What is Agentic Commerce? Understanding Benefits, Security Risks, and Challenges

Agentic commerce refers to the rapidly emerging paradigm in online commerce wherein some or all of the shopping process is by intelligent computer programs called AI agents on behalf of their human users.

For example, an agentic shopping assistant, when asked to find the best price on a specific gadget, might comparison-shop at dozens of online stores and then complete the purchase on its user’s behalf. A more sophisticated version might even learn its user’s preferences and independently seek out items it knows the user will like.

As it evolves, agentic commerce promises to completely reshape the way business is conducted online by creating shopping experiences that are totally personalized and entirely frictionless, with many purchases requiring no human involvement at all.

At its core, agentic commerce comprises three basic elements: automated agents that operate behind the scenes to perform the underlying processes, AI shopping assistants to mediate between consumers and agentic technology, and autonomous purchasing to allow agents to complete purchases on the user’s behalf.

Automated agents are the backbone of agentic commerce. Broadly speaking, they are a type of AI-based software that independently carries out tasks with minimal human input. It’s a rapidly evolving technology, but some of today’s most common varieties include:

• Virtual assistants that use reasoning to perform complex tasks on behalf of users. For example, Copilot Studio’s autonomous agents can be used to detect an incoming proposal request in a user’s email inbox, research the proposal, write a draft, and send the draft to the user’s team, all without prompting. Similarly, OpenAI’s new ChatGPT Agent is an early example of a commercially available autonomous agent, capable of executing multistep web-based tasks, such as price comparisons, form submissions, and even purchasing. However, it still requires explicit user approval for sensitive actions like logins and purchases.

• Purchasing bots that use machine learning to monitor pricing across multiple platforms;  some can even complete transactions on their own when a price meets their criteria (as in the case of scalper bots, which operate on the ethical fringe and should be met with the proper mitigation strategy).
• AI-based recommendation systems that analyze user behavior to suggest relevant products in real time, such as Netflix’s FM-Intent model, which uses an LLM to analyze behavior data to make projections about users’ underlying intentions when browsing.

These consumer-facing applications, which are powered by automated agents, are the face of agentic commerce. They allow users to delegate complex shopping tasks through natural-language interactions. 

For example, a user might request: “Find me the best deal on a flight to NYC next Tuesday,” or “Reorder my usual brand of coffee when I’m running low.” The AI assistant then handles the research and purchase process.

One interesting example is Perplexity’s Pro Shopping capability, which allows the Perplexity AI to comb the web for products in response to a user’s query and sometimes even offer seamless purchasing from within Perplexity’s interface.

The ability to independently complete transactions is agentic commerce’s beating heart, because commerce agents can act with near-total autonomy when they don’t need to seek real-time human approval for every purchase.

A basic example of autonomous purchasing is Amazon’s Buy for Me feature, which can visit other online stores from within the Amazon app and complete third-party purchases on behalf of the user. (Amazon also more recently announced the rollout of a much more powerful browser agent, Nova Act, which is currently available as a developer preview.)

When the power of autonomous purchasing is given to AI shopping assistants that are running on agentic software, the potential for an entirely new form of commerce emerges. In the words of Jack Forestell: Without autonomous purchasing, “this isn’t commerce. It’s just better searching, browsing and window shopping.”

By leveraging AI assistants to automate complex tasks, agentic commerce can deliver unmatched convenience for shoppers by saving them time and reducing decision fatigue. 

For example, Walmart’s Sparky chat assistant can engage with natural language prompts to synthesize reviews, plan meals, or reorder staples directly from Walmart’s homepage, without shoppers having to browse the inventory themselves.

By eliminating friction with click-free checkouts, autonomous purchasing can drive sales by capturing impulse buys and minimizing cart abandonment.

Scalability means businesses can serve more customers without having to hire more staff, and more personalization means more engagement and loyalty. As its core components operate with higher and higher levels of sophistication, agentic commerce will allow increasingly granular levels of personalization at massive scale, without requiring more human power to achieve it.

Like other types of bots, AI agents that are granted too much autonomy could potentially take actions beyond their intended scope, leading to unintended consequences such as erroneous transactions or system misconfigurations.

You’ve heard about the Air Canada chatbot that offered an unauthorized refund that a court then forced the airline to honor. Now imagine the ways this type of malfunction could be compounded by the offending bot having a much higher degree of autonomy, such as permission to pay out refunds directly.

Companies that open their platforms to commerce agents may inadvertently introduce a range of new attack vectors that fraudsters can exploit.

