Twelve months ago, visitors arriving at US retail sites from AI assistants converted 38% worse than channels like paid search. By March 2026 the sign had flipped: AI-referred traffic converted 42% better, with 37% higher revenue per visit. Over the same twelve months, AI-driven bot attacks grew 12.5x.
Both of those lines describe automated traffic. Most defenses in production today treat them identically, which means they either tax your best-converting visitors or wave through your fastest-growing attackers, and usually both.
What an AI shopping agent actually is
An AI shopping agent is software that shops on behalf of a real customer. The customer states what they want (for example, "find me trail running shoes under €150, delivered by Friday"), and the agent compares options across stores and, increasingly, completes the purchase. It reaches your store in one of two ways, and the difference matters in practice.
Browser mode. Agents like Perplexity's Comet or ChatGPT's agent mode use your website the way a person would: they open pages, read them, fill in forms, click buttons. The differences are in how they move (straight to the right product page, no wandering, no hesitation) and where they come from, which is usually cloud servers rather than home connections. To your analytics this looks like a visit. To your bot detection it looks like automation, because it is. This is the mode reaching mid-market stores today.
Direct checkout mode. Here the agent skips your website entirely and talks to your store through a standardized digital channel. The Agentic Commerce Protocol, built by OpenAI and Stripe and already live as Instant Checkout in ChatGPT, works like a structured conversation: the agent asks for a product, your store answers with price and availability, and payment goes through your existing provider. You still accept or decline each order, take payment as you normally do, and handle fulfillment and returns exactly as today. Google and Microsoft launched their own versions in early 2026. This mode is where agent shopping is heading; browser mode is what your store sees right now.
Why you want this traffic
The data is directionally consistent across large datasets.
AI-referred traffic to US retail sites grew 393% year-over-year in Q1 2026. Visitors arriving from AI assistants spend 48% more time on site, view 13% more pages, and generate 37% higher revenue per visit than other channels. Source: Adobe Analytics, April 2026, based on over one trillion retail site visits
The reason is simple: an agent shows up after the comparison shopping has already happened somewhere else. By the time it reaches your product page, it is there to buy. Shopify reports orders from AI-powered searches grew 15x year-over-year through 2025, and 39% of US consumers say they already use AI when shopping online.
The same pattern is reaching Europe. Traffic to UK retail sites from generative AI sources grew 180% year-on-year in March 2026, with AI-referred shoppers engaging 11% more than visitors from search, social, or ads — and Adobe finds the same machine-readability gaps limiting which UK retailers capture it. Continental data is thinner for now; every leading indicator points the same direction.
Two consequences follow. Blocking all automation now has a measurable revenue cost: the sale simply moves to the next store on the agent's list. And being readable by AI is now a sales factor: Adobe finds roughly a quarter of retail homepage content, and 34% of product page content, can't be read by AI assistants at all. An agent that can't read your product page doesn't ask for help; it recommends your competitor.
The identification problem
Three populations now share your traffic: humans, agents shopping for paying customers, and hostile automation dressed up as either. Telling them apart is now a core problem of e-commerce security. There is one cooperative mechanism, and one hard reality.
The cooperative mechanism is a kind of digital passport. Under an emerging standard called Web Bot Auth, legitimate agents attach a tamper-proof signature to every request, and your site can check that signature against keys the agent's operator publishes openly. Unlike a browser name or an IP address (both trivially faked), a signature can't be forged. The standard is becoming real infrastructure: Cloudflare verifies agents this way, and Visa and Mastercard are building their agent payment programs on it. If an agent carries this passport, you can serve it deliberately and on your terms.
The hard reality is that most agent traffic carries no passport, and even name-brand operators have been caught hiding. When websites blocked Perplexity's declared crawlers, Cloudflare documented it disguising itself as an ordinary Chrome browser and constantly changing network addresses to slip past the blocks, at 3 to 6 million undeclared requests per day across tens of thousands of sites. Amazon is suing Perplexity on the claim that its agent masquerades as a human. eBay has banned buy-for-me agents outright since February 2026.
So the passport sorts the cooperative minority. Everything else has to be sorted by how it behaves: the speed and order of requests, whether it interacts like a person, the technical fingerprint of its connection. And the merchants most exposed are the least equipped: a Marsh McLennan analysis commissioned by Imperva found that businesses under $100M in revenue face the highest share of bot-related incidents, at 57–63%, against global bot-related losses of $68–116 billion per year (The Economic Impact of API and Bot Attacks, 2024).
A practical posture, by area of your store
Two supporting moves cost nothing. Make your product information readable by machines (clear product data, accessible pages) because agent traffic only converts if agents can actually read you. And state your policy in robots.txt deliberately, knowing it works like a posted sign: it expresses your rules, it doesn't enforce them.
Is agent traffic already on your store?
Open your analytics and server logs, last 30 days:
- Visitors arriving from chatgpt.com, perplexity.ai, gemini.google.com, or copilot.microsoft.com
- Desktop-heavy visits with unusually direct paths: landing straight on a product page, straight to cart
- Spikes in requests for your product feeds and sitemaps
- Signature headers in your logs: the passport of a declared agent
- Checkout attempts coming from cloud-server networks but with otherwise clean, careful behavior
The first four are revenue arriving in a new shape. The fifth is the lane that needs scoring.
Frequently asked questions
What is an AI shopping agent?
Software that researches and increasingly completes purchases on behalf of a real customer, either by using your website like a person would, or by connecting to your checkout directly through a standard like ACP.
Should I block AI agents on my store?
A blanket block now carries a measured revenue cost: AI-referred traffic converts 42% better than other channels. Decide by area of your store and by whether the agent identifies itself, not by category.
How do I verify an AI agent is legitimate?
Look for the digital signature, the Web Bot Auth "passport" that can be checked against the operator's published keys. Browser names and IP addresses are not verification; both are routinely faked.
Does robots.txt stop AI agents?
It states a preference; it enforces nothing. Cloudflare's Perplexity findings showed declared blocks being evaded at the scale of millions of requests per day. Treat robots.txt as your posted policy, and behavioral detection as the lock on the door.
Get a free agent traffic report
If you want to know what share of your traffic is already agentic, and which lane it belongs in, we will map the automated traffic reaching your catalog, cart, and checkout and send back a short report. Request it here.