The AI bots weaponizing Black Friday shopping: now there’s a new one to watch!
AI is enabling bad bots to multitask and multiply while tech-savvy shoppers trying to snag deals via agentic browsers are opening themselves up to new threats, experts have warned.
-
AI bots dominate Black Friday shopping, hoarding limited-stock deals before human shoppers can purchase.
-
Advanced bots now blend inventory hoarding with account takeover tactics using compromised credentials.
-
New AI shopping assistants expose users to embedded malicious instructions and fraud risks.
-
Protect accounts with unique passwords, two-factor authentication, and automated breach monitoring tools.
The term Black Friday was first coined by US cops back in the 1960s to describe the chaotic traffic and crowds in shopping precincts generated on the day after Thanksgiving. Today, it could equally be used to describe the criminal activity that mirrors the retail frenzy during events such as Amazon Prime Day, Cyber Monday, and Black Friday.
And while the annual round of suspicious phishing emails and fake SMS texts for parcel deliveries hasn’t gone away, the most concerning threats this year are automated, scalable, remarkably good at mimicking human behaviour, and are largely driven by AI.
Why bad bots are everywhere
Bad bots are automated software tools that mimic human shoppers to exploit online stores. Instead of browsing or buying legitimately, they engage in high-speed, high-volume actions that give criminals an unfair advantage and cause real harm to both retailers and consumers.
Just a couple of years ago, attackers would have needed specialized scripts or custom bot frameworks to carry out these types of attacks. However, researchers are now warning of AI-enhanced tools that can mimic human behavior with precision.
According to Imperva’s 2025 Bad Bot Report, retailers are being overwhelmed by these automated systems, with a third of all retail web traffic now coming from bad bots. Advanced AI-driven bots account for nearly 60% of this traffic, and overall, bots now make up more than half of all internet activity, overtaking humans for the first time.
For retailers, defending against bots is no longer an edge-case problem but a default position. Imperva research found that retail sites collectively experienced 569,884 AI-driven attacks each day between April and September 2024.
For shoppers, their growing numbers translate into two major consequences: an inflated scarcity of desirable products as bots hoard inventory and heightened exposure to account compromise.
Grinch bot 2.0
The most visible impact comes from so-called “grinch bots,” automated systems that buy up limited-stock items, such as consoles, toys, and electronics, the instant they appear online.
By the time a human shopper reaches the page, the inventory has already been hoarded by automated buyers who then resell it at inflated prices.
Shaila Rana, Professor of Cybersecurity at Purdue Global, describes how highly evolved these bots have become. She notes that they no longer just target concert tickets or sneaker drops, but increasingly use residential IP addresses to appear authentic and even solve CAPTCHAs using AI.
“The bots use residential IP addresses to look like real shoppers. They solve CAPTCHAs with AI – we’ve even seen ChatGPT getting better at solving these… And the result here is that people can’t buy what they need, and resellers mark up prices more and more and more.”
Tim Burke, founder and CEO of Quest Technology Management, has observed entire checkout flows being completed in milliseconds. He explains that bots are now attacking APIs directly and imitating legitimate traffic so closely that retailers often fail to detect what’s happening until the stock is already gone.
“By the time a retailer becomes aware of what’s happening, the products are already sold through resale channels,” he says.
Credential stuffing
A second major bot-related threat is credential stuffing, a process in which attackers use stolen usernames and passwords from previous breaches to test them across hundreds of retail sites.
Many consumers reuse passwords – especially during the Black Friday period when they sign up for multiple accounts – and bots know this, exploiting it relentlessly.
Once inside an account, criminals can make unauthorized purchases using stored cards, drain loyalty points, redirect shipments to different addresses, or lock the legitimate owner out completely.
Clayton LiaBraaten, a senior industry expert at Truecaller, emphasizes how damaging this can be.
“Scammers deploy these automated tools to test thousands of stolen username and password combinations across different retailer sites…While deal-scraping hurts your wallet, info-harvesting hurts your identity.”
Former FBI cyber agents André McGregor and Jason Truppi, now co-founders of public safety resource ForceMetrics, warn that criminals are blending physical and cybercrime more than ever. According to their data, organized retail crime incidents rose by 57% between 2022 and 2023.
