Agentic Commerce: How Merchants Onboard AI Agents Without Sacrificing Control

Ecommerce merchants face a pivotal choice: blanket-block AI crawlers and risk missing the next major shopping channel, or selectively monitor and enable agentic access to capture buyers who will increasingly begin — and sometimes finish — their purchase journeys inside conversational AI. Scot Wingo’s recent “Ask an Expert” column argues the decision must be strategic, not reflexive: don’t slam the door on AI agents — prepare for them, while still defending your catalog, margins, and customer relationships from misuse. This article explains the technical landscape behind that advice, evaluates the commercial upside and operational risks, and gives a practical, prioritized plan for merchants who want to profit from agentic commerce without becoming collateral damage.

Background: why this is not just another wave of bots​

AI-driven agents — the chat assistants and “answer engines” that act on behalf of users — have evolved from curiosity tools into commerce surfaces. Over the last 18 months major platforms announced product-level checkout and commerce protocols that let agents discover products, assemble carts, and complete purchases without sending the shopper to a merchant’s website.

• Open standards and vendor initiatives now exist to make agent-to-merchant commerce programmable and secure. Standards such as the Agentic Commerce Protocol (ACP) and Google’s Universal Commerce Protocol (UCP) were introduced to support checkout flows initiated by agents, not traditional web sessions.
• Multiple large AI platforms have launched or tested in-chat checkout: the rollout of Instant Checkout in ChatGPT (via ACP-enabled flows), Google’s integration of buy-capability into Gemini and Search through UCP, Microsoft’s Copilot Checkout experiments, and new shopping features in AI-first engines like Perplexity with embedded payment paths.
• Platform-level payments and commerce partnerships (PayPal, Stripe and major card networks) are wiring payments into agent flows so purchases can be completed in two or three clicks inside an AI surface.

These changes mean that discovery, consideration, and conversion are being reorganized around conversational surfaces. For merchants, the consequence is not simply new traffic sources; it’s a potential shift of where intent converts and who controls the checkout experience.

---

Overview: Scot Wingo’s central argument — don’t outright block AI agents​

Scot Wingo’s view is straightforward and strategic: AI agents represent a major commercial opportunity — possibly as large as any given online marketplace — and merchants should embrace agentic discovery while controlling how agents access product data and transact. Key points from his column:

• Agentic commerce is mainstream. Leading agent platforms collectively reach huge audiences and are rapidly adding commerce features.
• Agents need more than product titles and prices; they need contextual attributes, use cases, and rich question-and-answer content that help models map user intent to the right SKU.
• Merchants should make their full catalogs agent-accessible and extend product metadata to include buyer-centric scenarios and frequently asked questions, thereby improving recommendation quality and conversion inside agents.
• Because platforms are moving to “AI Mode” (search and chat-first surfaces), click-through rates on merchant sites may decline; the time to prepare is now.

Wingo’s conclusion is a counternarrative to reflexive blocking: rather than a binary “allow” or “deny,” treat agent access as a channel that needs onboarding, performance measurement, and safeguards.

---

The technical plumbing: protocols, tokens, and “agent-ready” checkouts​

Understanding the standards helps merchants decide how to participate without ceding control.

Agentic Commerce Protocol (ACP) and Universal Commerce Protocol (UCP)​

• ACP emerged to enable secure checkout handoffs between a consumer’s agent (for instance ChatGPT) and a merchant’s payment endpoint. It focuses on secure tokenized payments, merchant control of fulfillment and product presentation, and flexibility across payment processors.
• UCP, announced by Google and industry partners, is a complementary open standard intended to standardize discovery, checkout, and post-purchase flows across agentic surfaces. UCP emphasizes compatibility across agent-to-agent and platform-to-merchant interactions.

Both protocols share practical goals: reduce technical friction for merchants, preserve the merchant as merchant-of-record if desired, and provide secure, tokenized payment flows to avoid exposing raw card data.

