Your AI Agent Just Got Hacked
The traditional approach of blocking first and asking questions later won't work. What's required are new trust systems designed for humans to work with artificial entities that can be compromised, cloned, or weaponized.
I was brushing my teeth when the first email arrived: "Your eBay contact information has been updated." Then another. "Your eBay username has changed" By the time I reached my computer, that sinking feeling confirmed my worst suspicions. Someone had hijacked my account on a platform I hadn't actively used in nearly a year.
eBay was not the crown jewel of my digital life in that moment. But as I frantically initiated a chat with customer support and locked down the account, a darker realization crept in: if someone could so easily commandeer my dormant eBay presence, what happens when AI agents start shopping with full autonomy? What I was experiencing as a manageable violation - an hour or so of proving my identity and confirming no fraudulent transactions had occurred - suddenly felt like a preview of something much worse.
Three fraud prevention companies approached me last week, each warning about distinct security gaps opening up as AI agents start shopping independently. While traditional e-commerce fraud targets payment systems or user accounts, agentic commerce creates entirely new vulnerabilities: agents themselves can be compromised, weaponized at scale, or used to bypass decades of security infrastructure.
The New Attack Surface
The new nightmare scenario is straightforward: You've authorized ChatGPT to handle routine purchases with your credit card. A fraudster compromises your AI agent's account—not your Amazon account, not your credit card, but your ChatGPT sidekick itself. Now they have a tireless digital worker that can attempt thousands of transactions at machine speed, shipping products worldwide before you've finished your morning coffee.
This isn't the only new vulnerability. As agents begin communicating directly with merchant systems through protocols like MCP (Model Context Protocol), we're opening doors that didn't exist two years ago. Without proper authentication standards—which don't yet exist—fraud rings could bypass web interfaces and attack retailer APIs directly.
The verification challenge multiplies: retailers need to verify not just the human behind a transaction, but the agent's legitimacy. Who built this agent? What code is it running? Has that code been tampered with mid-session? What exactly did the human authorize it to do?
Global identity verification company Trulioo describes this as a "verification chain of custody" problem. Companies need to consider how they can establish trust with their user base: "All to make sure that the people and businesses who are entering those platforms and ecosystems are who they say they are," Trulioo's Chief Product Officer, Zac Cohen, told me.
Sure, you’re crushing it on Amazon and Walmart. But what about Kroger, Instacart, and the fast-growing regional grocers? Acosta Group builds holistic media plans built on real shopper behavior across all the US retailers that your brand cares about.
They work directly with retailers of all sizes and know where your dollars will drive the biggest sales impact. From digital shelf to retail media to data analytics Acosta Group offers end-to-end Connected Commerce—all under one roof.
Why Traditional Defenses Fall Apart
Jeff Otto, CMO of chargeback prevention platform Riskified, lays out a terrifying situation: "Imagine your agent's account gets taken over. You gave up your ChatGPT credentials... And now it's not you that's logged in. It's the fraudster. And that agent has been empowered with the ability to check out on your behalf using your cards , using your crypto account. Now you can run run wild with that identity."
Here's what stops working when agents enter the picture:
- Bot detection becomes useless: Agents are supposed to be automated—they pass bot checks by design
- CAPTCHAs get solved instantly: These identity verification mechanisms can be defeated by tools sold on the dark web
- Traditional behavioral analysis fails: AI can mimic "normal" shopping patterns perfectly
- KYC (Know Your Customer) and biometrics become vulnerable: Generative AI increasingly spoofs facial recognition and documents
- Account bans mean nothing: Create a new agent with new credentials in seconds
- Rate limiting breaks legitimate use: Agents naturally operate faster than humans, allowing existing fraud strategies to be scaled infinitely
Retailers face an impossible choice. Many have spent years building sophisticated systems to block all bot traffic. Now they need to reverse course, learning to welcome legitimate shopping agents while stopping malicious ones.
The Refund Abuse Problem Gets Worse
Return fraud already costs US retailers $100 billion annually, a figure that exploded during the pandemic. Now imagine AI agents that can negotiate refunds with perfect recall of consumer protection laws, infinite patience, and the ability to cite every precedent in your returns policy.
Riskified, whose primary focus is detecting fraud at the checkout stage of online payments, flags this as a major concern—distinguishing between legitimate customer service interactions and weaponized agent abuse becomes nearly impossible when the AI perfectly mimics an aggrieved customer. They're developing detection models, but as one executive admitted, this is more nuanced than traditional fraud. It's not binary fraud versus legitimate—it's a spectrum of aggressive but technically legal behavior that agents can execute at unprecedented scale.
Among the solutions Riskified has built is a policy builder that helps retailers address fraudulent returns, and an MCP server that helps merchants to grade web traffic.
What's Being Built
While Riskified sets its sights on detecting fraud at checkout, other companies are approaching the various fraud issues differently.
World ID takes a more extreme approach: in-person iris scanning through their physical Orb devices to create unfakeable human verification or 'Proof of Human', without revealing personal identifying information.
As Tiago Sada, Head of Product at World ID, told me, "We need a blue check mark that actually works."
With World ID's 'Proof of Human,' if someone uses an agent to commit fraud, a merchant can ban the actual human permanently, not just the account. The company's claim that "anything digital will be fakeable with AI" might be right, but getting millions of people to scan their irises remains a steep hill. The World ID solution relies on consumer adoption to work, as opposed to a merchant-enacted safeguard. This requires dangling some carrots: the company's Shopify integration encourages merchants to offer limited discounts and product drops with a twist: only one item per human. It's a sledgehammer solution that might work, but requires massive adoption to be effective.
Trulioo is taking a different tack in establishing trust in the digital and agentic future. Its "digital agent passport" is designed to establish trust in the actions of AI agents. It verifies who built the agent and where it originated. From there, Trulioo can connect, monitor, and validate an agent across different activities and platforms like merchant websites, payment platforms, and crypto transactions. It functions as a "thin digital wallet" where identity protocols, credentials, permissions, and consents are embedded and carried by the agent.
The reality check: Most merchants are still blocking all agent traffic indiscriminately, treating beneficial shopping assistants the same as bad actors. The infrastructure to differentiate doesn't exist at scale. Those who try to allow agents often have no way to verify their legitimacy or monitor for compromised behavior.
It's coming, but how soon?
PayPal projects 25% of e-commerce will be agent-driven by 2030—roughly $2 trillion in transactions. That's five years to solve problems we're only starting to understand.
The infrastructure decisions being made today will determine whether agentic commerce becomes a fraud prevention nightmare or just another evolutionary step in digital transactions. The companies I spoke with are placing different bets—some on biometric verification, others on agent authentication protocols, still others on behavioral analysis that can distinguish legitimate from malicious automation.
What's clear is that the traditional approach of blocking first and asking questions later won't work. What's required are new trust systems designed for humans to work with artificial entities that can be compromised, cloned, or weaponized.
My eBay account eventually got secured with a simple password reset. The agents handling trillions in future commerce won't offer us that luxury of easy recovery—or the comfort of knowing a human is watching.
Related posts from me:
Kiri Masters
Kiri Masters
