Agentic Commerce: AI Agents That Discover and Complete Purchases

The era when search returned a list of links and checkout required dozens of manual clicks is ending — in its place is a fast-growing wave of agentic AI that not only finds options for consumers but can act on their behalf. Over the past six months a cluster of high‑profile moves — including Mastercard’s Agent Pay launch (April 29, 2025), OpenAI’s Instant Checkout and the Agentic Commerce Protocol (September 29, 2025), and a live pilot enabling ChatGPT-based payments with India’s NPCI and Razorpay (October 9, 2025) — has pushed agentic commerce from research labs into production pilots and merchant integrations. At the same time, analysts warn that many projects will fail if organizations chase hype without governance: Gartner predicted in June 2025 that over 40% of agentic AI projects will be canceled by the end of 2027. This article explains what this shift means for retailers, platforms, payment providers, and IT teams — and lays out practical steps to capture the upside while managing the new risks.

Background​

Agentic AI describes systems built from autonomous, goal‑driven software agents that can plan, use external tools, and complete multi‑step tasks with limited or no human intervention. In commerce scenarios — commonly called agentic commerce or a‑commerce — those agents can discover products, evaluate tradeoffs, negotiate, and complete purchases on behalf of users.
This is not simply a rebrand of chatbots or recommendation engines. Agentic agents are designed to be proactive and stateful: they preserve context over time, call APIs or browser interfaces to gather data, orchestrate other services, and follow policies or constraints defined by users and platforms. The result is a fundamentally different shopper flow: the conversational interface becomes a true marketplace front end where purchase intent can be closed inside an AI interaction.
Recent industry moves have focused on three practical problems that stood in the way of agentic commerce:

• How does an AI agent safely transact on behalf of a user without exposing credentials?
• How do merchants retain control of their catalogs, pricing, fulfillment and post‑purchase relationship?
• What interoperability and security standards are needed so agents can connect to diverse systems?

The fast answer: tokenized credentials (Agentic Tokens), open commerce protocols (Agentic Commerce Protocol / ACP), and model-to-tool integration standards like the Model Context Protocol (MCP) — together with merchant developer toolkits and registration/verification systems — are becoming the plumbing of agentic commerce.

---

What agentic commerce actually is​

The user experience, redefined​

Imagine telling an AI: “Book a nonstop flight to London under $600 next week, no red‑eyes, use my loyalty points where it saves money.” An agent built for commerce can:

• Turn that instruction into a plan (identify airlines, price windows, loyalty balances).
• Query multiple sources (airline APIs, fare aggregators) and compare options.
• Ask clarifying questions if needed, or proceed.
• Authenticate using a restricted, time‑limited credential and complete the purchase.
• Save the itinerary to your calendar and handle refunds or changes if rules allow.

Applied to retail, agents can proactively monitor inventories, reorder consumables (paper towels when they estimate you’re low), negotiate B2B sourcing terms, or assemble multi‑item carts across merchants. Crucially, when agents are authorized to act, the interaction ends with a completed transaction rather than a link back to a checkout page.

Architecture and components​

Agentic commerce systems typically combine several building blocks:

• Large language models (LLMs) for intent interpretation and multi‑step reasoning.
• Agents orchestration layers that manage planning, tool selection, and retries.
• Tooling adapters and MCP servers that let agents interact with databases, inventory systems, and payment processors in a standard, machine‑readable way.
• Tokenized payment credentials scoped to agent identity and allowed actions.

This stack enables multi‑agent workflows: one agent might handle product discovery, another pricing negotiation, and a third complete payment and fulfillment coordination.

---

Standards and protocols: MCP, ACP and Agentic Tokens​

Two technical standards have become central in practice and press coverage in 2025.

• Model Context Protocol (MCP) — an open protocol that standardizes how models and agents access external tools, files, and services. MCP allows developers to expose data sources and capabilities in a consistent, auditable format so agents can request and consume context safely. MCP adoption has accelerated across toolmakers, platforms, and cloud vendors to make agent‑to‑tool integrations repeatable and interoperable.
• Agentic Commerce Protocol (ACP) — an open specification for programmatic commerce flows connecting AI agents, payments, and merchant order systems. ACP is designed so merchants remain the merchant of record, handling pricing, stock, returns and post‑purchase support while agents act as buyer proxies.
• Agentic Tokens (or similar tokenization schemes) are dynamic credentials issued to verified agents that carry tight constraints: allowed merchant categories, per‑transaction limits, time windows, and revocation controls. These tokens let agents act without exposing a user’s real card data.

