The Holidays Proved That Agentic Commerce is Really Here
Agentic commerce proved the star of the 2025 holiday shopping season, with newly released data showing AI search and agents influencing and driving 20 percent of all e-commerce sales during this time. This season marked a move away from purely user-driven search (using AI to research gifts, find inspiration, locate the best deals, and more) to true ‘buy for me’ agentic capabilities, as AI agents proactively searched, negotiated, and executed purchases. With all signs pointing to agentic commerce finally taking over – delivering on the promise of a zero-click, needs-anticipated experience that busy, time-pressed shoppers have been clamoring for – it’s easy to get excited. But I say, we’re not quite there yet.
eBay Hits Pause
In late January, eBay updated its user agreement to expressly forbid unauthorized third-party ‘buy for me’ agents and AI chatbots from placing orders on its platform. eBay cited several AI-related challenges it first needed to work through, specifically “bid sniping” by AI agents – or the practice of placing a maximum bid in the final seconds of an online auction, preventing real humans from having time to react or raise their bids. Not only does bid sniping have the potential to hurt eBay’s revenues, but it also inhibits opportunities for real people, a key part of eBay’s core mission. While eBay still allows AI agents with prior authorization to operate on the site, the move reinforces eBay’s recognition that the loss of direct human involvement poses a risk to overall marketplace integrity – to buyers, sellers and eBay itself.
The E-Commerce Fraud Landscape Just Increased Exponentially
E-commerce fraud has been a huge problem for years. In 2025, e-commerce marketplaces were the most severely impacted market niche, witnessing a net fraud rate (all forms of fraud taken together) of 19.2 percent of all online verification attempts – nearly five times the global average across other industries. E-commerce marketplaces also saw more than 10 times the global industry average of scams, or authorized fraud – for example, when a fraudster phishes for account credentials and tricks the real account owner into providing them, and then uses them. The advent of generative AI, which allows fraudsters to create eerily convincing emails, texts and even voice calls used to trick victims, is making the situation that much worse.
Agentic commerce, however, creates a whole other fraud dimension, with many ways for AI agents to be exploited. These include data/memory poisoning (attackers can corrupt the data stored in the AI agent’s short-term memory, influencing the agent’s decision-making process and leading it favor and buy from fraudulent merchants); agent hijacking (attackers compromise a user’s AI tool to gain access to stored payment credentials, enabling unauthorized purchases) and “counterfeit agents,” where fraudsters create fake AI shopping assistants that mimic trusted brands to deceive consumers into handing over credentials. Agentic commerce essentially pours gasoline on the e-commerce fraud fire, potentially costing businesses billions and making them hit a brick wall, where the “fraud tax” finally becomes unsustainable.
Agentic Commerce Requires an Online Identity Verification Evolution
Agentic AI will require a rethinking, or an expansion, of the online identity verification framework as it is known today. To date, this framework has been centered on three questions, and they continue to be relevant in the age of agentic commerce. Fortunately, biometrics and liveness detection – which are used by many online marketplaces today – can continue to serve as an “anchor.”
- Is this person real? AI agents need to be traceable back to a real person, and liveness detection needs to be an ongoing, continuous process as an agent engages in a session. This may sound paradoxical, because in the context of agentic commerce, the answer is obviously “no, I am not a person.” But that does not mean liveness is irrelevant. Biometric checks with liveness detection as a stepped-up form of authentication should always occur at high-risk points in a user journey – for example, creating an account, changing shipping addresses, updating payment methods, and making a high-priced purchase – ensuring a human is in the loop.
- Is this person trusted? This is the ability to determine whether the user is a fraudster, a future VIP customer, or something in between, often involving checks against public databases. For example, someone attempting to book lodging on an online rental marketplace would be flagged as high risk if he/she has a known criminal history of squatting or property destruction.
- Is this still the person behind the account? This refers to continuous, perpetual authentication – or making sure at regular intervals that the person whose identity was verified at log-in is still there (through liveness detection and biometrics), preventing account takeover by other humans. Some platforms may even consider designating certain areas as “human only” – or “level zero” of agentic readiness (recognizing that, by default, the business isn’t ready and it needs to be protected). Given the conversion-driving potential of agentic commerce, it may be tempting for sites to throw open their doors, but there can be serious consequences and a disciplined, proactive approach to trust and risk management is needed.
Addressing Challenges Will Take Some Time
Besides bid sniping and fraud, agentic commerce has several other challenges that will need to be sorted out. While the agentic commerce model can be a boon for smaller sites – delivering a much higher level of product findability – they will face challenges like making sure product and catalog data is impeccable. And because AI agents require deep access to internal systems to function effectively, new vulnerabilities like data leaks and unauthorized data harvesting are created, leaving proprietary information such as product descriptions, inventory levels, and customer data vulnerable to exposure and theft.
However, when it comes to fraud specifically, I strongly believe that human-only zones will be enforced, at least in the near-term. I believe a protocol-based system will eventually evolve where any agent complying will be welcomed, which could lead to a protocol war. As the cost of software development inches closer to being free (thanks to generative AI), such a war will ultimately prove pointless – reinforcing the point that trust of agents will be less about the technology and more about the person behind it. As technology becomes more fluid and adaptive, maintaining this level of human accountability will be critical.
I have no doubt that e-commerce is increasingly headed from a “click-through” model towards a more agentic, “zero-click” future. For now, true ‘buy for me’ agentic commerce remains a small part of eBay’s sales, so they can afford to take a pause. And of course, they’re not saying no – they’re just acknowledging the operational challenges specific to their business (online bidding) and taking the time they need to develop the proper protocols and policies.
However, getting a handle on the newly expanded attack surface area is a more universal and fundamental problem that all sites are going to have to deal with. Fortunately, existing online identity verification approaches like biometrics and liveness detection are more relevant than ever – even as e-commerce increasingly shifts from “websites for humans” to “platforms with agent rails.”
