Agentic returns abuse is the use of AI shopping agents or other automated systems to scale return requests, refund claims, and account cycling across many identities. The risk is not only volume, but coordination, because the automation can make abuse look like ordinary customer behaviour.
Expanded Definition
Agentic returns abuse sits at the intersection of fraud, abuse prevention, and agentic ai governance. It refers to a pattern where an AI shopping agent, browser automation, or other autonomous workflow is used to generate refund requests, open return cases, and cycle through accounts at a pace that exceeds normal human behaviour. The defining feature is not simply automation, but coordinated decision-making across multiple identities, devices, or sessions, which makes the activity harder to distinguish from legitimate customer support traffic.
In practice, this term is broader than a single return fraud tactic. It can include policy probing, account rotation, synthetic identity use, and scripted interaction with customer service channels. Definitions vary across vendors because some treat this as a payments fraud problem, while others classify it as an agentic misuse or bot abuse problem. NHIMG treats it as an identity-linked abuse pattern because the attack surface often depends on credential reuse, account trust signals, and the ability of an agent to imitate normal purchase-to-return behaviour. Guidance from the OWASP Agentic AI Top 10 is especially relevant where autonomous tools can take actions on behalf of users without sufficient controls.
The most common misapplication is calling every automated return request an agentic abuse case, which occurs when organisations ignore whether the activity is actually coordinated across accounts and trust signals.
Examples and Use Cases
Implementing detection for agentic returns abuse rigorously often introduces friction for legitimate shoppers, requiring organisations to balance seamless returns against stronger identity and behaviour checks.
- An AI shopping agent submits multiple return requests for the same product category across different accounts, using slight wording changes to avoid simple pattern matching.
- A fraud ring uses browser automation to rotate through stored payment methods, email aliases, and shipping details so refund claims appear to come from unrelated customers.
- Account cycling is used to repeatedly open and close customer profiles after a return is approved, preserving access to promotional offers or lower-friction refund pathways.
- Customer support channels are flooded with agent-generated messages that mirror ordinary complaints, making manual review unreliable without stronger telemetry and correlation.
- Risk teams compare return timing, device fingerprinting, and identity attributes against abuse patterns described in the NIST AI Risk Management Framework and related agentic guidance to separate legitimate automation from coordinated misuse.
Why It Matters for Security Teams
Agentic returns abuse matters because it turns commerce workflows into a trust problem. Security teams can no longer rely on isolated events, since the abuse is often distributed across many identities and only becomes visible when return rates, refund velocity, or account churn are correlated. That makes it relevant to fraud operations, IAM, customer account protection, and agent governance at the same time. Where autonomous tools are allowed to act on behalf of users, controls need to address authorisation scope, behavioural monitoring, and abuse escalation paths, not just login security.
This term also has a direct identity security angle. If an organisation cannot distinguish between a genuine customer and a coordinated agent-driven workflow, return policy abuse becomes a reusable path for account compromise, synthetic identity exploitation, and reward fraud. The issue is increasingly discussed alongside agentic threat models such as the CSA MAESTRO agentic AI threat modeling framework and adversarial patterns catalogued in the MITRE ATLAS adversarial AI threat matrix. Organisations typically encounter the operational cost only after refund losses, chargeback disputes, and support backlog have already increased, at which point agentic returns abuse becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST AI RMF, NIST AI 600-1 and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | Covers misuse of autonomous agents that can amplify fraud and abuse workflows. | |
| NIST AI RMF | GOVERN | Defines governance practices for managing AI risks and accountability. |
| NIST AI 600-1 | Profiles generative AI risks relevant to agentic misuse and unsafe autonomy. | |
| NIST CSF 2.0 | PR.AC-1 | Access control and monitoring help detect misuse of identities and sessions. |
| OWASP Non-Human Identity Top 10 | NHI governance is relevant when agents use secrets or delegated credentials at scale. |
Inventory agent credentials, rotate secrets, and restrict delegated access to return workflows.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org