These standards address three urgent needs: interoperability (agents can integrate any compliant merchant), security and traceability (transactions are associated with verifiable agent credentials), and merchant control (retailers decide whether to accept agent‑initiated purchases and under what terms).

---

The recent moves that matter​

Mastercard: building the payments trust layer​

In April 2025 Mastercard announced Agent Pay, its Agentic Payments Program and Agentic Tokens, a tokenization approach intended to register, verify and enable trusted agents to transact on behalf of consumers and businesses. The program emphasizes merchant visibility, fraud protection, and consumer controls — all designed to make agent‑led purchases auditable and reversible when needed.
Why it matters: payments are the single biggest practical blocker for agent autonomy — credential safety, fraud signals, and dispute flows. A major card network committing to verified agents and token standards lowers a high barrier for wide merchant adoption.

OpenAI: Instant Checkout and the Agentic Commerce Protocol​

On September 29, 2025 OpenAI launched Instant Checkout and published the Agentic Commerce Protocol (ACP) powering it. Instant Checkout initially enabled single‑item purchases from U.S. Etsy sellers inside ChatGPT and listed a broader merchant rollout (Shopify merchants were specifically called out).
Why it matters: OpenAI’s experience and traffic volume make redirect‑free commerce viable at scale. ACP focuses on preserving merchant ownership of customer relationships while making their inventories discoverable to agents. That combination reduces merchant risk of being disintermediated by platform agents.

Shopify, Stripe, payment networks and local pilots​

Shopify announced integrations to make millions of merchants discoverable to AI conversations. Payment integrators from Stripe to local players (for example the pilot between OpenAI, NPCI and Razorpay) are experimenting with localized flows that respect regional payment rails (India’s UPI is a unique use case). These pilots demonstrate how agentic payments can be implemented on different regulatory rails.
Why it matters: merchant platforms and local payments infrastructure are essential for reach. When major commerce platforms and local payments networks are aligned, agentic commerce can scale quickly across regions.

Enterprise vendors and marketplaces​

Platform providers that power merchants — including marketplace operators and ecommerce infrastructure vendors — are actively building agent‑ready endpoints and product feed specs so agents can index accurate catalog data, shipping promises, and return policies. Mirakl, for example, has been explicit about preparing marketplaces for “agentic commerce” by enriching product metadata and integrating AI across catalog and retail media workflows.
Why it matters: agentic agents need high‑quality structured product information, not just web pages. Retailers with clean catalogs and rich metadata will show up more reliably in agentic searches and recommendations.

---

Business implications for retailers and platforms​

Search and discovery change​

Traditional search engine optimization (SEO) is already being joined by generative experience optimization (GXO): optimizing content to surface in AI conversations. But agentic commerce is deeper — it requires structured, machine‑readable product metadata, reliable stock information, and clear fulfillment promises. Retailers that maintain accurate feeds and APIs will be preferred by agents.

New revenue channels and threats to direct traffic​

Agents will create new distribution channels and high‑intent signals that increase conversion rates, but they also shift the point of customer contact from the merchant’s storefront to the agent platform. That’s why ACP’s principle — letting merchants own post‑purchase relationships — is critical. Merchants must ensure their terms, pricing integrity, and fulfillment commitments are explicit and enforced.

Operational changes​

Agentic commerce magnifies issues that already plague large ecommerce operations: mispriced SKUs, late shipments, and poor returns handling. Agents expect predictable outcomes; if merchant systems cannot deliver, consumers will experience friction and possibly contest agentic transactions. Retailers need to tighten inventory accuracy, update lead times, and surface exceptions in machine‑readable form.

Retailer readiness: what to prioritize​

• Clean, structured product data (rich content, specifications, multiple images).
• Real‑time inventory and fulfillment transparency.
• Programmatic interfaces that support ACP or platform‑specific agent integrations.
• Policies and guardrails for agent‑initiated flows (what categories, thresholds, or user confirmation levels are required).

