What this year’s Black Friday taught security teams about agentic commerce

· Source: Tech Monitor · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning, Retail Technology & Operations · Depth: Intermediate, short

Summary

This year's Black Friday revealed a new reality for retail security teams, characterized by the rise of agentic commerce where consumers use AI agents for shopping. This trend, coupled with malicious actors employing similar AI technologies for automated fraud, makes distinguishing between authentic customers, legitimate agents, and hostile automation increasingly difficult. Traditional security defenses, focused on a binary "bot or not" classification, are proving inadequate as both harmless and destructive AI agents can mimic human browsing patterns, honor rate limits, and execute full-browser flows. The challenge extends beyond traditional fraud, as even legitimate agents can distort analytics and demand signals by, for example, monitoring pricing APIs or booking and canceling inventory at machine scale. Retailers like Harrods, Marks & Spencer, and Co-op have already faced large-scale hacks, underscoring the urgency for new security toolkits.

Key takeaway

For CTOs and VPs of Engineering overseeing retail security, your teams must evolve beyond traditional bot detection. Focus on implementing real-time, multi-layered detection systems that evaluate the *intent* behind automated interactions, not just their behavior. Establish clear internal policies for AI agent use and secure machine-to-machine infrastructure to confidently manage agentic commerce and capitalize on its revenue opportunities while mitigating sophisticated AI-driven threats.

Key insights

Agentic commerce blurs lines between legitimate and malicious automated traffic, requiring new security paradigms.

Principles

Method

Security teams must shift from classifying users as "bot or not" to evaluating the intent behind automated interactions, requiring real-time, multi-layered detection and internal policy mapping for AI agent usage.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Security Engineer, AI Product Manager

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Tech Monitor.