Building Trust in Agentic Commerce

AI agents are moving to the core of digital commerce. Agentic commerce is an emerging transaction space where autonomous AI systems independently conduct purchases on behalf of users. The rise of these agents represents the most significant shift in digital commerce since mobile, with mainstream adoption accelerating through services like ChatGPT enabling in-chat purchases.

What Is Agentic Commerce?

When I talk about agentic commerce, I mean AI-driven agents that can discover products, make recommendations, and complete transactions automatically on behalf of customers. In practical terms, this means consumers may delegate shopping tasks to AI assistants, such as asking an agent to find the best price and order a product.

Why Now Is the Time for Agentic Commerce

AI-driven shopping is quickly moving from hype to reality. According to Stripe's research, 24% of customers already use AI chatbots when researching products. The momentum is accelerating rapidly: Adobe Analytics reports that traffic to U.S. retail sites from generative AI sources increased by 1,200% between July 2024 and February 2025, with AI-driven shoppers showing 8% higher engagement and browsing 12% more pages per visit. Industry predictions suggest this is just the beginning, with medium term predictions that AI agents will handle one-fifth of all eCommerce transactions. At the same time, agentic commerce is moving beyond prototypes. Amazon's Buy For Me feature lets an assistant order from other websites while you stay on Amazon, albeit with human confirmation for the final click. Mastercard's Agent Pay and Walmart's in-development agentic shopping tool promise to guide shoppers through the purchasing journey. And open source projects are being developed to expand the different payment provders available for AI agents. Early movers like OpenAI are addressing parts of the puzzle, offering agents capable of executing transactions.

An important step toward standardized trust is the Agentic Commerce Protocol, an open-source specification developed by Stripe and OpenAI. ACP defines a common language for agents and sellers to coordinate checkout and share payment credentials securely while letting merchants remain the merchant of record. The protocol is open source and works with any payment processor. Sellers implement ACP as an API or MCP server so that agents can initiate and update checkouts. By adopting ACP, merchants can make their checkout agent-ready while continuing to use their existing payment stack.

But a critical trust gap remains. Despite the buzz, consumer trust is fragile: a recent survey by Omnisend reported that two-thirds of consumers refuse to let AI make purchases for them, even if it means missing out on better deals. This skepticism is not surprising. When we let software plan, compare and execute transactions, we introduce new risks, from prompt attacks that manipulate an agent's decisions to misaligned orders that fail to reflect the user's intent. Early pilots highlight the tension. While Amazon's agents handle discovery, they still ask humans to confirm each purchase, acknowledging that many users are not ready to hand over full control. Even the ChatGPT agent launch stream directly highlighted the challenge of safety.

Why Trust and Safety Matter

When agents shop on our behalf, they reinterpret our words into actions. An attacker could exploit that translation through prompt injection, subtly altering an agent's instructions to purchase the wrong item or divert shipments. Traditional fraud systems, designed to detect human behaviour patterns, may flag legitimate agent transactions as suspicious or miss attacks altogether. Early pilots already highlight the tension: while Amazon's agents handle discovery, they still ask humans to confirm each purchase, acknowledging that at least some users aren't ready to hand over full control.

Trust is not just about preventing fraud; it is about ensuring that an agent's plan aligns with the buyer's intent. In a copilot flow, a user can catch errors before checkout. In a fully autonomous flow, the system must verify that instructions such as "buy a large blue cotton T-shirt under £30" do not become "buy any blue shirt" or worse, a random expensive item. Without such guardrails, merchants risk chargebacks and reputational harm. And buyers could lose faith in the model entirely.

Designing a Trust Layer for Agents

Inspired by fraud mitigation tools in payments, I've started thinking through how agentic transactions could be made secure and new risks could be mitigated. I am working toward a goal here of aligning agent-driven purchases with the buyer's true intent and protecting transactions against malicious manipulation. With that goal in mind, here are three core capabilities that I believe could be helpful:

1. Intent verification. Compare the natural language prompt provided by the user with the agent's execution plan and final cart. If the agent's actions deviate, such as ordering an incorrect item or exceeding the specified price, flag the discrepancy before the transaction proceeds.
2. Agent behavioral biometrics. Just as fraud systems understand typical actions by human shoppers, track normal patterns of AI agents, including query cadence, API call sequences, and interaction timing. Abnormal deviations could indicate a compromised agent or prompt injection.
3. Dynamic spending controls. Integrate with payment systems to issue single-use payment tokens tied to a specific task. When intent is verified, generate a virtual card with a spending limit or merchant lock so that repurposed transactions are automatically declined.

These capabilities can operate invisibly, preserving the frictionless experience that makes agentic commerce appealing while ensuring agents cannot act outside their remit. Developers could expose them through APIs, allowing any platform or merchant to integrate trust services without mandating a specific payment provider.

Path to Adoption

Rolling out a trust layer requires careful collaboration between AI platforms, merchants and payment providers. A phased approach could look like this:

1. Pilot with innovative merchants. Work with a handful of brands already experimenting with agentic assistants. Use their real‑world transactions to refine intent verification and behavioural baselines. Retailers on platforms like Shopify would be ideal early partners.
2. Expand ecosystem partnerships. Work with AI model providers, agent frameworks and orchestration platforms to embed trust hooks into the agent toolchain. Over time, a shared trust registry could allow agents to prove compliance across marketplaces.

Looking Ahead

Agentic commerce is arriving faster than many businesses realize. Open standards like the Agentic Commerce Protocol and the rapid evolution of AI agents are maturing the technology stack, while major players such as Amazon, OpenAI, and Google pilot agentic shopping. Surveys still reveal consumer caution, underscoring the need for robust guardrails. By investing now in trusted agentic commerce, businesses can capture an emerging revenue stream while protecting customers and their brands. Building a trust layer through intent verification, behavioral biometrics, and dynamic spending controls will give merchants confidence to let agents shop autonomously and ensure the next wave of commerce is both innovative and secure.