AI agents are pushing prices, inventory, and promotions into production. We make every change provable, consented, and logged.
Retailers are handing AI agents the keyboard: repricing, replenishment, markdowns, pushed live across thousands of stores. A hijacked or over-eager agent's change looks just as routine. We prove each agent, bind a person's consent to the exact change, and log it, so the right changes ship and the rest are held.
A clean change isn't an authorized one.
Consent is the difference.
This is the mechanism, not a screen. A hijacked or over-eager agent's price change looks exactly like an authorized one, so nothing downstream flags it. We bind a person's consent to the exact change: these SKUs, this price, these stores. An authorized change ships; anything outside it is held.
Agent·The agent
Every merchandising and ops agent carries a cryptographic identity, not a shared key a script can lift and replay.
Actions·The consent
A person's consent is bound to the exact change. A hijacked agent can draft one, but it can't forge the consent.
Agents are about to run your operation.
Nothing downstream tells authorized from hijacked.
Gartner projects at least 15 percent of day-to-day work decisions will run autonomously through AI agents by 2028, up from almost none in 2024. The reviews and approval windows built for human change were never meant to keep pace.
Autonomous agentic work decisions, projected to 2028
Share of day-to-day work decisions made autonomously through AI agents.
SOURCE . GARTNER, OCT 2024 (FORECAST)[1]
Walk the attacker's path.
We break it at every step.
The red-team view, not a scare story. Four steps the real retail breaches run, and the surface that ends each. Shared terminals and constant turnover make every one worse.
- 01
A call to the IT help desk. A locked-out employee, a password reset, and the network is open. One reset took a major retailer's operations down for weeks. [2]
InterceptPeopleCryptographic person-to-person proofing. The desk does not reset on a story; the caller proves who they are, or does not.
- 02
Credential stuffing and account takeover on the e-commerce, loyalty, and gift-card login. [3]
InterceptWebOrigin-bound FIDO2. Stolen-credential lists and proxy kits have nothing to replay, and the password friction behind abandoned carts goes too.
- 03
A refund, a return, or a loyalty change pushed through the contact center with a stolen identity.
InterceptVoiceCryptographic caller verification before any refund, reset, or loyalty change. Not the last four of anything.
- 04
A static API key in a checkout or inventory integration leaks, and a bot weaponizes it before peak.
InterceptMachine/WorkloadPer-call signed identity (RFC 7523). No static key sits in the integration to steal.
The key that drains your inventory or your gift-card float will not belong to a person.
Every surface a shopper, an associate, or an agent touches.
One identity across all of them.
The merchandising and ops agents and the e-commerce surface carry the most risk, so they lead. The rest of the attack surface is covered too.
Merchandising, pricing, and ops AI agents. Cryptographic identity, scoped and revocable.
E-commerce, loyalty, and gift-card login. Origin-bound, credential-stuffing-proof.
Shared POS, kiosks, and self-checkout. One tap per associate, no code on the drawer.
Contact-center returns and refunds. Verify the caller, not the story.
Help-desk and manager-override proofing. No reset on a phone call.
Checkout and inventory integrations. Every API call signed.
Store automation and bots. Ephemeral tokens, full attribution.
E-commerce and supply-chain workloads. Bound to where they run.
The rules already reach every terminal and every record.
We line up with both.
Two enforced requirements, what each asks for, and where we line up.
PCI DSS 4.0 . Req 8.4.2[4]
Since March 31, 2025, MFA is mandatory for all access to the cardholder data environment, every POS and admin terminal included, and phishing-resistant is the preferred factor.
Origin-bound, replay-resistant authentication at every terminal that touches card data, one identity per associate.
CCPA / CPRA[5]
California's privacy law reaches essentially every national retailer, and its regulator has begun issuing record fines over privacy and security failures.
Phishing-resistant access control and a signed record of who reached customer data. We line up with the access-control expectation, not the whole privacy program.
Every channel you opened became a way in.
The breaches that hit retail, the rules that followed, and what we cover against each.
- Effective Mar 31, 2025Regulation
PCI 4.0 made phishing-resistant MFA mandatory at every terminal that touches card data, the POS included.
Origin-bound auth at every terminalPCI Security Standards Council - 2025Incident
Attackers talked a major retailer's IT help desk into a password reset, then took operations down for weeks.
Cryptographic caller proofingComputing - Sep 30, 2025Regulation
California's privacy regulator issued its largest fine yet against a national retailer over privacy and security failures.
Signed record of who reached customer dataCalifornia Privacy Protection Agency (CPPA) - Oct 2024Shift
Retailers started handing AI agents production changes, and a hijacked agent's change looks just as routine.
Additional sources
- RH-ISAC (citing Kasada Threat Intelligence)2025Estimate
Account-takeover and credential-stuffing volume against retail e-commerce and loyalty accounts is large and rising, with one industry study tracking millions of retail and hospitality accounts compromised over 18 months.
RH-ISAC (citing Kasada Threat Intelligence) - The Hacker News (citing Rubrik Zero Labs 45:1 and Entro Labs 144:1)2025-2026Estimate
Non-human identities (service accounts, API keys, tokens, workloads) outnumber humans by a wide margin, with reported ratios from about 45:1 to 144:1.
The Hacker News (citing Rubrik Zero Labs 45:1 and Entro Labs 144:1)
We make every identity in your stack provable.
A skeptical retail CISO has heard the pitch. Here's exactly how we slot in.
- 01
We lock down who can approve a void, an override, or a refund, with a signed record. Whether an item was scanned is a loss-prevention and computer-vision problem, and that stays yours.
- 02
We prove the shopper, the associate, and the agent. Your fraud and chargeback stack scores the transaction, and we sit alongside it.
- 03
Some legacy POS needs a gateway in front to take a modern authenticator. We map that with you up front.
- 04
We federate into the IdP and CIAM you already run, and make every identity on them cryptographic.
Map every shopper, associate, and agent you need to prove.
Book a 30-minute technical review.
Bring your POS and CDE terminal map, your e-commerce and loyalty CIAM, your help-desk reset flow, your agent and API inventory, and your seasonal-hire onboarding. We'll show you exactly what we cover, and where you still need it.