Sunday, June 14, 2026

— A weekly publication —

The Agentic Commerce Report

A weekly read of everything that moved in agentic commerce — protocols, payment rails, retailer pilots, regulation. Summarised, sourced, and stitched to what came before.

Amazon and Perplexity Enable Consumer Purchases; Visa Documents Agent Threat Categories

Issue 7November 17–23, 2025Synthesised from 5 sources

Edited by Reviewed against primary sources

Amazon activated automated purchase capabilities within its Rufus shopping assistant this week 1, allowing users to complete product orders through conversational interaction without leaving the Amazon interface. Perplexity launched a direct-buy feature integrated with PayPal 2, the second AI search platform to connect purchase intent to payment processing in the same week.

Visa published its PERC (Payment Ecosystem Risk and Controls) fall 2025 report 3, categorising AI agent security threats across three domains: credential hijacking in multi-agent delegation chainsThe sequence of authorisation handoffs when one AI agent instructs another to act on a user's behalf., manipulation of agent decision logic through adversarial prompt injectionAn attack where malicious text in a webpage or response manipulates an AI agent into taking unintended actions., and replay attacks using captured agent authorisation tokens.

Amazon Rufus joins Walmart’s ChatGPT checkout 4 and Stripe’s Agentic Commerce Protocol (ACP) Instant Checkout 5 as the third major retail platform to deploy agent-initiated purchase capability. Perplexity’s PayPal integration mirrors the Stripe-ChatGPT model: an AI interface paired with an existing payment processor, neither of which owns the other’s infrastructure.

The Visa PERC reportVisa's annual Payment Ecosystem Risk and Controls report, cataloguing emerging fraud threats specific to AI agent transactions. is the first security-focused publication from a payment network addressing AI agent security threats. All three lanes active this week — Pilots, AEO, and Security — recorded first or second events in the same week; Security recorded its first event in the tracking period.

Events this issue

3 events
Security
research

Visa PERC Fall 2025 report: 450% rise in dark-web AI agent fraud mentions

Biannual threats report documents 450%+ increase in dark-web posts mentioning AI agents for fraud and 25% rise in malicious bot transactions targeting merchants.

PERC is Visa's biannual payments-ecosystem risk report, and this edition is the first to make AI agent security and agentic fraud a headline category. The 450% dark-web mention figure and 25% malicious-bot transaction rise quantify the threat surface that Visa's own Trusted Agent Protocol (2025-w42-payments-visa-trusted-agent-protocol) targets. The data is later corroborated structurally by Google's empirical prompt-injection census (2026-w17-security-google-prompt-injection-empirical-study), which finds 15,300 injection instances across 11,700 pages with payment-fraud payloads among the most common. Together the two studies form the only quantified bot-and-injection data in the Security lane of this archive. The report's release a week before Mastercard Agent Pay goes live (2025-w44-payments-mastercard-agent-pay-live-us) marks the moment production agent payments and measured threat data both arrived.

  1. Visa Newsroom
AEO
launch

Perplexity launches free shopping agent with PayPal Instant Buy

Perplexity releases US shopping agent with real-time merchant catalog browsing and PayPal Instant Buy checkout inside search results.

Perplexity's shopping agent extends real-time merchant-catalog browsing into an AI search interface, joining ChatGPT's Instant Checkout (2025-w40-payments-stripe-openai-acp-instant-checkout) and Amazon's Rufus (2025-w47-pilots-amazon-rufus-auto-buy) on the same week. PayPal Instant Buy provides the agentic-payments checkout primitive, drawing on the Agent Ready surface coverage PayPal announced five days earlier (2025-w44-aeo-paypal-agentic-commerce-services). The free-tier positioning contrasts with subscription-gated agent surfaces and broadens the AEO lane's addressable user base. Perplexity's later Comet browser becomes the subject of Amazon's preliminary-injunction case (2026-w11-regulation-amazon-perplexity-court-order), establishing the company as both a payments partner and a regulatory test case for third-party agent access to merchant accounts. The third week of November 2025 forms the densest cluster of consumer-surface launches in the AEO lane to date.

  1. CNBC
Pilots
launch

Amazon rolls out auto-buy and agentic upgrades to Rufus for 250 million users

50+ Rufus enhancements include autonomous auto-buy at target price for US Prime members; 250 million customers used Rufus in 2025, up 149% year-over-year.

Rufus is the first AI shopping assistant deployed at quarter-billion-user scale, running on Amazon-internal infrastructure rather than a third-party agent surface. The auto-buy capability moves Amazon from search-assistance into autonomous transaction territory previously associated with external agents using Stripe-OpenAI's ACP (2025-w40-payments-stripe-openai-acp-instant-checkout) or Mastercard Agent Pay (2025-w18-payments-mastercard-agent-pay). The 149% year-over-year growth figure anchors the demand-side context for Shopify's Q1 2026 AI-traffic disclosure (2026-w19-aeo-shopify-q1-2026-ai-traffic). Amazon's parallel posture toward external agents is reflected in the Comet court order four months later (2026-w11-regulation-amazon-perplexity-court-order), drawing a structural line between first-party agent deployment and third-party agent access to account-protected surfaces. Auto-buy is the first major retailer-deployed autonomous purchase feature at consumer scale in this dataset.

  1. About Amazon