Google’s Universal Commerce Protocol: Why the Future of Agentic Commerce Depends on Security
NDSS 2025 – ERW-Radar
The race to standardize agentic commerce just accelerated dramatically. Google’s Universal Commerce Protocol (UCP) is positioning itself as connective tissue between fragmented agent frameworks and payment systems, but even with standardized infrastructure in place, success hinges on solving a problem no protocol was designed to address: agent trust management.
On January 11, 2026, Google launched the Universal Commerce Protocol (UCP), an open-source standard designed to power the next generation of AI-driven shopping. Co-developed with retail giants including Shopify, Etsy, Wayfair, Target, and Walmart, and endorsed by more than 20 major partners spanning payment providers (Adyen, American Express, Mastercard, Stripe, Visa) and leading retailers, UCP represents the industry’s most ambitious attempt yet to standardize agentic commerce.
The scale of AI agent traffic is already substantial. DataDome saw a 4x increase in AI traffic in 2025 and detected nearly 1.2 billion requests from OpenAI crawlers alone in a single month. That agentic traffic is already impacting purchasing decisions, with 70% of consumers across the UK, US, and France using AI for shopping in the past 12 months. As e-commerce fraud continues to grow, the question becomes how quickly merchants can adapt their defenses to match the speed and scale at which autonomous agents operate across UCP, ACP, and emerging protocols.
The stakes couldn’t be higher. McKinsey projects that agentic commerce could generate $3 trillion to $5 trillion in global revenue, fundamentally reshaping how consumers discover and purchase products. But with this massive opportunity comes an equally massive security challenge, one that traditional fraud prevention systems simply aren’t equipped to handle.
What makes UCP a leading contender
Protocols addressing interoperability challenges are nothing new, but what sets UCP apart is the breadth of backing behind it. This coordinated industry response gives UCP a real shot at widespread adoption, particularly as agentic commerce scales and the cost of fragmentation becomes impossible to ignore.
Solving the N×N integration problem
Before UCP, every merchant needed custom integrations for every AI platform. Want to sell through ChatGPT, Gemini, Perplexity, and future AI assistants? That meant building and maintaining separate connections for each one, a scaling nightmare that would slow innovation to a crawl.
UCP collapses this complexity into a single integration point. Merchants implement UCP once, and any UCP-compatible AI agent can discover their capabilities, browse their catalog, and complete transactions. It’s like the difference between building a custom adapter for every device versus using a universal USB-C port.
The Google Merchant Center advantage
UCP has a critical head start that shouldn’t be underestimated: Google’s existing Merchant Center infrastructure already serves millions of SKUs from hundreds of thousands of retailers worldwide. This means UCP isn’t starting from zero. It’s leveraging the world’s largest product catalog that’s already structured, optimized, and live.
For merchants already using Google Merchant Center, UCP adoption is an extension of existing infrastructure rather than a ground-up rebuild. This distribution advantage gives UCP significant momentum in the race to become the industry standard.
Designed for flexibility, built for the future
UCP’s modular architecture allows businesses to choose which capabilities they want to support:
Product discovery for AI agents researching on behalf of users
Checkout for completing transactions directly within conversational experiences
Order management for post-purchase support, tracking, and returns
Extensions for specialized functionality like loyalty programs and discounts
Critically, UCP maintains compatibility with existing protocols, including Agent Payments Protocol (AP2), Agent2Agent (A2A), and Model Context Protocol (MCP). UCP is also payment-rail agnostic by design, working seamlessly with Visa, Mastercard, Stripe, PayPal, cryptocurrency, and emerging payment methods.
This interoperability with complementary protocols and its payment-rail agnostic design positions UCP as connective tissue within the commerce stack, though merchants may still need to support multiple checkout protocols to reach all agent platforms, just as they support multiple payment methods today.
Merchants stay in control
Unlike closed ecosystems that insert themselves between merchants and customers, UCP ensures businesses remain the Merchant of Record. You retain ownership of:
Customer data and relationships
Business logic and pricing strategies
Brand experience and checkout customization
Direct communication channels
This merchant-first approach is why the protocol gained such broad industry support so quickly. Retailers want to participate in agentic commerce, but not at the cost of losing direct customer relationships.
