AI agents are reshaping how people shop online. Instead of customers browsing your site directly, they’re increasingly sending AI assistants to research products, compare prices, and complete purchases on their behalf. 70% of consumers across the UK, US, and France have used AI for shopping in the past 12 months.

This creates a trust paradox. The same technology that powers helpful shopping assistants also enables sophisticated attacks. An AI agent could be ChatGPT helping a customer find the perfect gift, or a malicious scraper systematically stealing your product catalog and pricing data. Both look like automated traffic. Both use similar protocols. Both might even present valid credentials.

The visibility problem makes this worse: Galileo, DataDome’s threat research team, recently reported that 80% of AI agents don’t properly identify themselves when visiting websites, meaning your business may face distorted analytics and even the potential for fraudsters to slip through. 

Merchants can’t simply block all agents—that means turning away legitimate customers and losing sales to competitors who embrace agentic commerce. But welcoming all agents without verification invites fraud, data theft, and abuse.

The solution isn’t complicated: build complete agent trust by verifying both identity and intent before granting access.

The identity component

The challenge of verifying agent identity

Agentic commerce introduces a fundamental challenge that traditional e-commerce never faced: how do you verify the identity of software intermediaries acting on behalf of customers?

When a human shops online, merchants rely on signals like device fingerprints, IP addresses, and behavioral patterns to build trust over time. But AI agents operate differently. They:

• Make requests at machine speed
• Shop from centralized infrastructure (ChatGPT’s servers, not the customer’s laptop)
• Don’t have traditional “human” signals to authenticate against
• May share the same underlying platform as other customers’ agents

Without a way to verify agent identity, merchants face an impossible choice: block all AI agents (losing revenue) or allow all of them (inviting fraud and abuse).

This is why authentication protocols have become critical for agentic commerce. The industry needed a way to answer: “Is this actually ChatGPT shopping for a legitimate customer, or a malicious actor spoofing ChatGPT’s identity?”

The industry’s solution: Agent authentication protocols

The industry has converged on cryptographic authentication as the foundation for verifying agent identity. Web Bot Auth, an emerging IETF standard based on RFC 9421, enables AI agents to prove their identity using unforgeable cryptographic signatures—think of them as digital passports that can’t be forged.

Payment networks have built their commerce-specific protocols on top of this foundation, extending it with payment credentials and transaction context. 

Recognizing the surge in AI-driven traffic to retail sites, Visa launched the Trusted Agent Protocol (TAP) in October 2025, backed by major partners including Adyen, Fiserv, Shopify, Stripe, and Worldpay. TAP builds on Web Bot Auth’s cryptographic foundation, extending it with commerce-specific capabilities:

• Agent intent verification
• Consumer recognition data
• Secure payment credential transport

Mastercard followed with Agent Pay, using Web Bot Auth for agent authentication while adding “Agentic Tokens” for Mastercard-branded transaction verification.

These protocols address the identity challenge specific to agentic commerce: verifying not just that an agent is real, but that it’s authorized to transact on behalf of a specific consumer. 

But knowing who an agent is doesn’t tell you what it plans to do. A malicious actor with compromised credentials will pass every authentication check—and that’s where behavioral intelligence becomes critical.

DataDome’s support for authentication protocols

DataDome already supports Web Bot Auth signature verification across our platform, meaning we can cryptographically verify agent identities at the edge, distinguishing legitimate AI platforms and agents like ChatGPT or AWS Bedrock AgentCore from impersonators attempting to spoof trusted identities. With DataDome, merchants get agent identity verification that works across multiple commerce protocols and payment networks. 

That said, knowing who an agent is doesn’t tell you what it plans to do, which is why intent goes hand-in-hand with authentication.

The behavioral component

Why intent matters as much as identity

While authentication protocols address who the agent is, you also need to understand what it’s doing—the behavioral layer that distinguishes legitimate shopping from malicious activity, regardless of authentication method.

Here’s the problem: even authenticated agents can behave maliciously. A valid credential doesn’t guarantee legitimate intent. 

