Sunday, June 14, 2026

— A weekly publication —

The Agentic Commerce Report

A weekly read of everything that moved in agentic commerce — protocols, payment rails, retailer pilots, regulation. Summarised, sourced, and stitched to what came before.

Ulta Beauty Deploys Gemini Checkout; Google Publishes Prompt Injection Study

Issue 20April 20–26, 2026Synthesised from 7 sources

Edited by Reviewed against primary sources

Ulta Beauty deployed a Google Gemini-powered checkout assistant this week 1, integrating conversational product guidance with direct purchase completion via Google Pay. The assistant handles product recommendations, shade matching for cosmetics, and checkout without leaving the conversation interface. Google’s security team simultaneously published an empirical study on prompt injection in agentic commerce systems 2, documenting attack patterns and success rates across a controlled sample of deployed agent checkout deployments.

The Google Security study catalogued five injection vector categories — system prompt override, tool-call manipulation, data exfiltration via crafted merchant responses, session token hijacking, and scope escalation — and measured success rates against a panel of anonymised deployed systems. The methodology cites vulnerability patterns consistent with those described in Visa’s PERC report from November 2025 3, extending that qualitative taxonomy with quantitative measurements.

The Universal Commerce Protocol (UCP) Tech Council announced additional member organisations this week 4, expanding the standards body formed in January 2026 5. Ulta Beauty’s Gemini deployment is the first specialty retailer pilot in the dataset, following large-format retail (Walmart 6) and marketplace (Amazon Rufus 7) deployments earlier in the tracking period.

Three lanes active in the same week — Pilots, Security, and Standards — matches the multi-lane density of w42, w47, and w13. The Security lane recorded its second event, the first being the Visa PERC report eighteen weeks prior 3; the injection study is the first empirical/measurement publication in the security category.

Events this issue

3 events
Security
research

Google Security Blog: 15,300 prompt injection instances found across 11,700 web pages

Empirical study finds 32% rise in malicious injections from Nov 2025 to Feb 2026; payment-fraud payloads targeting agents with PayPal and Stripe capabilities are among the most common.

The Google census is the first quantified, web-scale measurement of in-the-wild AI agent security threats via prompt injection in this archive, providing the empirical complement to Visa PERC's dark-web-mention figures (2025-w47-security-visa-perc-fall-2025-threats). The PayPal and Stripe targeting maps directly to the agent payment stacks built on Mastercard Agent Pay's PayPal integration (2025-w44-payments-mastercard-paypal-integration), Stripe-OpenAI's ACP (2025-w40-payments-stripe-openai-acp-instant-checkout), Stripe's Suite (2025-w50-payments-stripe-agentic-commerce-suite), and the Gemini-Stripe integration (2026-w18-aeo-stripe-google-gemini-checkout). The 32% rise figure documents threat-surface growth across the same months that production agent payments reached near-universal card coverage (2026-w18-payments-mastercard-agent-pay-q1-milestone). Together with the FIDO Alliance Agentic Auth working group (2026-w18-standards-fido-agentic-working-groups), the study anchors the Security lane with measured baselines.

  1. Google Security Blog
Standards
launch

Amazon, Meta, Microsoft, Salesforce, and Stripe join Universal Commerce Protocol Tech Council

Ten-member governance body now spans retail, social commerce, cloud infrastructure, enterprise software, and payments, signalling broad industry convergence on UCP.

The five additions extend the Universal Commerce Protocol Tech Council (2026-w02-standards-google-ucp-launch) from a retail-and-payments group into a cross-category governance body. Amazon's inclusion is structurally notable given its first-party agent posture in Rufus (2025-w47-pilots-amazon-rufus-auto-buy) and its litigation against Perplexity's Comet browser (2026-w11-regulation-amazon-perplexity-court-order). Meta brings social commerce, Microsoft brings the Copilot Checkout consumer surface (2026-w02-payments-microsoft-copilot-checkout), Salesforce brings enterprise CRM, and Stripe brings the processor layer it already operates across ACP (2025-w40-payments-stripe-openai-acp-instant-checkout) and its own Suite (2025-w50-payments-stripe-agentic-commerce-suite). The expansion places UCP alongside the Linux Foundation's AAIF (2025-w50-standards-linux-foundation-aaif) and the FIDO Agentic Auth working group (2026-w18-standards-fido-agentic-working-groups) as a multi-stakeholder governance body. The council now totals ten members.

  1. Newsfile Corp
Pilots
pilot

Ulta Beauty deploys Gemini-powered shopping agent and UCP agentic checkout at Google Cloud Next

Ulta AI launches on Ulta.com via Gemini; UCP-enabled agentic checkout goes live inside Google AI Mode and the Gemini app for Ulta products.

Ulta is the first retailer to ship a live Universal Commerce Protocol checkout flow inside Google AI Mode and Gemini, eleven weeks after UCP's NRF launch (2026-w02-standards-google-ucp-launch). Ulta AI on Ulta.com pairs first-party deployment with UCP-enabled agent surfaces, mirroring the dual posture Walmart adopted after retiring centralised checkout (2026-w13-aeo-openai-instant-checkout-shutdown, 2026-w13-pilots-walmart-chatgpt-conversion-data). The launch sits inside the AI Mode shopping expansion (2026-w07-aeo-google-ai-mode-shopping-expansion) and precedes the Universal Cart launch (2026-w21-aeo-google-universal-cart) by four weeks. Beauty is the first vertical to receive a dedicated UCP retailer deployment, joining apparel and marketplaces represented in Stripe's Agentic Commerce Suite launch partners (2025-w50-payments-stripe-agentic-commerce-suite). The deployment doubles as the flagship case study for the Google Cloud Next 2026 stage.

  1. Google Cloud Press Corner