Mirakl’s leadership — echoing industry voices — warns that retailers who ignore agentic commerce risk being bypassed in discovery and conversion moments. That warning is simple: presence in AI‑led discovery matters for traffic, conversion and pricing power.

---

Security, privacy and operational risk​

Agentic AI creates a new threat surface where mistakes or malicious actors can have immediate financial consequences. Key risks include:

• Credential misuse and lateral tool access: poorly scoped tokens or excessive tool permissions can allow agents (or hijacked agents) to make unauthorized purchases or exfiltrate data.
• Prompt injection and tool compromise: combining multiple tools or chaining agent actions can lead to injection-style attacks where untrusted input causes agents to call unauthorized tools or leak sensitive content.
• Objective drift and runaway actions: without tight constraints, agents can pursue sub‑goals that conflict with user intent or compliance requirements.
• Fraud amplification: attackers can use agentic flows to scale social engineering and money‑mules, automating complex fraud patterns.
• Regulatory and KYC/KYA gaps: financial regulators expect clarity about who is acting and why. Know‑Your‑Agent (KYA) and verifiable agent identities are becoming a regulatory expectation in payments pilots.

Analysts and security professionals have recommended a defensive posture: treat agents as powerful, semi‑trusted actors that require strict guardrails. Practical mitigations include:

• Narrow, revocable tokens tied to specific agent IDs, merchant categories, and dollar limits.
• Agent registration, vetting and attestation (verifiable credentials that prove agent provenance).
• Runtime monitoring and anomaly detection for agent behavior, with human‑in‑loop escalation for high‑risk actions.
• Least‑privilege architecture for tools and APIs: agents should only see what they need.
• End‑to‑end observability and immutable audit logs to reconstruct agent decisions and support disputes.
• Regular security testing focused on chain‑of‑actions attacks (prompt injection, tool‑chaining vulnerabilities).

These controls are exactly what payment networks and merchants are promising in their agentic initiatives — but implementation and enforcement will define winners and losers in the near term.

---

Regulatory, legal, and ethical considerations​

Agentic commerce raises questions for consumer protection, data privacy and liability. Regulators will expect:

• Clear consumer consent flows and the ability to revoke agent permissions.
• Transparent transaction records that indicate an agent acted and what the agent was authorized to do.
• Mechanisms for dispute resolution that preserve consumer protections even when purchases occur outside merchant‑owned storefronts.
• Identity and privacy standards for agent credentials, including whether agents must present verifiable claims separate from the consumer.

Payments pilots in regulated markets (for example the NPCI/U.P.I. ChatGPT pilot) will be watched closely by regulators worldwide. These pilots will illuminate which privacy, anti‑money‑laundering (AML) and consumer‑protection measures are necessary for broader rollout.

---

Practical implementation checklist for IT teams and retailers​

• Inventory hygiene: audit product data, SKU accuracy, images and return policies. Agents rely on machine‑readable signals; human inconsistencies map directly to customer dissatisfaction.
• API readiness: expose real‑time inventory and fulfillment endpoints and support ACP or platform‑specific product feed specifications.
• Token strategy: design token scopes for agent actions (per merchant, per category, time‑bounded) and ensure immediate revocation capabilities.
• Agent identity and vetting: require agent registration, KYA (Know‑Your‑Agent) processes and verifiable credentials for third‑party agents.
• Monitoring and observability: add agent‑specific telemetry, anomaly detection, and human escalation workflows for flagged transactions.
• Fraud and dispute playbooks: extend chargeback and dispute workflows to include agentic metadata (agent ID, authorization scope, intent proof).
• Security testing: include chain‑of-actions scenario testing (prompt injection, tool misuse) in penetration and red‑team exercises.
• UX decision rules: decide where human confirmation is mandatory (high‑value items, regulated goods, cross‑border purchases).
• Legal and privacy alignment: work with compliance teams to update T&Cs, privacy notices and consent flows to cover agent interactions.
• Merchant onboarding and communications: document how agent‑initiated orders will appear in merchant dashboards and customer communications.

Following these steps reduces the risk of being surprised by agentic transactions and ensures that agentic channels become profitable rather than hazardous.