The competitive landscape
While UCP has significant momentum, it’s not the only player. OpenAI and Stripe launched the Agentic Commerce Protocol (ACP) in late 2025, already powering real transactions through ChatGPT with merchants like Etsy and Shopify.
The reality? Merchants may need to support a multi-protocol ecosystem, just like they support Apple Pay, Google Pay, and PayPal today. The critical question isn’t which protocol will “win,” but how to secure agentic commerce regardless of which standard customers use.
The security gap in agentic commerce protocols
There’s a fundamental challenge these protocols don’t address: While UCP, ACP, and future standards regulate how AI agents interact with merchants, they don’t address which agents should be trusted or how to distinguish between legitimate shopping assistants and malicious automation. This is where Agent Trust comes into play.
Fraud detection signals transform
When customers shop through AI agents, the fraud detection landscape shifts fundamentally. Traditional signals don’t disappear, but many become less reliable or require reinterpretation. For merchants, the implication is clear: AI agents don’t just change fraud detection, they accelerate it, giving bad actors machine-speed capabilities while defenders scramble to adapt.
What changes:
Device fingerprinting now identifies the agent platform, not the end user’s actual device
Behavioral analytics reflect agent browsing patterns (rapid, systematic queries) rather than human navigation
Session context shows the agent’s research process, not direct indicators of customer intent
IP geolocation may show data center locations rather than consumer geography
What persists:
Payment credentials still trace to real cardholders
Shipping addresses still require physical delivery verification
Account history still reveals purchasing patterns
Transaction velocity checks still flag unusual volumes
The challenge isn’t that fraud detection stops working. It’s that fraud detection systems, whether ML models trained on decades of human browsing behavior or the brittle rules and signatures used by basic bot protection, need recalibration for agent-mediated transactions. When agents complete purchases in seconds, is that efficiency or fraud? When they query hundreds of products rapidly, is that helpful research or catalog scraping?
Merchants who adapt their signal weighting and develop agent-specific heuristics can maintain effective fraud detection. The question is whether you’ll build that expertise in-house or partner with specialists already defending against agent-mediated threats at scale with intent-based detection.
The growing risk adoption dynamic
Industry experts are increasingly concerned about the rapid adoption of agentic commerce protocols without corresponding security measures. Merchants face competitive pressure to adopt standards like UCP, as sitting on the sidelines means losing traffic to competitors who participate. But without proper security infrastructure, early adopters risk becoming vulnerable to scaled fraud attacks that exploit the new protocols’ capabilities.
The challenge is multifaceted: merchants need to support new API endpoints for agent interactions, implement new authentication mechanisms, and develop fraud detection approaches that work without traditional signals. The infrastructure requirements span reference architectures, runtime controls, privacy protocols, and integrated fraud prevention, all while maintaining seamless customer experiences.
The gap is clear—commerce protocols provide the rails for agentic transactions to run on, but offer no protection against bad actors hijacking the train.
The path forward
UCP represents a pivotal moment in the evolution of commerce. With backing from the industry’s largest players, Google’s existing Merchant Center infrastructure, and a technical architecture designed for flexibility and scale, it has significant momentum in the race to standardize agentic transactions alongside competitors like ACP.
But protocols are infrastructure, not solutions. The agentic commerce ecosystem will succeed only if the industry builds the complete trust layer that makes agent-driven commerce safe for merchants and customers alike, combining agent authentication with behavioral intelligence to verify both identity and intent.
DataDome has been preparing for this moment, building the agent classification, intent detection, and trust frameworks that secure agentic commerce across all protocols, with the detection accuracy to distinguish legitimate agents from threats, the edge performance to operate at machine speed, and the dashboard transparency to understand exactly what’s happening in your agent traffic. As agentic commerce scales from billions to trillions in transaction volume, the merchants who thrive will be those who enable helpful agents while blocking malicious ones, regardless of which protocol standard ultimately prevails.
The future of commerce isn’t human or agent. It’s secure, trustworthy interactions regardless of who, or what, is making the request, and regardless of which protocol they’re using to do it.
Ready to assess your organization’s agentic commerce readiness? Download the Agentic Commerce Guide or book a live demo to learn more about DataDome’s Agent Trust management solutions.
*** This is a Security Bloggers Network syndicated blog from DataDome authored by Andrew Hendry. Read the original post at: https://datadome.co/agent-trust-management/universal-commerce-protocol/
About Author
