TL;DR: Persistent identity verification is the control needed when AI agents initiate transactions and access services on behalf of people, because one-time onboarding no longer captures purpose, authorization, or ongoing trust across the customer lifecycle, according to Prove Identity. The real shift is that identity becomes a continuous decision layer, not a checkpoint, as agentic commerce expands.
At a glance
What this is: This is Prove Identity’s view that AI-driven commerce needs continuous identity verification across people, businesses, and AI agents, not just onboarding-time checks.
Why it matters: It matters because IAM, fraud, and customer identity teams now have to govern delegated actions and ongoing trust decisions, not just initial authentication.
👉 Read Prove Identity’s interview on identity as the trust layer for AI commerce
Context
AI agentic commerce changes the identity problem from verifying a person once to verifying whether a specific action is actually authorised in the moment. That shifts the control boundary from onboarding into every transaction, session, and delegated decision.
The existing split between onboarding, authentication, and fraud controls creates gaps when AI agents can initiate actions on behalf of users. For IAM and identity verification teams, the question is no longer just who authenticated, but what identity, purpose, and authority sit behind the action.
This is a familiar pattern in modern identity programmes: when verification is treated as a point event, fraud and abuse move into the spaces between systems. In AI commerce, those spaces widen because the actor may be human, delegated software, or both.
Key questions
Q: How should security teams handle delegated AI actions in customer identity flows?
A: Treat delegated AI actions as high-risk identity events, not as ordinary automation. Security teams should require transaction-scoped policy checks, tie each action to a verified purpose, and ensure the underlying account, device, and behavioural context are evaluated together before approval. The goal is to prevent a valid identity from becoming blanket authority.
Q: Why do fragmented identity systems create fraud and trust gaps?
A: Fragmented identity systems fail because no single control sees the full path from proofing to authentication to transaction execution. A user can be legitimately verified and still complete an unauthorised action if fraud, authentication, and authorisation decisions are disconnected. Consolidating signals reduces the chance that an attacker can exploit the seams between systems.
Q: What do organisations get wrong about identity verification for AI commerce?
A: They often treat verification as a one-time answer to a trust problem that continues changing after login. In AI commerce, the real issue is whether each action remains authorised for the current purpose and context. Identity programmes that stop at onboarding will miss delegated misuse, overbroad permissions, and consent drift.
Q: Who is accountable when an AI agent completes an unauthorised transaction?
A: Accountability should sit with the organisation that granted the delegated authority and defined the policy boundary. If the system allows an AI agent to act on a person’s behalf, the programme must be able to show what was authorised, what context was checked, and where the decision was enforced. Without that, ownership becomes ambiguous.
Technical breakdown
Continuous identity verification in agentic commerce
Agentic commerce depends on persistent trust decisions because the actor initiating a transaction may not be the actor benefiting from it. Continuous identity verification means the system reassesses identity signals during the lifecycle of an interaction, not only at login or account opening. That can include device posture, behavioural patterns, transaction context, account history, and delegated authority signals. The architectural shift is from static assurance to ongoing confidence scoring and step-up decisions. This is not the same as re-authentication alone, because the issue is not just session freshness, but whether the current action remains consistent with the verified identity and its permitted scope.
Practical implication: move identity assurance from a one-time gate to a transaction-level control.
Why fragmented identity stacks create fraud gaps
When onboarding, authentication, and fraud prevention live in separate systems, each system sees only part of the risk. Onboarding may verify a person, authentication may validate a session, and fraud tooling may detect anomalies after the fact, but none of them alone can answer whether a delegated action is authorised for this purpose. Fragmentation also slows response because controls are not sharing the same context. In practice, fraudsters exploit those seams with account takeover, synthetic identities, and abused automation. AI agents increase the value of connecting those controls because the chain of trust must survive beyond the initial identity proofing event.
Practical implication: align identity proofing, authentication, and fraud signals into one policy decision path.
Authorised action versus legitimate user
In agentic commerce, legitimacy is no longer a binary yes or no. A real person may be verified, but the specific action could still be unauthorised if it exceeds consent, context, or intent. That distinction matters because AI agents can operationalise broad permissions faster than humans notice. Identity systems therefore need to represent purpose, delegation, and action scope, not just account ownership. This is where identity verification starts overlapping with authorisation governance and fraud controls. If the programme only asks whether the user is real, it misses whether the transaction is still within the bounds of what the user intended.
Practical implication: add purpose and delegation checks to high-risk transaction flows.
Threat narrative
Attacker objective: The objective is to convert verified identity into unchallenged transaction authority, enabling fraud, abuse, or unauthorised access at scale.
- Entry occurs when an attacker or automated fraud path reaches the transaction layer through a verified account, delegated agent, or abused onboarding path.
- Escalation follows when fragmented identity controls fail to correlate the initial proofing event with the later action, allowing the actor to exceed intended authority.
- Impact is realised when transactions, access requests, or service actions are completed under a trust decision that no longer reflects the current purpose or consent.
Breaches seen in the wild
- Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
- Meta AI Instagram Account Takeover — 20,225 Instagram accounts hijacked via compromised Meta AI support chatbot with overprivileged access.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Identity verification is moving from a point control to a lifecycle control. The article’s core claim is that one-time onboarding no longer matches how delegated, AI-assisted, and transactional identities behave. That is consistent with modern identity governance: the control value now sits in continuous context, not initial proof alone. Practitioners should treat verification as a persistent policy decision rather than a completed event.
