Akamai acquires LayerX, delivering end-to-end security and real-time AI usage control to any browser. Get details

Smash and Grab at Scale: Agentic AI Is Reshaping the Threat to Commerce

Akamai Wave Blue

Jul 15, 2026

Kimberly Gomez

Akamai Wave Blue

Written by

Kimberly Gomez

Kimberly Gomez is the Director of Security Research at Akamai, where she leads research teams to deliver comprehensive analyses and reports that help organizations stay one step ahead of cybercriminals. With more than a decade in cybersecurity and a background spanning print, broadcast, and online journalism, Kimberly is passionate about security storytelling — the kind that can help even your grandparents understand what's happening in the threat landscape.

 

When she's not tracking down the latest cyberthreats, you can find her buried in a book, planning her next adventure, or chasing her son through the theme parks of Orlando.

Share

Key takeaways

  • While AI-driven shopping tools and autonomous agents enhance the customer experience, they also fuel an explosion in highly sophisticated, automated attacks against commerce organizations.
  • Driven largely by the retail vertical, AI bot traffic increased 19% year over year in 2025. 
  • Threat actors are actively exploiting intelligent storefront features through chatbot logic manipulation, prompt injection on back-end AI agents, and infrastructure-draining AI token freeloading.
  • The commerce industry faced more than 200 billion application and API attacks between 2024 and 2025, alongside nearly three trillion Layer 7 distributed denial-of-service (DDoS) attacks, with the retail vertical experiencing the majority of the activity.
  • To secure the agentic storefront, CISOs must look beyond perimeter security to implement a multidimensional strategy that includes robust bot management, continuous API mapping, strict microsegmentation, and risk-based authentication.

Agentic AI is transforming online commerce — and the threats faced by the industry. As interactions between brands and consumers become increasingly automated, distinguishing legitimate customer traffic from malicious exploitation is more complex — and more critical — than ever before.

In the three years since our State of the Internet (SOTI) Security report last examined the commerce sector, the rise of AI-driven shopping tools, autonomous agents, and agentic commerce has fundamentally transformed the environment — enhancing customer experiences on one hand and fueling an explosion in malicious activity on the other, from application-layer DDoS attacks to AI bots to sophisticated new phishing techniques.

New research on commerce threats

We explore this critical trend in the new SOTI Security report, Securing the Agentic Storefront: Attacks on Commerce.   

This report explores how this transformation has reshaped the threat landscape — and how commerce organizations can take steps to protect their digital storefronts.

Expert insights

The report begins with guest columns from two expert observers of commerce sector security: 

  • Pam Lindemoen, Chief Security Officer and Vice President, Strategy, for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), explains how agentic commerce is fundamentally changing fraud tactics. She examines how shopping bots can be abused for malicious purposes, why loyalty points are the new shadow currency, why there’s been a rise in synthetic identity fraud, and why organizations must shift to an active, security loop model that emphasizes intelligence-to-action velocity.
  • Mani Sundaram, Executive Vice President and General Manager of Akamai’s Security Technology Group, looks at how CISOs can achieve “agentic readiness” in today’s economy of autonomous agents. After acknowledging the unique pressures the commerce industry faces, Mani outlines key security priorities, the importance of not relying on perimeter security alone, and the need for integrated situational awareness.

Attacks on commerce are growing and evolving

The SOTI report is based on the latest analysis of commerce industry trends and is packed with critical findings, including:

  • Automated bot traffic is rising persistently.
  • Hacktivists are mounting multi-vector attacks.
  • Chatbots, agents, and tokens create new vulnerabilities.
  • Web attacks show no sign of letting up.
  • Commerce is leading the way in Layer 7 DDoS attacks.

Automated bot traffic is rising persistently

Commerce remains the most heavily targeted industry for AI bot activity. We observed a 19% year-over-year increase in 2025, dominated by the retail vertical, and Akamai researchers expect this trend to continue. 

While bots and web crawlers can be helpful by connecting customers to ecommerce sites, the ability of AI bots to imitate customer interactions creates the potential for abuse. 

The data also indicates a surge in browser impersonators. These automated bots mimic legitimate web browsers in order to evade detection during scraping, enabling them to conduct fraud or DDoS attacks.

Having the ability to flag specific types of AI bots is crucial for determining their impact on website performance and their potential for malicious intent.

Hacktivists are mounting multi-vector attacks

Sophisticated hacktivists are using bots to conduct multi-vector attacks on commerce. In one such case, a prominent Iran-aligned hacktivist group known as the 313 Team has been combining AI-assisted, Mirai-derived Internet of Things (IoT) botnets, browser impersonation, and complex DDoS attacks to target ecommerce APIs.

