should retain the relationship and the control plane. That is the right boundary for identity governance because accountability is far easier to enforce when the decisioning system sits inside the merchant’s own operating model. Practitioners should keep final authority close to the business that bears the loss.

From our research:

  • While 71% of IT teams have been advised on AI agent data access, only 47% of compliance teams, 39% of legal teams, and 34% of executives have the same visibility, according to AI Agents: The New Attack Surface report.
  • That visibility gap matters because 80% of organisations report AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, sharing sensitive data, and revealing access credentials.
  • For practitioners, the next step is to study OWASP NHI Top 10 for agent-governed access patterns and runtime control failure modes.

What this signals

Identity blast radius: conversational commerce will keep expanding, but the governance question is how far a single AI-mediated decision is allowed to travel across revenue, trust, and fraud exposure. Teams that cannot define that boundary will end up reviewing incidents after the customer outcome is already locked in.

The practical signal is that agentic commerce needs runtime policy, not just model quality. If the agent cannot see the right identity and abuse context before it acts, the organisation is effectively outsourcing commercial control to incomplete data.

As these workflows mature, expect closer alignment with NIST AI Risk Management Framework style governance and with merchant-side review models that treat AI actions as accountable business decisions, not conversational outputs.


For practitioners

  • Classify merchant AI as a decisioning identity Map every conversational commerce use case to the data, policy, and transaction rights the agent can touch. Limit access to the minimum records needed for the specific step in the journey, and separate discovery from approval where the business impact is material.
  • Insert identity intelligence at the moment of action Feed real-time risk and behavioural context into refund, return, and claims workflows before the agent finalises a decision. Build the control so the system can block, step up, or route to review when the signal is weak or inconsistent.
  • Define blast-radius limits for AI-mediated service flows Set hard policy boundaries for refunds, credits, escalations, and exceptions so a single automated decision cannot create outsized financial or trust impact. Review those limits with fraud, IAM, and support leaders together, not separately.
  • Keep external AI as a discovery layer only where appropriate Use external platforms for search and referral when they improve reach, but avoid handing them the core customer decision path. Retain final authorisation, supporting signals, and exception handling inside the merchant environment.

Key takeaways

  • Conversational commerce becomes an identity problem as soon as AI is allowed to make or influence commercial decisions.
  • The scale signal is clear: merchant-side context and cross-merchant identity intelligence are what separate safe automation from blind automation.
  • The practical answer is to keep AI within bounded decision authority, with real-time risk context and clear policy limits at the point of action.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10NHI-03Agent decisioning and contextual access are central to the article’s AI commerce model.
NIST AI RMFGOVERNThe article centers on accountability and oversight for AI-mediated customer decisions.
NIST CSF 2.0PR.AC-4The post focuses on controlled access to customer and transaction context.
NIST Zero Trust (SP 800-207)Zero trust principles fit runtime verification before AI-driven account or refund actions.

Verify context and policy before each high-impact AI action instead of trusting session state.


Key terms

  • Conversational Commerce: A shopping model where customers use natural-language interfaces to discover products, compare options, and complete actions. In governance terms, it shifts commercial decisions into software that must be given controlled access to product, inventory, and customer data.
  • Identity Intelligence: Context about who a customer is, how they behave, and whether their actions fit known risk patterns. It turns raw account and transaction data into decision support for fraud, service, and policy enforcement, especially when an AI system must act in real time.
  • Identity Blast Radius: The amount of business, trust, or security impact that one identity-driven decision can create before it is reviewed or contained. In AI commerce, it helps teams think about how far a refund, exception, or escalation can spread when an automated agent gets the call wrong.

What's in the full article

Riskified's full analysis covers the operational detail this post intentionally leaves for the source:

  • How its identity intelligence is applied inside customer service workflows at the moment of refund or high-risk request
  • How cross-merchant behavioural signals are correlated when no single shared customer key exists
  • How merchants can use AI agents for discovery while preserving control of the customer relationship
  • How real-time scoring changes handling for trusted customers versus serial abusers

👉 The full Riskified article covers the identity intelligence model, AI workflow examples, and customer service use cases in more detail.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM or identity governance programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-04-23.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org