The Agentic Commerce Report

Ulta Beauty deployed a Google Gemini-powered checkout assistant this week ¹, integrating conversational product guidance with direct purchase completion via Google Pay. The assistant handles product recommendations, shade matching for cosmetics, and checkout without leaving the conversation interface. Google’s security team simultaneously published an empirical study on prompt injection in agentic commerce systems ², documenting attack patterns and success rates across a controlled sample of deployed agent checkout deployments.

The Google Security study catalogued five injection vector categories — system prompt override, tool-call manipulation, data exfiltration via crafted merchant responses, session token hijacking, and scope escalation — and measured success rates against a panel of anonymised deployed systems. The methodology cites vulnerability patterns consistent with those described in Visa’s PERC report from November 2025 ³, extending that qualitative taxonomy with quantitative measurements.

The Universal Commerce Protocol (UCP) Tech Council announced additional member organisations this week ⁴, expanding the standards body formed in January 2026 ⁵. Ulta Beauty’s Gemini deployment is the first specialty retailer pilot in the dataset, following large-format retail (Walmart ⁶) and marketplace (Amazon Rufus ⁷) deployments earlier in the tracking period.

Three lanes active in the same week — Pilots, Security, and Standards — matches the multi-lane density of w42, w47, and w13. The Security lane recorded its second event, the first being the Visa PERC report eighteen weeks prior ³; the injection study is the first empirical/measurement publication in the security category.