Agentic commerce and AI checkout: are your controls keeping up?

TL;DR: Agentic commerce compresses discovery, selection, payment, and fulfilment into one conversational session, creating billions of non-human identity actions that must be authorised in real time, according to EnforceAuth. The real issue is not authentication but the collapsing assumption that identity remains stable long enough for session-based review and role-based access to work.

NHIMG editorial — based on content published by EnforceAuth: The Shift That Changes Everything in agentic commerce and AI-mediated checkout

By the numbers:

• 80% of organizations cannot fully explain why an AI agent took a specific action.
• 48% of security professionals rank agentic AI as the #1 attack vector for 2026.
• Only 22% of teams treat AI agents as independent identity-bearing entities.

Questions worth separating out

Q: What breaks when AI shopping agents rely on session-based authorisation?

A: Session-based authorisation breaks because it assumes the actor’s intent stays stable for the life of the session.

Q: Why do AI agents complicate identity and access management for retailers?

A: AI agents complicate IAM because they do not behave like a human user or a simple service account.

Q: What do security teams get wrong about AI safety versus AI security?

A: Teams often confuse content safety with access control.

Practitioner guidance

• Map every agentic transaction to discrete authorisation decisions Break the purchase flow into catalog query, inventory check, payment initiation, and fulfilment steps, then require an explicit policy decision for each step.
• Bound delegation depth for sub-agents Set a hard limit on how many subordinate agents can inherit privileges from a parent workflow, and require explicit scope declarations for any delegated payment or data access capability.
• Eliminate shared API keys in agent workflows Replace shared service account tokens with scoped, short-lived credentials tied to a specific agent role and customer context.

What's in the full article

EnforceAuth's full article covers the operational detail this post intentionally leaves for the source:

• The complete policy-as-code example showing how runtime authorisation is expressed for catalog queries, payment execution, and cross-customer denial.
• The full four-domain enforcement model across applications, infrastructure, data, and AI workloads.
• The specific OPA/Rego policy patterns used to enforce chain-depth limits and transaction confirmation.
• The article's five-question assessment for leaders who need to test their current agentic authorisation posture.

👉 Read EnforceAuth's analysis of agentic commerce and runtime authorisation →

Agentic commerce and AI checkout: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →