As we approach Black Friday and the annual frenzy of online shopping a new report uncovers widespread vulnerabilities in major retail platforms as agentic commerce takes hold.

The research from fraud prevention specialist Data Dome shows that threat actors are exploiting the same automation paths used by consumers to automate browsing, comparison and checkout in order to scale account fraud with an army of fake shoppers.

The problem for retailers is that legitimate AI agents and malicious bots use near-identical account creation and login flows. The study, across 11 major e-commerce sites, shows 64 percent of retailers are vulnerable to mass fake account creation. 73 percent accept disposable emails, allowing attackers to spin up unlimited accounts using temporary inboxes.

Only 27 percent of assessed retailers implement effective bot detection that successfully

blocks automated account creation. In addition 36 percent have no MFA in place, leaving account creation flows dangerously open.

Login protections remain weak too, 82 percent allow automated login attempts without challenge, and 64 percent have no account lockout controls, exposing them to credential stuffing attacks.

The report’s authors conclude:

The e-commerce industry shows a concerning trend: while a handful of leading retailers have implemented sophisticated, multi-layer defenses, the majority remain vulnerable to automated account abuse, mass fake account creation, and credential stuffing attacks. Our assessment revealed that 64 percent of platforms fall short of baseline protections, and 18 percent are so exposed they lack even the most basic safeguards. Black Friday 2025 carries a high risk of widespread fraud, ranging from hundreds of thousands of fake accounts to large-scale account takeovers. The good news is that most critical vulnerabilities can be resolved within 24 to 48 hours; retailers who act now will be in a strong position to protect revenue, preserve trust, and stay one step ahead of AI-driven threats during the year’s most important sales window.

You can find out more on the Data Dome site.

Image credit: kjpargeter/depositphotos.com