Artificial intelligence is assisting shoppers in finding items and comparing prices, though it also presents new risks. According to Experian, the primary fraud risk this year involves AI agents which may disrupt the evolving retail landscape.

Traditionally, merchants and financial institutions depended on general defenses to identify and neutralize activities stemming from bots. Such methods are insufficient now as agentic commerce is gaining prominence, causing organizations to struggle in differentiating between malicious bot traffic and legitimate AI agents.

Experian warns that issues may
escalate into a crisis
demanding proactive measures, compelling organizations and regulators to reassess liability obligations and the regulatory framework for agentic commerce.

An Accelerating Threat

Even without extensive agentic activity, fraud has been on the rise. Criminals are now crafting highly targeted messages, with social media becoming a fertile ground for scams.

These fraudulent communications are increasingly difficult to detect because cybercriminals utilize AI to generate realistic content. Fraudsters also employ AI to create deepfakes, deceiving employers into remote job access or manipulating consumers into transferring funds. Deepfakes have emerged as the second most impactful fraud trend of the year, according to Experian.

“Consumers remain the weakest link,” noted Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research. “Socially engineered schemes, whether driven by AI or not, will continue to deceive consumers into clicking on malicious links, befriending unknown actors, and sharing personal information. AI intensifies this risk by making social engineering more targeted and personalized—a significant concern for businesses’ customers and employees.”

“Enhanced email and firewall security are becoming increasingly crucial in protecting employees from themselves, and more businesses, especially financial services firms, should consider offering supplementary security solutions like identity theft protection which includes firewall provisions, virtual private networks (VPNs), and spam filtering for text messages and emails.”

Dynamic But Nascent

These threats exploit one of the most powerful technologies of our time: AI. Unfortunately, bad actors have been able to
exploit AI capabilities faster
than many organizations which are often constrained by regulatory, customer, and internal limitations.

Some companies have started taking defensive measures. Amazon has prohibited third-party bots, including AI agents, from interacting with its platform. The e-commerce giant even resorted to
legal action
against AI platform Perplexity, seeking to prevent its AI agents from autonomously shopping on Amazon.

Despite this short-term solution, consumers are increasingly comfortable using AI in retail settings—at least under certain circumstances. As a result, agentic commerce is reaching a critical juncture where all stakeholders must determine the roles and permissions AI agents should be granted.

These considerations could further
stall
the full adoption of this dynamic yet still nascent technology.