This year’s Black Friday saw unprecedented levels of agentic commerce activity. Retailers have always experienced surges in traffic during peak shopping, but the nature of this traffic is changing dramatically – and retailers’ traditional defences can’t keep up.
Agentic commerce, which sees shoppers use AI agents to browse and buy on their behalf, is reshaping what normal user behaviour looks like. At the same time, malicious actors are using the same technologies to automate fraud and exploitation at an unprecedented scale. As a result, it’s becoming increasingly challenging for retailers’ security teams to distinguish between genuine customers, legitimate agents and hostile automation.
To complicate matters, the rise of agentic commerce comes at a time when UK retail infrastructure is already under pressure. Earlier this year, Harrods disclosed a breach linked to a compromised third party that exposed hundreds of thousands of customer records, andMarks & Spencer faced a cyberattack that disrupted payments, stopped online orders and exposed personal data. These incidents illustrate a broader pattern. Retailers must now manage routine traffic peaks while also defending against sophisticated automated digital threats that exploit gaps in supply chains and customer-facing platforms.
Agentic commerce will become the norm in 2026
Analysts expect AI shopping agents to influence significant portions of global consumer spending by the end of the decade, and new offerings like Google’s Agentic Checkout tool are already gaining popularity. These tools won’t just operate within retailer-owned interfaces; they will live within browsers, mobile operating systems and messaging platforms, and will routinely crawl multiple merchants on behalf of a single customer. For security teams, the familiar idea of a traditional user session becomes far harder to interpret. A request that looks indistinguishable from a real consumer’s click might actually come from a semi-autonomous agent. Meanwhile, a series of requests that look like a scraper’s pattern may in fact be a price-comparison tool acting legitimately.
The rise of agentic browsers adds even more risk. Some of these browsers can be manipulated into sending user credentials or personal information to external cloud services because the AI features prioritise convenience over security. Gartner has warned that this behaviour can be exploited by attackers. When consumers rely on these tools during major shopping events, any compromise in the AI browser becomes a problem for the retailer, even though it originates outside the retailer’s systems.
The challenge for security teams
Historically, security teams have been focused on classifying users – or to put it simply, identifying ‘what’s bot, and what’s not’. This binary approach doesn’t work in an environment where both legitimate and malicious agents are capable of executing full-browser flows, honouring rate limits and mimicking the tempo of human browsing. The most sophisticated bots today behave exactly like a retailer’s ideal customer. They fill baskets, review product attributes, vary their navigation patterns and, when necessary, slow themselves to evade detection.
Rather than going off a binary ‘bot or not’ system, security teams need to gather a full picture of a user’s intent. To see intent clearly, retailers need to stop looking at single events and start looking at entire journeys. This means gathering a comprehensive picture of how a user behaves across pages, APIs and channels, and spotting the difference between a normal, meandering shopping session and the structured, methodical behaviour that signals an attacker looking for weaknesses. It also means that security, fraud and payments teams must work more closely. Signals that look insignificant on their own start to make sense when identity, intent and transaction risk are analysed together.
To take full advantage of the opportunities agentic commerce offers, retailers need full visibility and control over every automated interaction, whether it’s initiated by a human, an AI assistant, or an autonomous agent acting independently. That starts with internal policy: mapping where AI agents are being used, defining clear access boundaries, and ensuring any agent-to-agent interaction takes place under strict governance.
Agentic commerce also means retailers need a new approach to AI agents acting on behalf of customers. Blocking them completely is unrealistic – and means turning down a growing chunk of potential revenue. At the same time, letting all agents operate freely is dangerous, because malicious automation often imitates the same patterns as harmless agentic AI. Retailers will need clear rules that set out what legitimate agents are allowed to do and where the boundaries are. The goal is not to label traffic as “good” or “bad” but to enforce what acceptable behaviour looks like.
New Year’s resolutions for security teams
For retailers’ CIOs, CTOs and CISOs, the lesson from this Black Friday is clear. Traditional traffic analysis can’t cope with the rise of agentic commerce and the new threats it has brought with it. Threat detection needs to become behavioural, contextual and adaptive. The fraud stack and the security stack must converge in real time, with systems capable of assessing whether an actor’s behaviour aligns with the interests of the business and the expectations of the consumer.
It’s inevitable that users will continue to embrace agentic AI to make the buying process easier – and this will be especially true on peak shopping days like Black Friday, where AI agents can help customers scope out the best deals and check out before they are snapped up by someone else. Agentic commerce is here to stay. The retailers that thrive in this era will be those that focus on not just ‘bot or not’, but the intent behind every interaction.
Jérôme Segura
Jérôme Segura is VP of Threat Research at DataDome. A well-respected security researcher, Jérôme primarily focusses on malware analysis and the constantly evolving threat landscape including a deep understanding of malvertising. With years of experience in the cybersecurity field, he has a proven track record of identifying emerging attack vectors.
