AI-driven traffic to U.S. retail sites grew roughly 4,700% over the past year, according to figures Visa cited when launching its Trusted Agent Protocol in October 2025. The response among most operators has been to call it a channel problem. New traffic source, new conversion gap, new vendor pitch deck. That framing is wrong, and the cost of acting on it shows up two budget cycles later, in the categories where agents reach the buyer before the brand does.
When an autonomous agent does the discovery, the comparison, and increasingly the checkout, the merchant is no longer talking to a person at the moment of decision. The merchant is exposing structured truth to a machine that has already filtered the field. The decisions that follow sit at the operating-model layer (catalog data, identity, fraud, loyalty, attribution), and they will outlast the marketing campaigns currently being built around them. Below are five structural bets that separate the operators who will compound advantage through 2027 from the ones who will quietly lose share they cannot see leaking.
1. Machine-readable commerce becomes the new shelf.
By the 2026 holiday season, agent-mediated discovery will favor the merchants whose product data, inventory, and pricing are exposed in structured, real-time form. Most catalogs are not.
A decade of e-commerce optimization was built around humans who scroll, hesitate, and re-read. Agents do none of that. They parse structured data, compare against constraints (price, fulfillment certainty, return policy, availability), and surface one or two options. If the merchant's data is incomplete, stale, or inconsistent across surfaces, the merchant is invisible. Not deprioritized. Invisible.
The early evidence is consistent with that diagnosis. ChatGPT now drives roughly 20% of referral traffic to Walmart, more than 20% to Etsy, nearly 15% to Target, and 10% to eBay, and yet conversion from agent-referred traffic significantly underperforms traditional channels in most catalogs. The cause is rarely consumer disinterest. When ChatGPT traffic does arrive, it converts poorly because products with incomplete data don't appear in agent recommendations, products with stale inventory create failed transactions, and products with inconsistent pricing across channels trigger checkout failures. The Shopify experience reinforces the point: the merchants who saw the fastest agent traction were the ones who had already invested in product data quality through Google Shopping or Amazon discipline.
The implication for the operating model is direct:
- Treat the catalog as production data, not marketing copy. Title, description, variant, price, and inventory must update at machine speed and stay consistent across every surface that agents read.
- Implement Schema.org Product markup as a baseline. This is the floor for being parseable, not the ceiling.
- Audit feed parity. A single SKU should not show three prices and two inventory states across Google Shopping, ChatGPT, Bing, and the merchant's own site.
- Measure agent-channel performance separately. Agent-referred sessions behave differently from organic search; reporting them in the same bucket hides the leak until it is structural.
2. The protocol stack will fragment before it converges.
Through 2027, operators will need to support multiple, overlapping agent-commerce protocols simultaneously. Betting on one is a category error.
The familiar pattern in payments and identity is convergence: one card network, one wallet, one identity provider per region. Agentic commerce is not converging on that timeline. Stripe and OpenAI co-developed the Agentic Commerce Protocol, with ChatGPT users able to buy from Etsy merchants directly in chat starting in September 2025. Google launched the Agent Payments Protocol with Coinbase and over 60 organizations, and in April 2026 donated AP2 to the FIDO Alliance to keep it platform-agnostic and community-led, releasing v0.2 with support for Human-Not-Present autonomous transactions. Visa, in collaboration with Cloudflare and partners including Adyen, Checkout.com, Microsoft, Shopify, Stripe, and Worldpay, released Trusted Agent Protocol in October 2025. Mastercard launched Agent Pay with its own acceptance framework, and expanded the program to Latin America and the Caribbean starting 2026 with regional partners including Evertec, Davivienda, and Yuno.
These are not the same primitive. ACP focuses on the checkout and merchant integration layer; AP2 defines the trust and authorization model through digitally signed mandates that are portable, verifiable, and revocable; Trusted Agent Protocol authenticates the agent itself before checkout. Visa has since released Intelligent Commerce Connect to act as a network-, protocol-, and token-vault-agnostic on-ramp that accepts Trusted Agent Protocol, Machine Payments Protocol, Agentic Commerce Protocol, and Universal Commerce Protocol traffic. That kind of abstraction layer will be useful, and it does not eliminate the underlying fragmentation.