---

Predictions and timeline​

• Short term (0–12 months): Expect rapid merchant onboarding to agentic channels for high‑margin, lower‑risk categories (single‑item, consumables, standard SKUs). Payment providers and platforms will expand pilot programs. Tokenization and ACP adoption will spread among merchants that already have programmatic catalogs.
• Medium term (1–3 years): Standards such as MCP and ACP will be more mature and widely implemented. However, per Gartner’s June 2025 warnings, many early projects that lack clear ROI or run into operational complexity will be canceled. Retailers that invested early in catalog hygiene and API readiness will realize outsized ROI.
• Long term (3+ years): Agent identities, verifiable credentials and cross‑platform agent registries may become common. Multi‑agent ecosystems will coordinate complex flows (procurement, supply chain negotiation), and agentic decisioning will be embedded into enterprise systems. Regulatory frameworks will adapt to define agent liability, consumer consent and cross‑border agent commerce rules.

---

Strengths and immediate opportunities​

• Convenience and conversion: agentic flows map to moments of high purchase intent; closing that loop in chat reduces friction and increases conversion rates.
• Personalization at scale: persistent agents that know preferences, sizes, and budgets can offer truly personalized shopping, upsells and lifetime value increases.
• New channels for long‑tail merchants: small merchants will gain discovery if platform agents index product feeds reliably.
• B2B automation: procurement agents can dramatically streamline sourcing, negotiation and vendor management.

---

Risks and red flags (what to watch)​

• Agent washing: vendors claiming agentic capabilities when they’re only rebranded chatbots will mislead buyers and waste budgets.
• Data and catalog gaps: inconsistent metadata will cause agents to make wrong decisions or default to unsafe behaviors.
• Security and fraud: improper token scoping, tool chain vulnerabilities or lax agent vetting can enable large‑scale fraud.
• Regulatory mismatch: inconsistent global rules for payments, privacy and liability will complicate cross‑border agentic commerce.
• User trust erosion: unclear authorization flows or unexpected charges will quickly erode consumer trust in agentic experiences.

When a credible analyst firm warns that over 40% of agentic projects may be canceled in the next two years, that is not a rejection of the technology — it is a warning about poor selection of use cases, lack of governance, and unrealistic timelines. Organizations must be pragmatic: start with clearly measurable use cases and strong guardrails.

---

Recommendations for WindowsForum readers and IT decision‑makers​

• Treat agentic commerce as a platform change, not merely a feature upgrade. Design product data, inventory systems and payment integrations for machine consumption.
• Prioritize intentful use cases: repeat consumables, simple single‑item purchases, subscription renewals, and B2B procurement workflows where rules are clear.
• Insist on agent identity and tokenization standards when integrating with third‑party agents or platforms. Do not hand over permanent credentials.
• Build observability first: you cannot debug agentic interactions without end‑to‑end logging that links user intent to agent actions.
• Run security red teams that simulate chained agent behaviors (tool‑chaining, prompt injection, and token misuse) and require corrective action before launch.
• Follow standards (MCP, ACP) — interoperable implementations reduce future rework and vendor lock‑in.

---

The verdict​

Agentic AI is the natural next wave in the evolution of commerce: it marries high‑intent discovery with the ability to close transactions inside conversational experiences. The last six months have shown the “how”: card networks issuing scoped tokens, platforms publishing commerce protocols, and pilots tying agentic flows into national payment rails. These technical and commercial experiments are accelerating real use cases.
But promise is not guarantee. The business and technical complexity of making agents reliable, auditable and secure is substantial. Gartner’s forecast that many projects will be canceled is a sober reminder that good governance, precise use case selection, and investment in data and security plumbing are not optional.
For retailers and IT teams that move deliberately — cleaning product data, implementing tokenized payments, and building clear policies for agent behavior — the first‑mover advantage could be significant. For those that delay or treat agentic AI as a marketing checkbox, the risk is losing direct access to high‑intent buyers in an increasingly conversational world.
Agentic commerce will reshape how people buy and how systems integrate. The next two years will determine which companies built the durable foundations and which ones chased flash and rebranded old features as “agentic.” The technical standards, pilot results and security lessons being written now will set the rules for a long era of AI agents acting for people — and for businesses smart enough to prepare, the opportunities will be real and sizable.

---

Source: Forbes Latest Agentic AI News Today | Trends, Predictions, & Analysis