Artificial intelligence is helping shoppers find items and compare prices, but it also introduces new risks. According to Experian, the top fraud threat this year is AI agents and their potential to disrupt the evolving retail landscape.
In the past, merchants and financial institutions relied on blanket defenses to identify and neutralize any activity originating from bots. That approach is no longer sufficient as agentic commerce gains traction this year, leaving organizations struggling to distinguish malicious bot traffic from legitimate AI agents.
Experian notes that issues are heading into a crisis that will demand proactive responses, pushing organizations and regulators to examine liability obligations and the regulatory framework governing agentic commerce.
An Accelerating Threat
Even without widespread agentic activity, fraud is accelerating. Criminals can now craft highly targeted messages, and social media has become a breeding ground for scams.
These fraudulent messages are increasingly difficult to detect because cybercriminals use AI to generate realistic communications. Bad actors also leverage AI to create deepfakes, tricking employers to gain access to remote jobs or deceiving consumers into sending funds. This functionality has made deepfakes the second most impactful fraud trend of the year, per Experian.
“Consumers will always be the weakest link,” said Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research. “Socially engineered schemes, whether driven by AI or not, will continue to fool consumers into clicking on malicious links, friending malicious actors they do not know, and giving out personally identifiable information about themselves. AI just makes the risk of socially engineered attacks more targeted and personal, which is a real worry for businesses’ customers and employees.”
“Enhanced email and firewall security while become increasingly critical to protect employees from themselves, and more businesses, financial services in particular, should consider providing ancillary security services, such as identity theft protection, to their customers that includes firewall provisions, virtual private networks, and spam filtering for text messaging and emails.”
Dynamic But Nascent
It is no coincidence that these threats leverage one of the most powerful technologies of our time: AI. Unfortunately, bad actors have been able to harness AI capabilities faster than many organizations, which are often constrained by regulatory, customer, and internal considerations.
Some organizations, however, have begun to take defensive action. Amazon has blocked third-party bots, including AI agents, from interacting with its platform. The e-commerce giant even went so far as to take legal action against AI platform Perplexity, seeking to block its AI agents from shopping autonomously on Amazon.
While this may provide a short-term solution, consumers are increasingly comfortable with using AI in retail settings—at least in certain contexts. As a result, agentic commerce is reaching a crossroads, where all stakeholders must define the roles and permissions AI agents should be granted.
These considerations could further delay the fully adoption of this dynamic yet still nascent technology.