DataDome’s Agent Trust asks the right questions:

• Which specific agent is this? (ChatGPT Agent, AWS Bedrock AgentCore, unknown system, spoofed identifier)
• What is it trying to do? (Research products, complete checkout, harvest data, test payment methods)
• Does its behavior match legitimate intent? (Normal browsing patterns vs. systematic scraping)
• What level of access should it have? (Open product browsing, authenticated checkout, restricted APIs)

This shift from identity-based blocking to intent-based trust management is what lets merchants capture agentic commerce revenue safely. 

Instead of blocking all automation or allowing everything through, DataDome provides granular control based on real-time behavior analysis and governance capabilities to build and adjust agent trust relationships over time, regardless of whether the transaction uses UCP, ACP, or future protocols.

Real-time agent classification at scale

DataDome processes billions of agent requests, using AI models trained on global traffic patterns to identify:

• Legitimate AI shopping assistants from major platforms
• AI browsers like Comet and Atlas
• MCP server traffic
• UCP and ACP protocol implementations
• Spoofed agent identifiers attempting to bypass security
• Malicious automation disguised as helpful agents

This classification happens in real time, analyzing behavioral fingerprints, protocol signals, and request patterns to distinguish productive commerce from harmful automation.

As Dan Ayash, PayPal’s Director of Advanced Cybersecurity Solutions, explains, “To fight AI-driven bots, you have to understand what they’re trying to do, not just who they are. That is what DataDome helps us do.”

Protection without friction

The biggest risk in agentic commerce security isn’t letting bad actors through. It’s blocking legitimate agents that would have generated sales. Every blocked helpful agent potentially sends that customer to a competitor.

DataDome’s approach ensures security doesn’t sacrifice conversion:

• Allow verified agents to research products freely
• Block confirmed malicious traffic before it can extract data or commit fraud
• Adapt as agent behaviors evolve and new attack patterns emerge

This graduated response maintains protection while maximizing legitimate agent-driven revenue.

Why both layers matter

Authentication and behavioral intelligence aren’t redundant—they’re complementary. Here’s what each layer protects against, and what it misses on its own:

Authentication alone catches: 

• Spoofed agent identities
• Unauthorized agents without valid credentials
• Impersonators attempting to bypass protocols

But misses: 

• Compromised legitimate agents
• Credential abuse and misuse
• Malicious behavior from authenticated sources

Behavioral analysis alone catches: 

• Suspicious patterns and anomalies
• Scraping and data harvesting
• Unusual transaction attempts

But misses: 

• Who the agent actually is
• Whether it has authorization to transact
• Distinguishing between similar agent types

Together, they provide complete visibility: A malicious actor with compromised credentials will pass authentication checks but fail behavioral analysis. A legitimate agent exhibiting unusual patterns (perhaps due to a software bug or compromise) gets flagged for investigation even though authentication succeeds.

DataDome operates at both the foundational authentication layer (verifying Web Bot Auth signatures) and the behavioral layer (analyzing intent), assessing agent trust continuously, and providing defense in depth.

The future of agentic commerce security isn’t choosing between these approaches. It’s deploying both, regardless of which commerce protocol your customers use.

What this means for retailers

The adoption of agentic commerce is happening now. The majority of consumers are already using AI for shopping, and the infrastructure is rapidly consolidating around standards like UCP and ACP.

Merchants face a choice: adopt these protocols and capture this growing traffic, or watch customers complete purchases through competitors who participate in the ecosystem.

But adoption without security is reckless. The merchants who succeed will implement comprehensive Agent Trust management from the start—combining authentication protocols with behavioral intelligence rather than waiting for fraud patterns to emerge.

Authentication tells you who’s knocking. Behavioral intelligence tells you what they plan to do once you let them in. You need both.

Download our Guide to Readying Your Business for Agentic Commerce to learn more about how to prepare your business for AI-driven transactions, or schedule a live demo to see DataDome’s Agent Trust management solution in action.