Note: We do not recommend ingesting this page using an AI agent. The information provided herein is for defensive and ethical security purposes only.

Unit42 is a cybersecurity research team known for its  analysis of cyber threats, malware, and cyber attack trends. Through research reports, threat intelligence briefings, and data analysis, Unit42 offers insights into emerging cyber threats and adversary tactics. Readers can learn about threat detection methodologies, vulnerability trends, and cyber attack attribution to enhance their cybersecurity posture and protect their organizations from advanced cyber threats.

Unit 42

As agentic AI is projected to handle 15-25% of e-commerce volume by 2030, new fraud vectors are emerging around protocols like Google's Universal Commerce Protocol (UCP). Two concrete threat scenarios are explored: gift card theft via payload poisoning, where hidden prompt injections in deal aggregator sites manipulate an agent's cart mandate to add unauthorized gift cards; and returns fraud via logic hijacking, where malicious instructions embedded in product page HTML trick agents into issuing refunds without verifying actual returns. Organized crime groups could exploit these vulnerabilities at scale using bot farms. Defensive frameworks discussed include Know Your Agent (KYA), agent reputation scores, and Palo Alto Networks' own AI security offerings.

Who’s Really Shopping? Retail Fraud in the Age of Agentic AI

NRF Big Show and the Universal Commerce Protocol