In their experience, credential attacks are now the most common method targeting retailers, making up more than 30% of all attacks. During busy shopping periods, these activities blend seamlessly into normal user behaviour, allowing criminals to exploit the seasonal chaos with ease.
According to Quest’s Burke, bots this year are becoming more sophisticated – blending automation with account takeover (ATO) tactics.
“Attackers no longer rely solely on stolen credit cards. They are also using compromised customer accounts to make orders that appear legitimate, then laundering the goods through grey-market resale or return-fraud schemes,” Burke explained.
“We’re also noticing seasonal abuse of affiliate and vendor portals. Attackers compromise a small partner’s credentials, use trusted access to impersonate legitimate business traffic, and then move deeper into the retail ecosystem.”
New kid on the block: agentic shopping assistants
Perhaps keen to land the best deals and outmaneuver bots, tech-savvy shoppers are starting to use AI agents to browse, compare, and buy products. However, these agent-based AI systems should be treated with caution, threat researchers warn.
While some retailers are already offering agentic shopping assistants to customers, this has left them facing a new security quandary as they can no longer distinguish between legitimate agent-driven interactions and the malicious automation designed to mimic them.
According to threat researcher Jerome Segura at fraud prevention specialist DataDome, for retailers, the distinction matters most at the account layer, where they need to verify identity amid rising automation.
A DataDome study conducted across 11 major e-commerce sites revealed that most were incapable of identifying genuine customers from malicious agents, leaving 64% of retailers open to mass fake account creation.
The study also found that a third of retailers had no MFA in place, “leaving account creation flows dangerously open.” This vulnerability enables the creation of fake accounts at scale and allows them to pass verification unnoticed.
David Mytton, founder and CEO of security-as-code startup Arcjet, advises shoppers to approach emerging AI-powered browsers, such as OpenAI’s Atlas, with caution.
“I don’t use them. I don’t think that they are secure – they’re interesting toys, definitely play around with them – but don’t add your credit card details,” he warns.
According to Mytton, while Amazon and Shopify have robust protections in place, for the majority of retailers, it has become a real problem.
He points to research from Meta that warns some autonomous-agent setups may be inherently insecure.
“They’ve come up with these three components… and if you have all three of them, it’s impossible to have a secure system.”
Detailing some of the methods used in agentic AI, he says, “Malicious actors are increasingly embedding harmful instructions inside webpages – white text on a white background or even embedded in images, for instance – so that an AI agent inadvertently executes actions the user never intended.”
Rogue shopping agents: consequences for users
If an attacker plants these instructions in the way Mytton has suggested, an AI agent could purchase products the user didn’t intend to buy, buy multiple items, or send the items to a fraudulent address. And, because the AI is acting autonomously, the user may not even notice until the money has been withdrawn from their account.
If an AI browser is tricked by malicious prompts, it could also autofill and submit personal data, leak passwords stored from the session, and reveal email, payment, or address information.
“These browsers may do things that you don’t understand and you don’t know, it’s going to be very untrustworthy,” he warns.
The threat from agents and bad bots is something many retailers will need to address, as they must strengthen bot detection and develop mitigation strategies, given that bots are increasingly mimicking human movements and behaviors.
How shoppers can protect themselves
Although the online retail ecosystem is suffering from a rise of malicious machines, shoppers can still take steps to protect themselves, and the advice boils down to tightening up basic digital hygiene.
Mytton recommends using a unique password for every service, or, ideally, a password manager to automate this process for you, and two-factor authentication.
“Used together, this will rule out 95% of all possible attacks against you,” he adds.
The security expert also encourages shoppers to check whether their credentials have been exposed using services like HaveIBeenPwned, noting that most password managers now provide automatic breach alerts.
Shoppers also need to approach Black Friday deals with a skeptical mindset. Manually entering URLs rather than following ads or links reduced exposure to fake sites. Monitoring account activity during and after Black Friday helps catch unauthorized logins or purchases early, before attackers escalate their access.
Unlock more exclusive Cybernews content on YouTube.
