AI-driven "agentic commerce" is rewriting how the world shops for Black Friday while the same technology fuels a record phishing wave.
Black Friday 2025 didn’t just break sales records — it broke the mold. For the first time, agentic AI assistants handled millions of online shopping decisions end-to-end, from sniffing out deals to auto-completing checkouts.
What used to be manual comparison shopping has turned into hands-off commerce, where a shopper can say, "Find me the lowest price on a PS6 bundle, make sure the seller isn’t sketchy, and order it if it hits under $399," and have the order placed automatically.
But while shoppers embraced AI-powered convenience, attackers did too. This season delivered a 620% spike in phishing attacks versus 2024 — most of it driven by the same generative AI tooling retailers deploy for offers and support.
Scammers are cloning retailer branding, spinning up fake storefronts at scale, and generating realistic phishing emails that dodge legacy red flags. Amazon impersonation alone accounted for 80% of Black Friday phishing attempts, according to multiple cybersecurity firms.
The result: the easiest Black Friday ever — and the most dangerous.
Note: The line between helpful agentic assistants and malicious AI automation is disappearing fast, and 2025 is the year both sides hit scale.
“Today’s phishing emails are almost indistinguishable from the real thing. AI has erased the amateurish red flags shoppers used to rely on.”
— Nathaniel Jones, Darktrace
Key analysis
This Black Friday delivered a double transformation:
- Retailers embraced AI to supercharge e-commerce.
- Attackers weaponized AI to scale fraud faster than retailers could respond.
1. Agentic commerce goes mainstream
“Agentic commerce” — buying journeys handled by AI agents, not people — crossed its adoption threshold this year. Surveys show:
- 42% of adults aged 18–34 used AI for Black Friday or holiday shopping.
- 85% of AI-assisted shoppers were comfortable with AI completing purchases automatically.
- Over half of global shoppers used AI to research or validate deals.
AI is no longer a search shortcut — it’s becoming the default interface for retail. Retailers now scramble to stay visible inside AI ecosystems; if SEO defined the 2010s, agent optimization defines the 2020s.
2. Generative AI supercharges phishing
Fraud squads now run the entire attack pipeline through AI: drafting phishing emails, cloning retailer sites, generating fake product reviews, and automating botnets. This season delivered:
- 620% increase in targeted phishing attacks.
- 500% rise in fraudulent sender domains.
- 250% surge in fake retail sites.
- 80% of impersonation scams targeted Amazon.
Scam emails now arrive with flawless grammar, immaculate branding, and dynamic personalization that matches legitimate campaigns.
Warning: Retailers that skip advanced bot management risk burning promo budgets and inventory on fake traffic long before human shoppers click checkout.
3. Security pressure on retailers
Recommended defenses for 2025 include blocking disposable email domains, enforcing multi-factor authentication, investing in bot-behavior analytics, hardening DKIM/DMARC, and layering light-touch identity checks at checkout. The goal is friction for attackers without friction for buyers.
4. The trillion-dollar arc
Agentic commerce is on track to drive trillions in annual retail spend before 2030. But spiraling fraud could force stricter identity verification, AI transparency rules, new fraud insurance models, and a shift away from direct website traffic as AI agents transact on shoppers’ behalf.
What leaders should do next
Immediate
- Retailers: Harden identity verification and bot defenses before Cyber Monday peaks.
- Consumers: Don’t click emailed deals — navigate directly or use official apps.
30-day checkpoint
- Audit AI-driven threat telemetry and share findings with fraud, security, and growth teams.
- Track domain churn, scripted browsing behavior, and unusual checkout flows.
Long-term
- Monitor emerging e-commerce AI regulations and disclosure rules.
- Evaluate AI-native fraud prevention partners that can meet agentic commerce speed.
- Train customer teams for AI-mediated interactions where bots talk to bots.
Stay ahead
Subscribe to The AMA Hub briefings for weekly intel on AI-fueled commerce and security. Need tailored guidance? Email newsroom@theamahub.com and our editors will respond.