Skip to content

CONCEPT Cited by 1 source

Agentic-commerce bot score

Definition

The agentic-commerce bot score is a per-payment classifier output on a checkout flow that estimates the likelihood the payment was made by a malicious bot rather than by a legitimate AI agent acting on a buyer's behalf. Disclosed by Stripe Radar at the 2026-05-27 Sessions roundup as a new signal on systems/stripe-checkout.

The hard problem

Pre-agentic-commerce, bot detection on checkout was approximately a human-vs-bot classifier — the absence of human-cursor jitter, mouse trails, dwell-time, and other browser-behaviour signals was diagnostic of bot traffic, and the policy response (block all bots) was uncontroversial.

Post-agentic-commerce, that classifier is the wrong shape. Per the post:

"As agentic commerce scales, distinguishing between legitimate agents acting on behalf of customers and malicious bots becomes increasingly important. Both are nonhuman traffic making purchases, but one is a customer's authorized agent, and the other might exploit your checkout to buy limited-availability inventory, abuse promotional pricing, or bypass purchase limits."

The classification surface is no longer human-vs-bot but authorised-agent-vs-malicious-bot. The two share the property of being non-human; differentiating them requires different signals.

Disambiguation signals (not disclosed)

The 2026-05-27 post acknowledges the problem but does not disclose the signal mix. Plausible signals (not in the post):

  • Identity of the agent surface — agents arriving via recognised agentic-commerce protocols (e.g. ACP) carry attestation that the malicious-bot population doesn't.
  • Stripe network density on the underlying buyer — if the customer + payment method are recognised across Stripe merchants (Radar's systems/stripe-radar#agentic-commerce-adaptation-2026-03-12|2026-03-12 network-density adaptation), the agent is more likely legitimate.
  • Velocity / inventory targeting — concentrated bursts on limited-edition inventory at promotion-launch boundaries signal malicious intent.
  • SPT presence — agentic- commerce-protocol-issued tokens carry merchant-attestable metadata that raw bot traffic doesn't.

Use as a merchant policy input

The bot score is not a hard-block decision by Stripe; it's a signal merchants use to enforce their own policies:

"You can use this score to enforce anti-scripting or anti-bot policies. For example, you could block automated purchases of limited-edition items or flag high-velocity orders for review."

The architectural shape is bot score on checkout — emit the classifier output at the checkout surface and let the merchant choose enforcement policy (block, throttle, queue, require human verification).

Distinction from sibling concepts

  • vs concepts/bot-vs-human-frame — that frame treats all bots as suspicious. The agentic-commerce bot score separates bot populations.
  • vs concepts/bot-safer-than-human — that concept is the inverse claim (bot traffic can be safer than human in some surfaces); applies upstream of this classifier.

Sibling cluster

The 2026-03-12 Stripe Radar disclosure described Radar's adaptation for legitimate agentic traffic (network-density signals replacing vanished human-behavioural fingerprints — see sources/2026-03-12-stripe-10-things-we-learned-building-for-the-first-generation-of-agentic-commerce).

The 2026-05-27 disclosure adds the inverse classifier (separating malicious bots from those legitimate agents). The two pieces are complementary halves of agentic-commerce fraud-detection: let the legit ones in, keep the malicious ones out, both via Radar.

Seen in

Last updated · 542 distilled / 1,571 read