Who’s Really Shopping? Retail Fraud in the Age of Agentic AI

**Executive summary:** This Unit 42 analysis examines how agentic commerce and the Universal Commerce Protocol (UCP) could be abused via indirect prompt injection—examples include payload poisoning that silently adds gift cards to a Cart Mandate and logic-hijacking that triggers instant refunds without verification—potentially enabling large-scale retail fraud, chargebacks, and reputational damage; the report recommends protocol guardrails, agent identity/reputation frameworks (Know Your Agent), and AI security assessments to mitigate these risks.