Agent-to-Agent and Model Context Protocols​

• The ecosystem includes related primitives such as Agent2Agent and Model Context Protocol (MCP), which handle context passing between agents and allow agents to share structured product context with models. These are important when shopping journeys traverse multiple agentic surfaces or require complex context (e.g., saved preferences, past orders, loyalty details).

Payment and merchant identity​

• Merchant participation can be integrated via APIs or via store-sync programs that platforms offer. Participation models vary: some integrations let the merchant remain the merchant-of-record and control fulfillment, others route the payment through the platform or a payment partner.
• Secure token exchange (PCI-compliant patterns or platform tokenization) is critical to enabling frictionless agent payment while preserving security and fraud controls.

---

The upside: why merchants should seriously consider enabling agent access​

• New demand funnel: Agents capture intent earlier and can answer customer prompts in natural language, surfacing products when users are ready to buy. That’s a huge funnel expansion if you rank well in agent answers.
• Zero-click conversions: For some shoppers, discovery and checkout happen inside the agent interface — merchants that opt in will capture these conversions directly.
• Lower friction for high-intent buyers: Conversational discovery + instant checkout shortens path-to-purchase, often increasing conversion rates for well-matched products.
• New attribution and brand exposure: Agents can drive orders for brands that previously relied on marketplace routing — when integrated properly merchants remain the point of sale and customer relationship.
• Competitive parity: As major platforms (Google, Microsoft, OpenAI, Perplexity) enable agent commerce, any merchant that refuses agent access risks losing comparable share-of-voice to competitors who do participate.

These advantages are more pronounced for products that are decision-driven (appliances, furniture, electronics) and for merchants with strong catalog data and logistics capabilities.

---

The risks — why “allow all” is not the right answer​

Opening your catalog to agents without constraints invites new operational and reputational hazards.

Revenue and attribution risks​

• Zero-click disintermediation: Discoveries that once produced referral traffic to your site may convert inside an agent, reducing site clicks and reducing direct ad ROI.
• Price undercutting and arbitrage: Agents may display aggregated pricing data; competitors and aggregators can exploit this to undercut offers.

Data, privacy, and compliance​

• Data leakage: Exposing deeper product context, inventory signals, or customer-specific prices to agents can risk leakage if not properly scoped.
• Regulatory scrutiny: Agent platforms that collect and combine user data and merchant signals can create privacy and consumer protection questions. Merchants must assess GDPR, CCPA, and contract terms.

Fraud and fulfillment​

• New fraud vectors: Instant checkout and token handoffs increase the risk of fraud patterns unfamiliar to traditional storefront defenses. Chargebacks and disputes may rise if the agent’s UI obscures seller identity or shipping expectations.
• Supply chain & returns: A sudden shift of traffic from full-site buyers to agent-initiated orders can stress fulfillment and returns processes, especially for merchants with thin margins.

Brand control and discovery quality​

• Bad recommendations and brand damage: Agents that rely on sparse metadata or third-party signals can misrepresent your products, harming conversions and trust.
• Vendor dependency: Heavy reliance on any single platform’s agent ecosystem creates strategic dependency and negotiates your terms at scale.

---

Tactical guidance: how to manage AI agents — monitor, enable, protect​

The right posture is selective access combined with active controls. Below is a prioritized, practical roadmap of steps merchants should take.

Phase 0 — Quick audit and risk triage (0–2 weeks)​

• Inventory your product data and feeds. Identify gaps: missing attributes, absent use-case content, poor images, or missing SKU-level metadata.
• Review your robots.txt and crawler policies. Audit current blocks to see whether you are already blocking agent crawlers or open APIs.
• Map current attribution and conversion metrics from organic search and paid channels to create a baseline.

These quick wins establish what you have, what you block, and how you measure change.

