Because the decision-maker is no longer always a person interacting directly with the system. Software intermediaries can search, compare, and transact at runtime, which weakens traditional behavioural signals and shifts the focus to authorisation scope, delegation, and transaction intent.
Why This Matters for Security Teams
agentic commerce changes fraud detection because the “customer” is no longer always a person with a stable device, repeatable behaviour, and a clean intent trail. A shopping agent can compare options, negotiate, switch vendors, and complete payment in seconds, which makes legacy signals like keystroke cadence, session history, and familiar checkout paths much less reliable. Fraud teams now have to judge delegated intent, not just user presence.
This is why current guidance is shifting toward workload identity, runtime authorisation, and transaction-scoped controls rather than static trust in the browser session. NHI Management Group has argued the broader pattern repeatedly in its OWASP Agentic Applications Top 10 and its research on AI LLM hijack breach scenarios: once software intermediaries can act autonomously, the attack surface becomes the decision path itself.
In practice, many security teams encounter fraudulent agent activity only after legitimate automation has already been abused at scale, rather than through intentional testing of delegated commerce workflows.
How It Works in Practice
Fraud detection for agentic commerce works best when it evaluates what the agent is allowed to do, what it is trying to do, and whether that action fits the current context. That means moving from human-centric signals to transaction-centric controls. Instead of assuming a human buyer is behind every checkout, teams should treat the agent as a distinct workload with its own identity, scope, and policy envelope.
Practically, this usually means combining workload identity, short-lived credentials, and policy decisions made at request time. Standards such as the NIST AI Risk Management Framework and the OWASP Top 10 for Agentic Applications 2026 both point toward stronger governance of autonomy, traceability, and misuse resistance. For commerce flows, that translates into controls such as:
- JIT credentials issued per task, with automatic revocation after completion.
- Separate entitlements for browsing, quoting, purchasing, and refund actions.
- Runtime policy checks for amount thresholds, merchant category, geography, and shipping changes.
- Signed delegation records so investigators can see who authorised the agent and for what purpose.
- Step-up verification when the agent crosses from comparison into financial commitment.
The strongest programmes also log the agent’s decision inputs and tool calls, because fraud review now depends on reconstructing intent, not just inspecting the final charge. NHI Management Group’s NHI Lifecycle Management Guide and Top 10 NHI Issues both emphasize that identity lifecycle discipline becomes a fraud control when software can initiate value transfer. These controls tend to break down in high-volume marketplaces where multiple agents, third-party plugins, and loosely governed API integrations make transaction intent difficult to attribute in real time.
Common Variations and Edge Cases
Tighter authorisation often increases friction, so organisations have to balance fraud reduction against abandoned carts, slower approvals, and support overhead. That tradeoff is especially visible when agents act on behalf of high-value customers, enterprise procurement teams, or travel booking workflows where speed matters.
Best practice is evolving rather than settled. There is no universal standard yet for how much autonomy a shopping agent should have before the transaction needs re-confirmation, but current guidance suggests using risk-based thresholds instead of one blanket policy. Low-risk replenishment may justify broader delegation, while first-time merchants, unusual basket compositions, or split shipments should trigger stricter review.
One common edge case is agent chaining, where a shopping assistant uses search, coupon, payment, shipping, and refund tools in sequence. That creates fraud patterns that look legitimate at each step but become suspicious only in aggregate. Another is account takeover via compromised NHI credentials, which is why the Ultimate Guide to NHIs — Key Challenges and Risks and the NIST Cybersecurity Framework 2.0 remain relevant for governance, even though the fraud problem is now agent-driven. In these environments, static rules tend to miss abuse because the transaction can be valid in isolation while still being illegitimate in context.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A06 | Agent autonomy and tool abuse are central to this fraud-shift question. |
| CSA MAESTRO | GOV-2 | MAESTRO addresses governance of delegated agent actions and accountability. |
| NIST AI RMF | AI RMF supports risk-based controls for autonomous decision-making in commerce. |
Limit agent actions by runtime policy and verify each tool call against current intent.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 20, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