For example, attackers could use a stolen agent-scoped payment token to rack up thousands of dollars of unauthorized purchases in minutes, or exploit prompt-injection flaws to hijack a commerce agent’s API credentials and impersonate users to siphon funds or loyalty points into other accounts.

The rise of agentic commerce raises a number of questions around ethics and regulation.

A lack of transparency about gathering behavioral data can raise concerns and risk losing customer trust. Also, underlying biases in training data can lead to further bias in purchase recommendations, for example. 

On the regulatory front, companies who want to implement agentic commerce tools must comply with increasingly stringent transparency requirements in the EU and elsewhere.

To successfully participate in the rapidly evolving landscape of agentic commerce, and to mitigate the heightened risks that will inevitably accompany its evolution, organizations need to establish a rock-solid layer of visibility, trust, and control between their digital assets and the agents that interact with them.

To successfully understand and manage the risks posed by AI-driven systems, it’s crucial to have clear and up-to-date insight into how these systems behave and what exactly they’re up to.

Achieving this level of comprehensive visibility requires the ability to analyze huge volumes of interaction data in real time, and to quickly and accurately identify and categorize different types of behaviors and anomalous patterns within that data.

To successfully implement agentic commerce’s core features, such as automated transactions, it’s imperative to be able to identify the agents performing these transactions and differentiate the legitimate ones from malicious actors.

And as fraudsters themselves continue to leverage AI in more and more sophisticated ways, static multifactor authentication won’t be sufficient to generate the required level of trust. 

Increasingly, the only way to conduct airtight verification is through adaptive measures that use machine learning to detect and respond to suspicious activity in real time. But trust must also be programmable at the protocol level—not just inferred from behavior.

To address this challenge, HUMAN has released an open-source demonstration called HUMAN Verified AI Agent, which shows how agents can cryptographically authenticate themselves using HTTP Message Signatures (RFC 9421). In this model, every request from an AI agent is signed using a public–private key pair, and verified at a gateway before any downstream API interaction occurs. Each agent has a unique, cryptographically bound identity, resolvable via the OWASP Agent Name Service (ANS), that makes requests traceable, verifiable, and governable.

As agentic commerce scales, systems like these will be essential to enforce which agents can act, which actions they are allowed to take, and how their behavior is traced, ultimately forming a trust layer for the agentic internet.

Maintaining granular control over agent interactions is key to preventing unauthorized or excessive actions by AI agents, commercial or otherwise.

Beyond establishing robust visibility and trust, effective control measures include implementing rate limiting to manage the frequency of agent requests, and granular permission-based access policies that restrict what each agent can do based on its role.

Understanding the need for visibility, trust, and control is the first step. Implementing it requires a purpose-built platform designed for the new realities of the agentic internet. This is why we created AgenticTrust, a new module in HUMAN Sightline that acts as the essential trust layer for agentic commerce.

AgenticTrust is built on a fundamental shift in perspective: from the old, binary question of “Bot or Not?” to the new, more critical question of “Trust or Not?”.

We recognize that identity alone doesn’t define trust—context and intent do. A trusted agent can become a liability if its behavior changes. An unknown agent might be harmless or it might be a threat. Static policies are no match for these dynamic actors.

AgenticTrust gives security, fraud, and product teams the adaptive governance needed to solve this challenge. It allows you to:

• Gain Real-Time Visibility: Go beyond signatures and IPs to see how agents actually behave. AgenticTrust classifies AI agents and provides deep insights into their navigation paths, behavioral patterns, and intent shifts across the entire customer journey.
• Establish Adaptive Trust: Trust is not a one-time score; it’s a continuous decision. AgenticTrust constantly evaluates agent activity against your business rules, allowing you to adapt your policies as an agent’s behavior evolves.
• Enforce Granular Control: Confidently enable agentic experiences by setting clear boundaries. You can configure precise permissions for what different agents are allowed to do, and what they aren’t, in your most critical flows, such as account creation, login, and checkout.

Want to learn more? Request a demo or contact sales.

The race for widespread adoption of agentic commerce has already begun, and the underlying agentic systems become more sophisticated by the day. 

Major tech firms like OpenAI and Google have already released prototypes of highly autonomous browser agents that can take control of a user’s browser to autonomously carry out complex directives, including shopping. (Try a fun browser agent demo here.)

These technologies are still nascent, but it’s been predicted that, once mature forms of agentic commerce become seamlessly embedded in the online shopping experience, it could drive almost $9 trillion in global online spending by 2030.

Agentic commerce appears poised to completely disrupt the way we do business online today, creating huge opportunities as well as complex new security threats. Going forward, any organization with digital assets in retail or otherwise will need a sound strategy for navigating the challenges and maximizing the rewards.