Agentic commerce creates a purpose problem, not just a person problem. Verifying that a real person exists is no longer sufficient when software can initiate actions on that person’s behalf. The governance challenge becomes whether a specific action was authorised for a specific purpose, which pushes identity programmes closer to delegated authority management and transaction-level assurance. IAM teams should expect authorisation, fraud, and identity verification to converge.
Fragmented identity stacks create a trust gap that attackers can exploit between systems. When onboarding, authentication, and fraud prevention operate separately, each layer can be correct and still fail the overall decision. That is the control gap this article exposes: incomplete trust chaining across the identity lifecycle. The implication is that practitioners must evaluate the seams between controls, not just the controls themselves.
Identity is becoming the policy fabric of digital commerce, not a back-office checkpoint. The article reflects a broader market direction where trust infrastructure is expected to support growth, customer experience, and fraud reduction at the same time. That raises the bar for identity programmes because they now influence revenue flow, not only security posture. Security leaders should expect identity platforms to be judged on transaction confidence as much as authentication strength.
From our research:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
- Our research on AI agent risk shows 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.
What this signals
Agentic commerce will force identity programmes to move closer to policy enforcement than proofing alone. As AI-mediated transactions become normal, the practical question is whether your current identity controls can express purpose, delegation, and per-action authority. The organisations that keep identity verification at the onboarding layer will accumulate trust debt across high-value journeys.
Continuous trust evaluation will become a governance requirement, not an optimisation. When a verified identity can trigger actions later through software, the control objective changes from authenticating the user to validating the decision. Teams should prepare for more transaction-scoped approvals, stronger fraud correlation, and closer alignment between IAM and risk operations.
With 33% of organisations already reporting AI agents accessing sensitive data beyond intended scope in our research on AI agent risk, the programme signal is clear: delegated identity now needs lifecycle oversight, not just login assurance.
For practitioners
- Map delegated action paths end to end Trace where a verified user can trigger transactions, approvals, or service actions through AI assistants, automation, or downstream workflows. Identify where the system stops checking purpose and starts assuming authority. Use those seams to define high-risk flows for stronger policy checks.
- Unify identity proofing and fraud telemetry Bring onboarding evidence, device context, behavioural signals, and transaction outcomes into one decision path so the same identity can be evaluated across the full customer lifecycle. Separate tools may still exist, but the policy decision should not be split across them.
- Add purpose checks to delegated actions Require explicit purpose, consent, or transaction-scoped approval for actions that move money, change account state, or expose sensitive data. This is especially important when AI agents can act quickly enough to outpace human review.
- Review trust assumptions in customer lifecycle design Reassess where your programme assumes a verified identity remains trustworthy without revalidation. Focus on account recovery, step-up authentication, high-value transactions, and service interactions that can be initiated by non-human actors.
Key takeaways
- Identity verification is becoming a continuous trust function because AI agents can act after the original onboarding moment has passed.
- Fragmented onboarding, authentication, and fraud controls leave seams that attackers and misuse paths can exploit.
- Practitioners should move toward purpose-aware, transaction-level identity governance for delegated and AI-mediated actions.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF, NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Agentic commerce raises delegated action and tool-use governance issues. | |
| NIST AI RMF | GOVERN | The post is about trust governance across AI-mediated decisions. |
| NIST CSF 2.0 | PR.AC-4 | Continuous identity assurance aligns with access permission management. |
| NIST Zero Trust (SP 800-207) | Persistent verification and continuous trust align with zero trust principles. |
Assess delegated AI actions against agentic risk patterns and require purpose-bound policy checks.
Key terms
- Continuous Identity Verification: A control approach that reassesses identity trust during the full lifecycle of a session or transaction, not only at login. It combines context, behaviour, device state, and risk signals so the system can decide whether the current action still matches the verified identity and its permitted scope.
- Agentic Commerce: A transaction model where AI systems can initiate actions on behalf of people, such as purchases, account changes, or service requests. The governance challenge is not only whether the user is real, but whether the delegated action is authorised for the specific purpose, context, and risk level involved.
- Purpose-based Authorisation: A policy model that checks why an action is being taken, not just who is taking it. In identity programmes, this matters when delegated systems or AI agents can act quickly and broadly, because consent and intent must be tied to a specific transaction rather than assumed from account ownership.
- Identity Lifecycle Trust: The idea that trust must be maintained across onboarding, authentication, ongoing access, and transaction execution. For modern identity programmes, lifecycle trust matters because verified identities can still become risky if context changes, authority expands, or delegated actions drift beyond the original intent.
What's in the full article
Prove Identity's full post covers the operational detail this post intentionally leaves for the source:
- How Prove describes its identity platform components across adaptive authentication, monitoring, and fraud intelligence.
- The interview framing behind agentic commerce and why purpose-based authorisation matters for delegated actions.
- The specific industries Prove says are most exposed to AI-driven trust and fraud changes, including banking, fintech, healthcare, commerce, gaming, and crypto.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM programme, it is worth exploring.
Published by the NHIMG editorial team on 2026-05-19.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org