What is an AI shopping agent?
An AI shopping agent is software that shops on behalf of a person. Instead of a human opening your product page, choosing a size, and typing in card details, an assistant does it: it reads the catalogue, picks an item against the shopper's instructions, fills the cart, and submits the order through whatever interface your store exposes.
These agents are appearing inside tools people already use. OpenAI and Stripe shipped an Agentic Commerce Protocol that powers checkout directly inside ChatGPT. Google introduced the Agent Payments Protocol (AP2) with more than sixty payment and commerce partners. Visa and Mastercard both announced agent-payment programmes in 2025. The common goal is the same: let a trusted agent complete a real purchase at a real merchant.
How an agent reaches your checkout
Most stores already expose a machine-readable path to checkout, even if the owner never thinks about it. On WooCommerce it is the Store API (wc/store/v1). On Shopify it is the storefront and checkout APIs. These exist so that apps and front-ends can build carts and orders. An agent uses the same doors.
That means an agent does not need to defeat your theme or solve your form. It can request a product, build a cart, and post an order the same way a headless front-end would. If that surface is open, agent checkout is already technically possible on your store today. You can scan your store to see whether yours is exposed.
Why this is not the bot traffic you know
For a decade, automated traffic meant one thing to merchants: scrapers, scalpers, and card-testing fraud. The defensive reflex was to block anything that looked non-human. Agentic commerce breaks that reflex, because a shopping agent is trying to give you money, often on behalf of a customer who would have bought anyway.
There is also a new signal a scraper never had. A modern shopping agent can present a cryptographically signed mandate: a small, tamper-evident credential that says a specific person authorized a purchase, bound to a specific cart and a maximum amount. A scraper cannot forge that. This is the difference between guessing whether traffic is "human enough" and checking a signature that either verifies or does not.
A scraper reads your pages. An agent settles a basket. Telling them apart by behaviour is hard; telling them apart by a signed mandate is arithmetic.
The two questions every store will have to answer
As agent traffic grows, your checkout has to answer two questions it does not answer today:
- Is this an agent? Detected from standard signals such as Web Bot Auth and RFC 9421 HTTP Message Signatures, which let an agent identify itself with a verifiable signature rather than a guessable user-agent string.
- Is this agent authorized to spend? Answered by verifying its mandate against the real cart: the signed amount and the cart contents must match the basket your server actually built.
A store that cannot answer the first question treats agents as either invisible or as fraud. A store that cannot answer the second waves through anything that looks like an agent, authorized or not. Neither is a safe place to be once agents drive real revenue.
What this means for your store
You do not need to rebuild your shop. You need a layer at checkout that recognizes an agent, checks its mandate, and decides. Done well, it never touches human checkout: the verification only runs when an agent presents the signed headers, so ordinary shoppers see no change. That is exactly the layer Agent Gateway provides, and you can read how it works on WooCommerce or compare the underlying AP2 and ACP protocols next.