What AI Shopping Agents Actually Do Today
The promise of an AI shopping agent is straightforward: delegate the tedious work of product discovery, price comparison, and purchase completion to a model that acts on your behalf. In practice, however, the current reality falls well short of that vision.
Melissa Bridgeford, cofounder and CEO of Wizard Commerce, offered a telling data point: when users ask ChatGPT for specific product recommendations — ski gloves, for example — the model responds with concrete suggestions only 9% of the time. For a tool positioned as a commerce interface, that conversion rate is commercially negligible.
OpenAI’s own trajectory illustrates the difficulty. Its Instant Checkout feature, which allowed users to complete purchases directly within the chat interface, was quietly abandoned — a pivot that also caused early retail partners, including Walmart, to exit the relationship. The ambition was clear; the execution exposed how much foundational work remains undone.
1. Security Protocols and Retailer Resistance
Many retailers have actively built defenses against third-party shopping agents. Their motivations are understandable: bot traffic, scraping, and automated purchasing already strain ecommerce infrastructure. Welcoming AI agents into that environment without clear standards feels, to many merchants, like opening a door they cannot yet control.
Matt Maher, founder and CEO of M7 Innovations, identified this as one of the core friction points. Security protocols, the absence of agentic commerce standards, and explicit retailer policies blocking third-party agents collectively prevent consumers from completing purchases through AI intermediaries — even when they want to.
2. Fraud Risk at Exponential Scale
Online fraud is already a significant and costly problem in ecommerce. AI agents do not solve that problem — they amplify it.
Norman Menz, CEO of cybersecurity firm Flare, was direct:
We have a huge online fraud problem, ecommerce problem without agents and agents are only going to magnify the problem exponentially.
The attack surface expands in two directions simultaneously. Bad actors can hijack legitimate agents and redirect them toward fraudulent purchases. Alternatively, they can deploy their own agents armed with stolen identities and credit card credentials, operating at a scale and speed no human fraudster could match.
The structural challenge is that fraud prevention systems were designed around human behavior patterns. Agents behave differently — faster, more consistent, and harder to distinguish from legitimate automated traffic.
3. Liability Without a Legal Framework
Perhaps the most consequential gap is legal. When an AI agent completes a purchase that a user claims they did not authorize, who bears responsibility? The answer, currently, is: no one knows.
Courtney Robinson, head of policy and communications at Akoya, framed it precisely:
Liability is wide open right now and being negotiated company to company, but there are no standards around where liability sits when an agent buys something that maybe the user didn’t intend or ask for.
Regulation, as she noted, follows innovation — which means the legal architecture for agentic commerce will be built reactively, likely after the first significant disputes have already occurred.
Maher introduced a useful distinction here. Large merchants may attempt to insulate themselves through terms and conditions, but that legal protection does not eliminate what he called perceptual liability. A loyal customer whose agent mistakenly purchases an unwanted item will still expect a refund. Brand relationships operate on different logic than legal contracts.
The Identity Problem: Who Is the Agent, Really?
Underlying the fraud and liability challenges is a more fundamental question: how does a merchant verify that an AI agent is who it claims to be, and that it has been legitimately authorized to act on behalf of a specific user?
This is the identity problem, and it currently has no standardized solution.
Adam Winnick, cofounder and CEO of Finality, argued that the industry will need new open-source standards and monitoring systems capable of verifying agent identity and confirming that agents have been explicitly empowered by their owners to conduct specific transactions. He suggested blockchain technology as one viable mechanism — not necessarily the only one, but a credible candidate for creating tamper-resistant, auditable records of agent authorization.
Ben Leventhal, founder and CEO of Blackbird Labs, arrived at a similar conclusion from a different angle. His company is building blockchain-based dining rewards infrastructure and is close to enabling AI agents to search for restaurants and make reservations on behalf of users. In that context, payment fraud is less acute — diners still pay in person — but identity verification remains unresolved. His framing is worth noting:
There is going to be an identity payload that people or their agent will carry with them.
That concept — a portable, verifiable identity credential attached to an agent — is likely to become one of the defining technical debates in agentic commerce over the next two to three years.
The Standards Timeline Problem
The technology industry has a well-documented pattern: standards bodies move slowly, and markets move fast. Agentic commerce is no exception.
Developing open standards for agent identity, transaction authorization, fraud liability, and refund protocols historically takes years of negotiation across competing stakeholders. Consumer demand for AI shopping agents is not waiting for that process to conclude.
Menz articulated the likely outcome plainly:
I think there is going to be a demand in the market to adopt and allow for the continued use of AI shopping agents before we have a solution to solve for fraud.
In the interim, merchants will likely absorb fraud risk the same way they currently handle card-not-present transactions — accepting a baseline loss rate as the cost of enabling frictionless commerce.
That is not a sustainable long-term position. But it may be the pragmatic short-term reality.
Where the Opportunity Sits
Despite the unresolved challenges, the direction of travel is not in doubt. Leventhal’s optimism reflects a pattern that repeats across technology adoption cycles: when software becomes genuinely useful — when it feels, in his word, magical — friction dissolves and adoption accelerates regardless of unresolved edge cases.
The opportunity for builders and platforms lies precisely in the gaps identified above. Identity verification infrastructure, agent authorization protocols, fraud detection systems calibrated for non-human transaction patterns, and liability frameworks that can scale beyond bilateral company negotiations — each of these represents both a technical challenge and a commercial opening.
For AI tool builders, the agentic commerce layer is becoming one of the most consequential surfaces to build on. For retailers, the question is no longer whether to engage with AI agents, but how to do so without absorbing unacceptable risk. For regulators, the clock is already running.
The Takeaway for AI Adopters
Agentic commerce is not a future scenario — it is an active development front with real companies, real investment, and real consumer interest. What is missing is not ambition but infrastructure: the identity standards, legal frameworks, and fraud systems that would allow AI shopping agents to operate at scale with acceptable risk profiles.
The tools that emerge to solve these problems — whether blockchain-based, centralized, or some hybrid — will define the architecture of AI-mediated commerce for the next decade. Watching which solutions gain traction, and which standards bodies or consortia begin to coalesce, is one of the more consequential things an informed AI observer can do right now.
The wave is coming. The question is whether the seawall gets built in time.
Comments (0) No comments yet
Want to join this discussion? Login or Register.
No comments yet. Be the first to share your thoughts!