Phase 1 — Protect the core, enable the channel (2–8 weeks)​

• Implement an allowlist approach for agent integrations rather than opening everything publicly. Enroll in official platform programs (Instant Checkout, Copilot Checkout, UCP/ACP programs) where available.
• Expose a controlled product feed or agent-ready endpoint. This can be a secure API or a published data feed that includes expanded attributes but omits sensitive business signals (e.g., supplier costs, real-time secret inventory).
• Add a deep Q&A layer to product pages and APIs: scenario-driven answers, compatibility notes, and common buyer questions. Put these behind your agent-facing feed so models can surface them without scraping page markup.
• Implement tokenized payment flows and ensure PCI compliance for any agent checkout paths. Use established PSP integrations (Stripe token flows, PayPal integrations) through platform programs when possible.
• Configure rate limiting, request authentication, and monitoring for agent requests. Track agent-specific metrics in logs.

Phase 2 — Optimize for agent conversions (2–6 months)​

• Expand and normalize extended attributes: materials, dimensions, use-cases, complementary goods, typical buyer archetype, and standardized taxonomy fields (brand, category, subcategory).
• Build test agent flows in a sandbox and measure agent conversion rate, AOV, refund rates, and fraud signals separately.
• A/B test product presentation and recommendation prompts tailored to agent interactions — agents respond differently to structured content than browsers do.
• Integrate returns and fulfillment flows with agent-sourced orders so that the post-purchase experience matches or exceeds direct-site standards.

Phase 3 — Operationalize and diversify (6–12 months)​

• Treat agent channels like marketplaces: set margin rules, promotional schedules, and rules for items excluded from agent sales.
• Automate anomaly detection for pricing, volume spikes, or fraudulent patterns unique to agent orders.
• Negotiate participation terms with platforms where possible to preserve merchant-of-record status, control over pricing, and visibility into customer data.
• Reassess marketing and SEO budgets and attribution models. Expect to shift spend toward generative engine optimization (GEO) — content designed for agent surfacing — as part of long-term strategy.

---

Practical rules for crawler/block policies​

• Do not reflexively block all crawlers in robots.txt. Many agents and platform integrations rely on API access or controlled crawling to discover products.
• Use robots.txt and structured crawl rules to block hostile or unknown crawlers, but allow authenticated agent access for known partners.
• Use a layered approach: public robots + private agent feed + authenticated ACP/UCP endpoints. This keeps casual scraping out while enabling legitimate agent commerce.
• Monitor traffic patterns for unusual user-agent strings, spikes in API calls, and repeated scraping attempts; deploy rate limits and CAPTCHAs where agents are not part of an official program.

---

Data and content: what to give agents (and what to withhold)​

Merchants must balance usefulness and protection. Provide agents with the following to maximize buyability:

• Complete product metadata: SKU, variants, colors, sizes, dimensions, weight, materials, and standardized taxonomy values.
• Customer-facing use cases: “Works best for X,” installation guidance, compatibility notes, and ideal room/type scenarios for consumables and durable goods.
• Structured Q&A: Frequently asked questions and model-ready answers that help agents resolve shopper intent quickly.
• Policy and service data: Shipping windows, return policies, warranty details, and fulfillment options that matter at checkout.

Withhold or tightly control exposure of:

• Backend cost structures, supplier details, internal inventory reallocation heuristics.
• Proprietary promotional algorithms or real-time pricing signals that can be gamed by competitors.
• Any PII or customer-identifying signals unless the platform’s contract and technical flow guarantee proper data handling and consent.

---

Attribution, analytics, and measurement​

A robust measurement plan is essential to know whether agent participation helps or hurts.

• Track agent-sourced conversions as a distinct channel. Instrument token flows so agent orders include an agent identifier.
• Monitor key metrics separately for agent orders: AOV, repeat purchase rate, returns, fraud rate, and lifetime value.
• Use short-term and long-term attribution: immediate conversion lift vs downstream revenue from agents vs lost site visits and cross-channel lift.
• Keep a watchful eye on customer service metrics — agent orders that produce higher support loads are a cost that may negate revenue gains.

---

Contractual and legal considerations​

• Read any agent platform’s merchant agreement carefully. Look for clauses about merchant-of-record status, data-sharing, pricing control, and liability for fraud and chargebacks.
• When platforms offer “instant buy” with a platform payment provider, clarify who owns customer identity, how disputes are resolved, and who handles returns.
• Update privacy policies and customer-facing terms to reflect agent-initiated purchases and any data sharing required by agents.

