There’s a question that sounds futuristic but is already quietly becoming operational: when an AI agent buys something on your behalf, who exactly is the retailer selling to?
Not in a philosophical sense. In a fraud-detection sense. In a “whose card is this, is this session legitimate, does this behavioral fingerprint match anything in our database” sense. The answer, for most of retail’s current tech stack, is: we have no idea, and we’re going to block it just in case.
LLM-referred orders grew more than 1,000 percent year over year by the end of 2025. And projections for fully agentic commerce, where an AI doesn’t just assist the research but actually executes the purchase, put the market somewhere between $190 billion and $385 billion in US e-commerce spending by 2030.
That’s not a distant horizon. That’s five years, and it’s being built on infrastructure that was designed for a very different kind of shopper.
Your Fraud Model Was Trained on Humans. It Has Never Met a Customer Like This.
The whole architecture of retail trust, such as fraud scoring, behavioral analytics, bot detection, session analysis, is built on the assumption that the entity clicking through your site is a human with a browsing history, a recognizable device fingerprint, and a pattern of behavior that looks like a person making a decision. AI agents break every single one of those signals simultaneously.
An AI agent doesn’t browse. It hits APIs directly. It doesn’t linger on the product page, scroll through reviews, or add three things to cart before removing two. It goes from product query to checkout in a pattern that, to any conventional fraud system, looks exactly like a bot running a credential-stuffing attack or a scraper harvesting pricing data. The fraud model fires. The order gets declined. The human behind the agent, a real customer, with a real credit card, who had explicitly authorized the purchase, never gets their order, and probably doesn’t even know why.
Real risk retailers are sleepwalking toward is not the AI-driven fraud, but AI-driven revenue that gets blocked by systems that can’t tell the difference between a malicious bot and a valuable customer’s authorized AI. The fraud-blocking instinct that made sense for the last decade becomes a revenue destruction mechanism in the next one.
Three Types of Traffic, and Most Retailers Can Only See Two
The practical problem is one of classification. Retail fraud systems have historically needed to distinguish between two categories: legitimate human traffic and malicious automation. The infrastructure, the training data, the vendor tooling, all of it was built around that binary.
Agentic commerce introduces a third category that doesn’t fit either bucket cleanly: authorized machine-driven transactions that are entirely legitimate but look nothing like a human shopper.
Getting this wrong in either direction costs money. Letting malicious automation through is the obvious failure mode. But misclassifying legitimate agent traffic as hostile, which is happening already, means turning away the next wave of customers before they’ve had a chance to spend anything. Retailers who figure out how to verify agent identity and authorization, rather than defaulting to “bot-shaped traffic gets blocked,” will have a meaningful structural advantage over those who don’t.
The verification question is genuinely new territory. It’s not enough to know that an AI agent is making a purchase. Retailers need to know which AI platform or service is initiating it, and whether that agent is acting with explicit, current authorization from the human account holder, with appropriate limits on what it can buy and how much it can spend. None of the current checkout infrastructure was designed to answer those questions.
Our Take
Your Best Customers’ AI Agents Are Already Getting Declined
The retailers who will lose the most in the agentic commerce transition aren’t the ones who get defrauded by AI, it’s the ones who spend the next two years quietly declining legitimate purchases because their fraud stack is pattern-matching on “this doesn’t look human” and stopping there.
The uncomfortable version of this story is that by the time most retail teams have even added “agentic commerce readiness” to a roadmap, their highest-value, most tech-forward customers will have already had their AI agents turned away at checkout twice, switched to a competitor whose stack handled it correctly, and never come back. The window to fix this before it becomes a measurable churn problem is shorter than most people think.
