Everyone is talking about AI shopping agents like they are a discovery problem.

The short version

Agentic commerce is the point where AI systems do more than recommend products. They compare, choose, reserve, buy, return, and contact support on behalf of customers. That makes product data, transaction controls, permission boundaries, and fraud detection part of the same commercial problem.

For ecommerce brands, the first job is not to add more AI copy. It is to build a product truth layer that machines can trust and a transaction layer that separates useful automation from abuse.

Get your products in front of the agents. Optimise your feed. Make your descriptions machine-readable. Tick the right structured-data boxes. Simple.

That framing is not wrong. It is just missing the part that should make any ecommerce operator sit up a bit straighter.

If an agent can search, compare, shortlist, and trigger checkout, then an agent can also scrape, spoof, stress-test your checkout, abuse a promo code, return something suspicious, or hammer your support desk. All at machine speed. All looking, on the surface, like a normal session.

HUMAN Security published a report this week on agentic commerce fraud. Their claim: agentic AI traffic grew 7,851% year over year in 2025. Vendor numbers always come with salt. But the direction is obvious.

More software is acting on behalf of people.

At the same time, Stord says consumer use of AI for shopping rose from 38% in 2024 to 51% in 2025. Pattern has reported that one in three ecommerce brands has already deployed AI-powered shopping agents, with more exploring agent use cases.

You can argue with the survey wording. You cannot really argue with the direction. Product discovery is becoming more machine-mediated.

That means the next ecommerce problem is not just traffic.

It is trust.

The same capability cuts both ways

The useful buyer agent and the malicious agent do not arrive wearing different uniforms.

Both may browse quickly. Both may compare variants. Both may hit product pages, support pages, stock checks, baskets, discounts, and payment flows. Both may look like automation until your systems understand intent, permission, risk, and context.

That is uncomfortable, because most ecommerce systems were built around human behaviour. Humans hesitate. Humans get confused. Humans abandon baskets. Humans contact support when something looks wrong.

Agents do something else. They interpret the information you give them, make a decision, and move.

If your product page says one thing, your feed says another, your schema says a third, and support has a fourth version, a human might still work it out. A buyer agent may not. It may guess, skip you, or recommend the wrong thing with complete confidence.

Layer one: product truth

The boring ecommerce plumbing is about to matter more.

The feed. The schema. The product page. The image metadata. The GTIN and MPN. The delivery promise. The returns policy. The review data. The compatibility table. The stock status. The price and VAT logic. The support content. The marketplace listing. The Merchant Center state.

These are no longer separate bits of operational housekeeping. They are the evidence layer machines use to decide whether you are safe to recommend.

This is why we think in terms of a Product Truth Layer.

For each product, what does the site say? What does the feed say? What does schema say? What do marketplaces say? What does Google see? What does an AI answer say when asked a real buyer question? What does support say after purchase?

If the answer is "several different versions of reality", you do not have an AI visibility problem. You have a truth problem.

Layer two: transaction trust

Agentic commerce does not stop at being understood. The whole point is action.

Book it. Buy it. Reserve it. Change it. Return it. Chase it. Apply the discount. Ask support. Reorder it.

That is where permissions, logs, fraud detection, identity, rate limits, approval rules, and anomaly detection stop being security department concerns and become direct revenue infrastructure.

A legitimate buyer agent should be able to help a customer buy the right thing with less friction.

A malicious or badly designed agent should not be able to hammer checkout, abuse offers, scrape private data, create fake demand, test stolen credentials, or turn your support desk into a smoking crater.

This is the awkward bit in the "AI shoppers are coming" pitch.

Everyone wants the upside: more qualified demand, easier discovery, lower acquisition cost, fewer dead clicks. Fair enough. But the upside only works if the system can be read and trusted.

If your data is inconsistent and your transaction layer is blind, agentic commerce just gives you faster confusion.

Five questions worth asking now

You do not need an enterprise security budget to start thinking about this clearly.

That last question matters most.

Agentic commerce will get sold as a marketing trend because that is where the budget conversation starts. But the actual work cuts across the business. Marketing controls the story. Ecommerce controls the buying path. Ops controls fulfilment promises. Support holds the pain. Security worries about abuse. Data decides whether the machines understand anything at all.

This is why "install an AI chatbot" is such a small answer.

The bigger job is building an operating layer around the buying journey. One that makes product truth clear enough for machines, useful enough for humans, and controlled enough that agents do not become a new attack surface with a nicer name.

That is less exciting than a demo.

It is also where the money is.

What makes an ecommerce site ready for AI shopping agents?

An agent-ready ecommerce site needs consistent product facts, crawlable pages, structured product data, reliable stock and delivery information, clear returns rules, and a checkout path that can distinguish authorised automation from hostile automation.

The useful test is simple: could a machine answer a real buyer's question without inventing facts or asking support to clean up the mess?

How should brands measure agentic commerce risk?

Measure the gap between what machines can read and what your business can safely allow them to do. Track inconsistent product facts, missing schema, hidden JavaScript-only content, unexplained bot traffic, checkout anomalies, promo abuse, support spikes, and identity signals for automated sessions.

That turns agentic commerce from a vague future trend into an operational risk map.

Evidence and further reading

Related Foundry reading