---

Operationalizing fraud controls​

Agent commerce adds friction points that fraudsters will test. Recommended controls:

• Require platform-provided identity verification where available (device signals, account ownership checks).
• Use tokenized payment flows and enforce risk-scoring on token redemptions.
• Keep robust cancellation windows and clear return policies; make sure agent UIs make the seller identity explicit.
• Flag and review orders that have unusual shipping patterns or high-value, high-velocity purchases.

---

Strategic playbook: practical scenarios​

For marketplaces and high-volume merchants​

• Prioritize enrollment in official programs (UCP/ACP) and maintain merchant-of-record status.
• Invest in rich attribute taxonomies and agent-ready product feeds.
• Allocate product-specific promo budgets to agent channels to test elasticity.

For SMBs and niche retailers​

• Start with a gated agent-feed approach: offer a curated portion of your catalog via partner programs to test conversion and fulfillment.
• Use agents to drive discovery for SKU bundles and high-margin items rather than commoditized low-margin SKUs.

For direct-to-consumer brands​

• Emphasize brand narrative and model-ready Q&A so agents surface your brand’s unique value.
• Preserve direct customer relationships by negotiating data-sharing and identity controls with platforms.

---

What to monitor ongoingly (KPIs)​

• Agent-sourced orders (volume and revenue)
• Conversion rate for agent recommendations
• Average order value (AOV) for agent vs site
• Refund and chargeback rates for agent orders
• New-customer share from agent channels
• Customer lifetime value (LTV) evolution for agent-sourced cohorts
• Traffic delta to your site (click decline % vs baseline)

These metrics allow merchants to make data-driven decisions on the scale and scope of agent participation.

---

Common misconceptions — and cautionary language​

• “Agents will steal all my traffic.” Not immediately. Most shoppers still start journeys in familiar places; agents accelerate some conversions and reduce clicks for certain intents. But the mix will shift and needs active management.
• “If I block all bots, I’m safe.” Blocking is short-term safety that can look like strategic blindness in a world where platforms route high-intent buyers to merchants only if merchants opt in or make catalog data available.
• “Agent protocols guarantee merchant control.” Standards like ACP and UCP aim to preserve merchant relationships, but the commercial terms and default UX choices of agent platforms can still influence who owns the customer relationship. Negotiation and careful integration remain necessary.

Where claims about future traffic shifts or exact user numbers are cited, treat them as estimates: platform user metrics change rapidly and are often proprietary. Traders, analysts, and vendors will publish projections; use them for planning, not as firm commitments.

---

Recommended immediate checklist (actionable)​

• Run a 30-minute executive briefing: outline agent channel risk and opportunity for your board or leadership team.
• Audit product metadata completeness and catalog readiness within 7 days.
• Identify and whitelist trusted agent partnerships; strategically allow access to an initial catalog subset.
• Implement tokenized checkout or enroll in a platform program for ACP/UCP compatibility within 30–90 days.
• Instrument analytics to capture agent order signatures and track KPIs from day one.

---

Conclusion: don’t reflexively block — govern and onboard​

AI agents represent a fundamental reorientation of the shopper journey. Blocking them indiscriminately is a defensive posture that risks excluding your brand from where many buyers will soon choose to shop. That said, blindly opening your site to every crawler is equally dangerous. The pragmatic middle path is to govern access: selectively enable agent commerce through authenticated, tokenized endpoints and platform programs; enrich product data and Q&A to win recommendations; and maintain tight operational controls over fulfillment, returns, and fraud.
Merchants who treat agentic commerce as a managed channel — instrumented, contracted, and optimized — will capture early-mover advantages and protect their brand and margins. Those who reflexively block agents may find themselves sidelined by a shopping ecosystem that increasingly expects to discover, evaluate, and even buy without a traditional click. Prepare now, measure carefully, and iterate: the agentic era rewards merchants that are both generous with the right data and ruthless about protecting the rest.

---

Source: Practical Ecommerce Ask an Expert: Should Merchants Block AI Bots?