*Applicable to everyone who shops online*

AI agents are about to start spending real money on behalf of real users — and most of our security models weren't built for it. When an agent browses a product page, reads a review, and clicks "buy," who is the principal? Who authorized the spend? What stops a prompt-injected review from draining a user's card?
This session walks through zero-trust patterns for agentic commerce: scoped and short-lived credentials, capability-based tool access, spend caps and velocity limits, intent verification, and audit trails that survive an LLM's account of what happened. We'll look at real threat models — confused deputies, prompt injection via product data, runaway autonomous spend — and the emerging standards (OAuth token exchange, Stripe and card-network agent payment specs, MCP authorization) developers can build on today.