UNIT 42’s piece examines how agentic AI could reshape retail fraud, noting that agentic AI is forecast to handle nearly 15–25% of all e-commerce by 2030 and that agentic commerce could generate between $3 and $5 trillion in global retail revenue by 2030. It also warns of security risks, citing a World Economic Forum estimate that by 2028 one in four data breaches could result from AI agent exploitation, and detailing common ORC techniques such as gift card and returns fraud observed in the industry.
The article discusses how UCP-enabled agents, which can autonomously browse, summarise and interact with merchant sites, are vulnerable to indirect prompt injection, with scenarios including a hidden line-item gift card and a falsified return that could trigger an instant settlement. It cites statistics from the U.S.
Chamber of Commerce on ORC costs and growth, reporting about $700,000 in losses per $1 billion in sales and a 57% rise in ORC activities, while noting how AI-driven tools could enable large-scale fraud through bot activity. Published on 20 March 2026, the piece also references industry voices such as Wendi Whitmore and notes guardrails like AP2, Know Your Agent and agent reputation scores, urging retailers to engage with initiatives from the NRF Centre for Digital Risk & Innovation.
According to Google, the Universal Commerce Protocol provides tokenised payments and verifiable credentials to secure agent-to-backend communications, a point the authors use to frame mitigations alongside Unit 42 AI Security Assessments and Prisma AIRS offerings.