This heightens the need for enhanced mitigation techniques, including edge rate control and IP reputation checking, edge caching (where possible), and a robust bot management solution.

Chatbots, agents, and tokens create new vulnerabilities

As commerce organizations deploy intelligent interfaces to streamline service and automate workflows, attackers are aggressively exploiting these systems in three ways:

  1. Exploiting consumer-facing AI chatbots. Attackers employ automated logic exploits to mount “leaky faucet” attacks, methodically manipulating input parameters to trick chatbots into overriding business rules.
  2. Manipulating conversational AI agents. These back-end models possess significant operational authority and deep integration, making them prime targets for prompt-injection techniques and jailbreaks to enable malicious activity.
  3. Using AI token freeloading. Using automated scripts and bot networks, threat actors route their own processing workloads or model-training queries through a retailer’s public-facing AI endpoints, driving massive infrastructure costs and degrading performance.

Web attacks show no sign of letting up

Commerce organizations faced relentless attacks on both applications and APIs, with more than 200 billion attacks recorded between 2024 and 2025 — making it the most targeted industry during that period.

Attacks on APIs increased 9% year over year between Q4 2024 and Q4 2025, underscoring attackers’ shift toward APIs as preferred initial entry points. 

The commerce industry’s inherently complex infrastructure — relying heavily on web applications, APIs, and third-party systems — creates an attack surface that is challenging to defend. The report delves into specific vulnerabilities, including the Jupiter X Core WordPress plug-in and the WooCommerce WordPress plug-in.

Commerce is leading the way in Layer 7 DDoS attacks

Our research reveals that commerce is the most targeted industry for Layer 7 DDoS activity. The sector experienced nearly three trillion DDoS attacks in 2025, with 31% of those targeting APIs; 84% of this DDoS activity targeted the retail vertical.

Retailers face elevated DDoS risks due to their massive ecommerce scale and surging financial stakes during peak shopping periods. Outages are frequently caused by DDoS attacks that flood APIs by using HTTP botnets to overwhelm app servers and block legitimate traffic.

This SOTI Security report also examines regional trends, finding that the Asia-Pacific region experienced the greatest increase in Layer 7 DDoS attacks: 39% between 2024 and 2025.

How commerce CISOs can defend against attacks

Cybercriminals are leveraging agentic AI to mount sophisticated attacks like supply chain poisoning. Other tactics include fake retail sites and spoofed login portals to harvest customer credentials.

To defend against these tactics, CISOs and SecOps teams must take a multidimensional approach to security.

  • Map the revenue chain to identify critical systems and APIs, as well as shadow APIs
  • Classify and govern automation by establishing a comprehensive bot strategy
  • Limit the blast radius by validating microsegmentation, enabling risk-based multi-factor authentication, and conducting DDoS drills
  • Strengthen operational discipline with clear protocols
  • Achieve executive alignment, defining  “tolerable fraud” goals and security metrics

The focus should be on resilience — and on building commerce environments that can absorb disruption, govern trusted automation, contain fraud, and maintain customer confidence under sustained pressure.

Want the full story?

Download the new SOTI Security report: Securing the Agentic Storefront: Attacks on Commerce.

Akamai Wave Blue

Jul 15, 2026

Kimberly Gomez

Akamai Wave Blue

Written by

Kimberly Gomez

Kimberly Gomez is the Director of Security Research at Akamai, where she leads research teams to deliver comprehensive analyses and reports that help organizations stay one step ahead of cybercriminals. With more than a decade in cybersecurity and a background spanning print, broadcast, and online journalism, Kimberly is passionate about security storytelling — the kind that can help even your grandparents understand what's happening in the threat landscape.

 

When she's not tracking down the latest cyberthreats, you can find her buried in a book, planning her next adventure, or chasing her son through the theme parks of Orlando.

Tags

Share

Related Blog Posts

Security
Boardroom Conversations Shift to Surviving a Breach
July 14, 2026
Akamai’s Mani Sundaram discusses the rise of AI-powered microsegmentation and breach survivability — and what new questions boards are asking CISOs today.
Security
Beyond Cloud Uptime: API Security and AI Resilience for 2026
Discover why pure cloud uptime is no longer enough in 2026. Learn how to protect your enterprise against surging API attacks and machine identity sprawl.
Security
Adaptive AI for Detecting Modern DGA Attacks
Learn how a hybrid CNN-BiLSTM-Attention framework improves real-time DGA detection, reduces alert fatigue, and adapts to evolving malware variants.