top of page
Search

AI Agents Are Shopping for Us — and Scamming Retailers at Record Scale

As retailers gear up for Black Friday 2025, the threat landscape looks nothing like the bot-swarm years of the past. Instead, the biggest disruptor is the one shoppers chose to unleash: agentic commerce — the growing trend of AI agents browsing, comparing, and even purchasing on behalf of real users.


It’s a seismic convenience shift. But the capabilities that turn AI into your personal bargain-hunting concierge also give fraudsters a powerful way to blend in. According to Jerome Segura, VP of Threat Research at DataDome, “the challenge isn’t stopping bots; it’s distinguishing between legitimate agent-driven interactions and malicious automation designed to mimic them.”


That distinction is eroding fast. And the stakes, especially during peak holiday volume, have never been higher.


Retailers Are Still Wide Open


DataDome’s Advanced Threat Research team stress-tested 11 major e-commerce platforms using open-source automation tools configured to behave like today’s AI-driven threats. The results show an industry stuck in neutral while attacks increase in speed, depth, and realism.


  • 64% of retailers are still vulnerable to fake account creation.


  • 73% accept disposable emails, giving attackers an infinite supply of throwaway identities.


  • Only 27% have effective bot detection during signup.


  • 36% have no MFA on account creation flows — at the height of credential abuse season.


Segura warns that the consequences are cascading across the account layer. “Legitimate agents assisting users and malicious bots probing for vulnerabilities follow similar account creation and login paths,” he noted. “The result? More stolen accounts, drained gift cards, and real shoppers forced to battle bots for this year’s hottest gifts — right in the middle of the holiday rush.”


Fake Accounts: The Fraud Factory Hiding in Plain Sight


Disposable email domains, Gmail aliasing tricks, and increasingly human-like AI interaction models have made synthetic identities trivial to scale. For attackers, fake accounts unlock:


  • Unlimited promo abuse


  • Loopholes around purchase limits


  • High-demand product hoarding


  • A steady supply of accounts to resell or weaponize


Financially, it’s a bloodletting. DataDome estimates each coordinated campaign can cost retailers $50,000 to $500,000, depending on the target and incentives offered.


And this year, attackers aren’t just automating — they’re improvising. AI agents now modulate inputs, adjust timing, and mimic human uncertainty in ways that break traditional bot filters.


Credential Stuffing Has Become AI-Optimized


Login defenses look even worse than signup flows:


  • 82% of retailers allow automated login attempts without any challenge.


  • 64% have no account lockout policy.


This makes credential stuffing — already one of the highest-ROI forms of fraud — even more dangerous when AI enters the mix. Automated agents can now continuously learn from platform responses, downshift when detection spikes, and distribute attempts across infrastructure to stay invisible.


Once inside, attackers move quickly: stored cards, loyalty points, gift balances, purchase histories, and user trust are all fair game.


The New Wildcard: Users Letting AI Agents Log In for Them


Here’s the curveball:As platforms try to distinguish good automation from malicious automation, users themselves are creating the ambiguity.


Gartner predicts that 90% of organizations that allow users to share credentials with AI agents will experience three times more account takeover incidents by 2028. And yet, 36% of U.S. adults already want an AI agent to shop for them.


Retailers now face a brutal paradox:


  • Block automation → break the legitimate agentic commerce experience


  • Allow automation → open the door to credential abuse at scale


And the infrastructure to manage this gray zone simply doesn’t exist yet.


Disposable Emails Are the Silent MFA Killer


Even retailers who think they’re safe behind MFA often aren’t. With 73% accepting disposable domains, attackers use throwaway inboxes to:


  • Register hundreds of accounts


  • Receive and verify MFA codes


  • Automate the entire flow without friction


The result is what DataDome calls a “false sense of identity security”: MFA boxes get checked, but the account is still synthetic from the start.


With Hours Left Before Black Friday, Retailers Can Still Close the Biggest Holes


DataDome outlines several urgent fixes that can be deployed in under 48 hours — and would immediately cut off the riskiest attack paths:


1. Block disposable email providers


This alone can reduce fake account creation by up to 80–90%.


2. Normalize email inputs


Stripping “dot” and “plus” variations from Gmail addresses prevents multi-account abuse by as much as 70%.


3. Enforce account lockout


A basic control — but one that 64% still ignore.


4. Lock down robots.txt and harden bot management


Attackers increasingly use AI agents that respect or inspect these directives before probing deeper.


The Bottom Line: AI Agents Are Reshaping Fraud Faster Than Retailers Can React


A minority of retailers have started deploying layered, adaptive detection systems built for agentic commerce. But most haven’t. DataDome’s assessment found that:


  • 64% lack baseline defenses


  • 18% lack even fundamental safeguards


  • Black Friday 2025 is poised for mass fake accounts and widespread account takeovers


The twist? These problems aren’t unsolvable. They’re just urgent.


With the right controls, retailers can still secure the holiday season — and build trust in an era where shoppers aren’t the only ones filling their carts. AI agents are doing it too, for better or worse.

bottom of page