This is where independent counsel matters. Most published analyses of which protocol to back are written by firms that resell one of them. Visa's published guidance favors Visa rails. Mastercard's favors its acceptance framework. Stripe's favors ACP. Each is internally honest; none is impartial. We don't sell any of them, so we'll say plainly: through 2027, the durable architectural bet is an adapter layer that lets the merchant accept agent traffic from any compliant protocol without rebuilding the storefront for each.
- Architect the adapter, not the bet. Build commerce APIs that can receive ACP, UCP, AP2, and TAP traffic without forking the checkout codebase.
- Separate the rails decision from the protocol decision. The card-network rail and the protocol that initiated the transaction are different layers; treat them that way in vendor evaluation.
- Treat protocol updates as production releases. AP2 v0.2 added Human-Not-Present support in 2026; equivalent updates will land across the other major protocols within the next 18 months.
- Renew merchant agreements written before 2025. Most do not address agent-mediated transactions, mandate-based authorizations, or delegated-payment tokens.
3. Identity and authorization split from checkout, and become a fraud surface.
By 2027, operators without an explicit agent policy will see fraud asymmetry that does not show up in any single quarterly report. The policy in question is what agents can buy, at what limits, with what authorizations and audit trail.
Card-not-present fraud was built around the assumption that a human is at the keyboard. Agents break that assumption cleanly. When an autonomous agent initiates a payment, current systems cannot answer basic questions: how to verify that a user gave an agent specific authority for a particular purchase, and how a merchant can be sure an agent's request accurately reflects the user's true intent without errors or hallucinations. The mandate model in AP2, the registration-and-verification requirement in Mastercard Agent Pay, and the agent-authentication step in Trusted Agent Protocol are each attempts to reconstruct intent cryptographically. None of them prevent fraud on its own. They create the surface on which fraud controls can operate.
The risk is rarely that agents are inherently malicious; the overwhelming majority act on behalf of legitimate consumers. Roughly 87% of all pages browsed by agents are product-related per HUMAN Security telemetry, signaling commercial intent rather than abuse. The primary fraud risks come from unauthorized actions, misconfigured permissions, and automation at scale, because AI agents can operate continuously and small issues can repeat quickly if they are not detected early. The 4,700% surge in AI-driven retail traffic includes both legitimate agents and malicious bots; the merchant boundary is currently the only place to tell them apart, and most fraud models tuned to human behavior misclassify agent traffic in both directions.
- Govern agent permissions as a first-class policy artifact. Define categories, limits, required authorizations, and audit-trail requirements. It functions as a fraud policy under a different label.
- Separate agent-channel fraud signals from human-channel signals. Existing models will reject good agents and accept bad ones until they are retrained on agent traffic.
- Require verifiable agent credentials at the merchant boundary. Trusted Agent Protocol, Mastercard Agent Pay registration, and AP2 mandates exist for this purpose; treat them as table stakes.
- Establish dispute and reversal pathways for agent-initiated transactions. New categories of dispute (authorized but unintended, intended but mis-executed) need explicit policy before volume scales.
4. The CAC math inverts where agents do the comparison.
When an agent ranks options by structured truth, paid acquisition loses leverage in the categories agents reach first. Brand and operational reliability become the moat.
A decade of digital marketing was built on intercepting the buyer's attention during deliberation: SEO, paid search, social ads, retargeting, influencer placement. Agents collapse deliberation into a ranked answer. If you're not in the first answer, you may not be seen at all; agents will favor sources that are clear, factual, and authoritative; once surfaced, friction is nearly eliminated, lifting conversion rates for the merchants ranked first. The determinants of inclusion are structured: price, availability, fulfillment certainty, return policy, brand trust signals.
The directional projections track. McKinsey projects $5 trillion in global agentic commerce volume by 2030; Morgan Stanley estimates $190–385 billion in U.S. e-commerce spending by 2030, or 10–20% of online retail; Bain forecasts 15–25% of e-commerce. On Black Friday 2025, AI-driven traffic to U.S. retail sites surged 805% year-over-year per Adobe, and AI-influenced sales reached $14.2 billion globally on that single day per Salesforce. Across Cyber Week 2025, AI and agents influenced one in five orders (roughly $67 billion in GMV per Salesforce). Most mid-market retailers will discover the marketing-leverage shift in the second half of 2026, when AI-referred traffic continues to underconvert and paid-search ROI compresses simultaneously. The shift is structural, and it does not reverse.
