Demand is already here
The Shopify numbers are behavioral metrics, not survey answers. AI-referred orders grew nearly 13x year-over-year in Q1 2026. The conversion advantage held across 23 of 25 merchant categories. Shopify calls the cause journey compression: the discovery and comparison that used to take a customer five searches and a dozen pages across several days now happens inside one conversation, and the customer lands on your product page already decided.
The forecasts line up behind that behaviour. McKinsey estimates agentic commerce could orchestrate $3 to $5 trillion globally by 2030, with AI already the primary interface for discovery and comparison across France, Germany and the UK. Morgan Stanley puts US agentic shoppers at $190 to $385 billion by 2030 and reckons about 23% of Americans already bought something through AI in the past month, with groceries and household goods leading.
So why can't you buy yet?
The customer has moved and the question for any leader reading this is whether the rest of the stack has moved with them.
It hasn't. Look at what the platforms have actually shipped, and then unshipped. Scot Wingo's ReFiBuy framework grades agentic commerce on five levels: web links, product cards, a buy button, a shopping cart, and finally auto-buying without a human in the loop. Measured against it, the picture is one of advance and retreat. Google's Gemini is heading toward a shopping cart at level four, powered by the Universal Commerce Protocol (UCP), which Microsoft's Copilot has now adopted too. ChatGPT looked ready with its own Instant Checkout, then dropped it and fell back to product cards. Perplexity built shopping features and then shut them down. Anthropic's Claude hasn't entered the market at all.
Read that pattern carefully. The most capable AI companies in the world can ship discovery in an afternoon. They keep stalling at the same place: the moment money moves. That's not a coincidence and it isn't a UX problem because it's the point where someone becomes liable.
The blocker has a name
Here's what breaks when an agent pays and the rails underneath aren't ready. A customer disputes a purchase they say they never authorised. Who proves otherwise? An agent buys the wrong thing, or buys it twice, and returns and chargebacks climb. A regulated business, a bank, an insurer, an airline, can't show an auditor exactly who consented to what and when. For them, that isn't an inconvenience. It's a compliance failure, and it's a fraud opportunity wide enough to sink the channel before it starts.
This is why trust is the word every forecast reaches for, and Juniper is blunt that it's the number-one barrier. But trust as a feeling won't get a CFO comfortable. Checkout.com's research is the useful cold water here: a quarter of consumers say they will never delegate a purchase to AI, and 27% trust no organisation to run a shopping agent on their behalf. At the same time, 72% of merchants expect customers to adopt faster than they're prepared for. The people building this and the people meant to use it are looking at two different timelines.
What the trust layer actually is
Trust as a feeling is downstream of trust as an architecture. Break the architecture into three parts and it stops being a slogan.
- Delegation is valid customer authorisation: provable evidence that this specific person allowed this specific agent to do this specific thing, inside limits they set.
- Identity, which we write as trustedID, is verification of who the agent is and who stands behind it, so the human owner is never ambiguous.
- Context is the customer's own data, held in a store they control, so the agent can act for them without the customer handing their life over to a platform.
Get all three working and leave an audit trail behind them, and a regulated business can finally say yes.
None of this is hypothetical. Robinhood already ring-fences its trading agents in a separate account with different permissions from the human owner's real account. Banking-as-a-service lets a provider define the rules under which any new account is created and owned. Duncan Barclay's point, made in the same thread, is that you can keep the legal consent for a platform's agent outside the account structure entirely, so the payment provider on the other side always sees an unambiguously human owner. The mechanism exists. What's missing is the design judgment to assemble it for a given business, and the governance to defend it.