Agentic commerce and agentic AI are ushering consumers and merchants into a new era. According to McKinsey & Company, agentic commerce—AI agent-powered shopping acting on a human’s behalf—is transitioning us into a new era where AI can:
- Anticipate consumer needs
- Decide on shopping options
- Negotiate deals
- Carry out transactions
And do it all whilst aligning with human intent but operating independently. McKinsey & Company also predicts that by 2030, agentic commerce could generate $1 trillion in orchestrated revenue for the US B2C retail market. And that’s just the US market, let alone the global market—global predictions go as high as $3 trillion to $5 trillion.
That said, the new era of commerce is bringing inevitable AI-related security risks, with Visa experiencing a 25% increase in malicious bot-initiated transactions in the last 6 months, and the US as a whole experiencing a 40% increase (Visa). And just as agentic commerce is exploding, conveniently, Visa PERC found over a 450% increase in underground dark web community posts mentioning “AI Agent” in the last six months compared to the prior six months.
From AI fraud to malicious bot activity, the issues will creep in thick and fast. Below, we’ll explore the top security solutions for agentic commerce.
What is Agentic Commerce?
Agentic commerce is online shopping and transactions performed by autonomous AI agents acting on behalf of users or businesses. Humans don’t browse and click; AI does it for them. One of the most recent examples of this that you might have heard of is ChatGPT, which most of us know and love to use for the most random things, integrating its AI-powered shopping tool inside the platform called Shopping Research.
We’re quickly moving from simple AI assistance (like basic chatbots) to full AI autonomy and action in the shopping journey.
DataDome
Datadome agentic commerce security system is a leading, purpose-built bot and online fraud prevention platform. They effectively safeguard websites, mobile apps, and APIs in real time. And considering the risks and the fact that bad bots make up roughly 37% of all web traffic as of 2025 (with good bots accounting for more than half of website traffic), the solutions DataDome offers are incredible.
It has recently expanded into an “Agent & Bot Trust Management” solution, giving businesses granular control over which AI agents or bots to allow and which to block in the context of agentic commerce. DataDome’s cloud-based service operates at the traffic layer with 30+ global points of presence and uses lightweight integrations on the client or server side.
You can deploy it with minimal latency, processing each request in under 2 milliseconds without altering your infrastructure. Many online retailers, including large enterprises like Etsy and Petco, rely on DataDome to differentiate human vs. bot vs. AI traffic.
Key capabilities of DataDome include:
- Intent-Based AI Detection
- Granular Bot/Agent Control
- MCP Server Protection
- Seamless Deployment (50+ pre-built integrations)
Cloudflare Bot Management
Cloudflare Bot Management is a trusted bot mitigation solution integrated into Cloudflare’s global CDN and security network. Businesses of all sizes use it, and it’s so easy to deploy. All you have to do is enable it in the Cloudflare dashboard. Users also benefit from low performance overhead at Cloudflare’s edge.
As part of Cloudflare’s application security suite, this solution leverages the immense scale of Cloudflare’s network to detect and block malicious bots in real time, at the network edge, before they ever reach your origin servers.
Cloudflare’s ML models also train on hundreds of billions of requests per day, learning to recognize patterns of bad bots versus legitimate users across its entire customer base.
Key capabilities of Cloudflare Bot Management include:
- Multi-Method Bot Detection
- Comprehensive Threat Protection
- Minimal User Friction
- Simple Edge Deployment
Imperva Advanced Bot Protection
Imperva Advanced Bot Protection, formerly Distil Networks technology, is an enterprise-grade security solution for website, mobile apps, and API defense against all forms of automated threats.
Imperva has a sophisticated, multi-layered detection approach and has extensive expertise—Imperva has been a pioneer in bot mitigation for over a decade.
It can be delivered as a cloud service on Imperva’s edge or integrated with Imperva’s on-premises Web Application Firewall, making it suitable for large organizations with complex infrastructure. It can catch even the most stealthy bots, such as those that mimic human behavior or abuse business logic, while keeping false positives to a minimum.
Key capabilities of Imperva Advanced Bot Protection include:
- Multi-layered bot detection analyzes over 700 different data points from each request to determine if it’s coming from a human, a known good bot, or a malicious bot.
- Coverage of OWASP automated threats designed to mitigate all 21 OWASP automated threat categories.
- Granular controls and reporting through a sophisticated dashboard
- Flexible enterprise deployment that can easily sit in front of your infrastructure via DNS routing or CDN integration.
Agentic commerce is the future, and there’s no hiding from that or the fact that it is, and will continue to, bring enormous security risks. In our opinion, these are the top security solutions that will mitigate the risk.