- Reallocate at the margin. Move incremental marketing dollars from awareness to operational reliability (fulfillment SLAs, return policy clarity, review integrity) that agents weight in ranking.
- Treat brand as a structured trust signal. First-party customer evidence (review counts, dispute resolution times, fulfillment accuracy) becomes a marketing asset only when it is machine-readable.
- Run agent-channel attribution separately. Existing multi-touch attribution tools were not built for the agent funnel; insisting on apples-to-apples reporting will hide the shift until it is already costly.
5. Loyalty programs migrate from interface to protocol.
Points, tiers, and personalized pricing have to be expressible to agents at the moment of purchase, or they are ignored by buyers who never see them.
Loyalty programs assume the buyer logs in, sees the offer, applies the points, and feels the relationship. Agents bypass all four steps. If the agent does not know the buyer is a Tier 2 customer with $40 in points and a free-shipping benefit, the agent will recommend a competitor whose machine-readable price beats the headline price the buyer is currently paying. The loyalty program is still on the books. It is no longer in the decision.
The platform response confirms the shift. Mastercard and PayPal expanded their partnership in October 2025 to integrate Mastercard Agent Pay into PayPal's wallet, bringing loyalty and stored-credential context into agent transactions across hundreds of millions of consumers and tens of millions of merchants. Walmart's in-ChatGPT app preserves account linking, loyalty, and Walmart payments specifically because OpenAI scaled back the universal Instant Checkout model in favor of merchant-controlled experiences within the agent surface. The pattern across platforms is consistent: loyalty has to be exposed in the agent flow, or it does not exist for that buyer.
- Expose loyalty status and benefits via the same APIs that serve the agent catalog. If an agent can see your inventory but not your buyer's tier, the offer is invisible.
- Treat loyalty as a data product with versioning, not a marketing campaign. The schema matters more than the creative.
- Sequence the migration to agent-readable loyalty before the next program redesign. Retrofitting after launch is more expensive than designing for it now.
The Decision Memo
For a board or executive committee weighing agentic commerce as a 2026 priority, five lines:
- Audit catalog readiness as a discoverability discipline with a named owner. Product data, inventory accuracy, and feed parity across every agent surface need to update at machine speed and stay consistent.
- Adopt an adapter posture on protocols. Build to receive ACP, UCP, AP2, and TAP traffic without forking the storefront. Do not bet on one winner before 2027.
- Establish an agent policy. Define what agents can buy, at what limits, with what audit trail, and how disputes flow. It functions as a fraud policy under a different label.
- Make loyalty agent-readable. If tier benefits and personalized pricing are invisible to agents at the moment of decision, they are not loyalty assets.
- Measure the agent channel separately. Define KPIs that distinguish agent traffic from human traffic across inbound, conversion, fraud, and dispute reporting. Aggregating them hides the shift.
Looking Ahead
The pattern operators recognize from prior platform shifts (search, mobile, marketplace) repeats here, and shortens. The merchants who treated mobile as a microsite project lost a decade of share they could not recover. The merchants who treated marketplace listing as an afterthought ceded category economics to the marketplace itself. Agentic commerce arrives at the speed of API integration rather than the speed of consumer behavior change, which means the gap between leaders and laggards will compound faster than in prior cycles. The institutional question is whether the operating model (product data, identity, fraud, loyalty, attribution) gets restructured deliberately or by accumulating workarounds. The first path produces an operator that compounds. The second produces an operator who, ten quarters from now, wonders why the categories that used to lead the P&L are now flat.
And if you are weighing how to sequence this on your own roadmap, we are here to help.
Honra is an independent technology advisory firm based in San Juan, Puerto Rico. We provide fractional CTO and CIO services, strategy, owner's representation, and implementation across software, data, and AI. Start an engagement.
