Agentic bots outsmarting checks

HUMAN recorded a 6,900% surge in AI-agent traffic in 2025 that produced measurable commerce activity and attack [patterns humansecurity.com]. Transmit Security warned enterprises that, without agent-aware controls, fraud losses could increase by as much as 500% as agents blind traditional detection [layers businesswire.com]. Google formally unveiled the Agent Payments Protocol (AP2) on Sept. 16, 2025 as an open protocol for agent-led [payments cloud.google.com]. The AP2 codebase and docs show an A2A extension and early v0.1‑alpha artifacts describing agent roles and interoperability requirements for [payments github.com]. Stripe documents its Agentic Commerce Protocol (ACP) in developer docs marked as a private preview for integrators and [PSPs docs.stripe.com]. Stripe confirmed commercial pilots with partners such as Wizard — announced March 10, 2026 — and links ACP work to prior integrations with OpenAI and Microsoft Copilot in merchant [pilots retailitinsights.com]. AgentFacts has published a v0.1 draft specification and an arXiv paper (June 2025) proposing cryptographically signed “agent cards” to record identity, tools, and [provenance github.com]. An open‑source AgentFacts SDK reached PyPI as version 0.1.0 on Jan. 20, 2026, providing Ed25519‑signed agent profiles and verification tooling for [implementers pypi.org]. Microsoft engineering posts describe a Trust Imprint Protocol and a “Sovereign Agent Manifesto (V2026)” that specify a revocable Secure Identity Key (SIK) and a 900+ item success corpus for provenance and revocation [testing techcommunity.microsoft.com]. The EU’s eIDAS 2.0 framework has been in force since May 2024 and the Commission has published 22 implementing acts to support the rollout, with many compliance obligations — including mandatory acceptance of the European Digital Identity Wallet for regulated processes — set for December 2027. [deloitte.com]