Agentic commerce and the new attack surfaces & vectors it introduces

Agentic commerce introduces new surfaces to defend and new tactics attackers can exploit. It’s helpful to separate the two:

Attack surfaces:

• Public APIs that agents may use to fetch product data (like descriptions, images, prices, shipping times, etc.), check availability, or place orders
• MCP (Model Context Protocol) servers are designed to help agents communicate their  intent and provide relevant context
• Web and app properties that agents can scrape or reference for product data
• The agents themselves, which may be compromised, impersonated, or hijacked

Attack vectors:

• Fraudsters mimicking legitimate agents to bypass detection and gain access to privileged resources
• If a user delegates purchasing authority to an agent, and that account is compromised, i.e., an AI agent takeover, the agent can be hijacked to execute unauthorized transactions
• Exploiting stored credentials or session tokens via upstream compromise
• Feeding manipulated inputs to agents (e.g., fake product listings or pricing data) to cause incorrect purchasing behavior

The last example highlights the complexity of some of these scenarios. Attackers can spin up fake accounts and post products that appear legitimate, only for the goods to never ship or arrive as counterfeit. Suppose an AI agent acting in good faith purchases from one of these listings. In that case, the fallout is complex: buyers may receive protection through their payment provider, but that provider may then still bear a loss.

Some of these are already playing out across early implementations. And as merchant adoption lags behind agent development, fraudsters will capitalize on the increased exposure.

Why traditional fraud models won’t hold

Online businesses once focused on identifying and blocking bots. Now, with the rise of agentic commerce, they’re actually inviting them to make purchases. This shift makes detection far more complex. Traditional fraud models are built around verifying identity—but when legitimate users send AI agents to act on their behalf, that approach no longer works. To keep pace, fraud and security teams must evolve toward intent-based detection.

Intent-based detection—powered by machine learning and behavioral analysis—enables companies to differentiate between AI agents conducting legitimate tasks, such as price comparison or transaction assistance, and those engaged in malicious activities, like scraping, fraud, or credential stuffing. 

This shift from chatbots to agentic AI mirrors the transition from browser-based traffic to mobile apps some years back. Just as businesses had to rethink web security when mobile apps changed how users interacted with their services, they must now adapt to AI agents.

Fraud systems must evolve to assess intent, context, and the nature of the user or agent—not just whether it looks like a bot or not. 

Agentic commerce isn’t just a security issue; it’s a business one

When agents handle the transaction, you lose more than session context. You lose the customer experience. That has ripple effects:

• Fewer upsell opportunities: Agents don’t browse; they buy. Today, that means no impulse purchases or emotional triggers. But this may change quickly; models are already learning to ask contextual follow-ups (“Would you like accessories for that?” or “Should I compare similar options?”), which could make AI-driven upselling a new frontier.
• Less user visibility: You miss out on critical first-party data and behavioral analytics that inform product, UX, and marketing.
• Broken attribution: When the transaction is executed from a chat or LLM interface, you may never see the user or be able to trace the funnel. This hurts your marketing analytics and retargeting efforts. 
• Shifting monetization potential: For content publishers, agents represent a potential new traffic, referral, and monetization channel. For merchants, the economics are more complex: platforms like Google already charge commissions (typically 9–15%) on sales completed directly through agentic interfaces like Shopping Actions. In other words, agents may drive more volume, but they’ll also reshape who captures the margin.

Agentic commerce reshapes how businesses engage, convert, and profit from digital traffic. Securing agentic commerce is therefore not just about stopping fraud; it’s also about safeguarding visibility, control, and revenue in a world where AI now drives the growth of your business. 

Where DataDome fits into Agentic Commerce

Under user instruction, agents can interact directly with e-commerce and payment systems to interpret requests and constraints such as budget, delivery time, and brand preferences. Completely denying access to these agents is a business decision that could limit potential sales.

According to our Global Bot Security Report 2025, AI-driven traffic is rapidly increasing. AI agents now account for 10% of all bot traffic—up from 2.6% in January, a fourfold jump in just eight months. DataDome’s analysis shows that 64% of AI traffic targets form pages, 23% hit login pages, and 5% reach checkout. In other words, AI agents are directly interacting with merchants’ infrastructure—calling public APIs, checking availability, building carts, and even triggering purchases. This is exactly where DataDome’s protection is most effective.

DataDome offers: 

Visibility into & control over AI agents and LLM traffic

We identify and categorize traffic from AI agents, LLMs, and automated systems, helping teams distinguish trusted automation from threat actors. Through our dashboard, teams can set customized policies for each agent, including blocking, rate limiting, allowing, or even monetizing traffic.

AI monetization options

Through partnerships with Skyfire and TollBit, DataDome offers a first-of-its-kind AI monetization partner ecosystem. This program allows businesses to manage AI traffic and monetize it, turning AI agent access into a new revenue stream.

MCP Protection

We offer Model Context Protocol (MCP) Protection to protect your MCP server from malicious traffic. DataDome detects and classifies every MCP request to distinguish trusted interactions from malicious or unwanted activity, ensuring accuracy without disruption.

Real-time intent-based detection

We analyze web, app, API, and MCP traffic to understand intent. Our AI detection engine assesses intent based on contextual and behavioral signals, even when no human session exists.

Expertise in adopting Agentic Commerce

DataDome is partnering with some of the world’s largest companies—including Etsy, Petco, PayPal, and others—to help them prepare for the next era of agentic commerce. Our team of experts is uniquely equipped to advise your business on how to enable seamless, frictionless experiences for genuine users while stopping fraud and malicious activity before it happens.

What comes next for businesses

The adoption of agentic commerce is accelerating. While the specific implementations vary, the trend is clear: more transactions are being executed by AI agents acting on behalf of users.

This changes the nature of fraud prevention. It introduces unfamiliar traffic patterns and expands the attack surface beyond the user interface.

It also creates an opportunity. Organizations that rethink their detection strategies now, shifting from identity to intent-based detection and from rigid rules to real-time contextual scoring, will be better positioned not just to block emerging abuse but to support legitimate automation, preserve customer experience, and unlock new monetization opportunities as agentic commerce evolves.

The future of fraud defense hinges on understanding what’s behind every request, even when the buyer isn’t human.

If your team is planning for what comes next, we can help. Schedule a demo to learn how DataDome protects your websites, apps, APIs, and MCP server in the age of agentic commerce, and gives you full visibility and control over LLM crawlers and agentic AI traffic.