Agentic commerce is a buying and transaction model where software agents act on behalf of a person. The identity challenge is not just proving who owns the account, but constraining what the agent may do, for how long, and under what revocation and audit rules.
Expanded Definition
Agentic commerce extends beyond traditional e-commerce because a software agent can discover products, compare options, initiate checkout, and sometimes complete payment or contract steps without continuous human intervention. The security question is therefore not only authentication, but delegated authority: what the agent may buy, which merchants it may use, whether it can approve substitutions, and how revocation is enforced when trust changes. In practice, agentic commerce should be treated as an identity and authorization problem for a non-human actor, with constraints shaped by OWASP Agentic AI Top 10 guidance and risk controls aligned to the NIST AI Risk Management Framework. Definitions vary across vendors on whether the agent is merely a user interface or an autonomous transacting entity, so the control model should follow the highest-risk interpretation whenever the agent can spend money, expose data, or bind commitments. The most common misapplication is treating the agent like a normal shopper account, which occurs when organizations allow open-ended permissions and assume human review will happen after the purchase.
Examples and Use Cases
Implementing agentic commerce rigorously often introduces friction at checkout and in exception handling, requiring organisations to weigh convenience against tighter authorization, logging, and revocation controls.
- A travel agent can be limited to book flights only within a budget ceiling, while a human must approve hotel upgrades or itinerary changes that exceed policy.
- A procurement agent can compare approved suppliers and generate a purchase order draft, but cannot finalize payment unless a just-in-time approval token is issued for that transaction window.
- A consumer shopping assistant can reorder household supplies from a preapproved merchant list, using scoped permissions that prevent the agent from adding new payment methods or changing shipping destinations.
- An enterprise buying bot can negotiate renewals with SaaS vendors, but must log every quotation, offer, and acceptance so that later review can reconstruct the delegated decision path.
- Agentic commerce patterns are discussed alongside broader NHI and agent-risk scenarios in AI LLM hijack breach, while the OWASP Top 10 for Agentic Applications 2026 highlights how tool misuse and over-permissioning become direct business risks.
These use cases all depend on explicit scoping, not implicit trust, because the agent’s authority can outlive the original intent if it is not time-bound and revocable.
Why It Matters in NHI Security
Agentic commerce becomes an NHI issue the moment a buying agent holds credentials, payment rails, API keys, or delegated approval rights that can be reused outside the intended session. That makes secret protection, entitlement scoping, and auditability central controls rather than back-office details. NHIMG research on AI agents found that 80% of organisations report agents have already acted beyond their intended scope, while only 52% can track and audit the data those agents access. Those numbers show why purchasing agents cannot be left with broad, persistent permissions. A compromised or overbroad agent can place unauthorized orders, alter vendor terms, expose sensitive buyer data, or create downstream compliance failures that are difficult to unwind. The risk is amplified when agent decisions are executed through third-party tools or when the transaction chain crosses multiple systems without a clear revocation point. Related NHI threat patterns are visible in the Moltbook AI agent keys breach and the broader Ultimate Guide to NHIs — 2025 Outlook and Predictions, both of which reinforce that delegated machine authority must be bounded like any other privileged identity. Organisations typically encounter the operational reality of agentic commerce only after an unauthorized purchase, failed revocation, or disputed transaction, at which point the term becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | AG-03 | Agentic commerce depends on scoped tool use and bounded autonomy, both core agentic app risks. |
| OWASP Non-Human Identity Top 10 | NHI-03 | Delegated buying agents are NHIs that need secret scoping, rotation, and revocation. |
| NIST AI RMF | AI RMF frames autonomy, accountability, and traceability risks in agentic decision systems. |
Limit agent actions, require approval for high-risk transactions, and log every delegated step.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 7, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
