Universal Commerce Protocol: New Standard for Online Shopping

The Universal Commerce Protocol (UCP) has been developed for agent-based shopping and regulates the communication between AI agents and merchants. Google, along with several partners, introduced it at a conference for the retail industry. Thanks to UCP, AI agents should be able to navigate more easily and “speak a common language,” as Shopify also writes in a press release. This applies to the entire purchasing process, including problems and potential returns of goods.

Even now, AI agents from various providers can handle online shopping. The protocol aims to standardize this. This applies to the individual steps of a so-called customer journey, all of which are to be handled by a single agent with the UCP. However, this is not the first and only attempt to establish a protocol for agents. Specifically, there is already an Agent Payments Protocol (AP2), a protocol that handles communication between agents (Agent2Agent), and the comprehensive Model Context Protocol (MCP).

Shopping functions are intended to keep people within the ecosystem

Partners of Google, besides Shopify, include Etsy, Wayfair, Target, and Walmart. In addition to the protocol, which is available as an open standard, Google is also releasing further AI shopping features. The goal is for people to be able to shop as directly as possible through Google. This desire to create an ecosystem that users ideally do not have to leave is shared by pretty much all major tech companies.

OpenAI has, for example, introduced an Instant Checkout for ChatGPT as well as an Agentic Commerce Protocol. This was developed together with the payment service provider Stripe. With Instant Checkout, people will also be able to buy goods directly through the AI chatbot here. They no longer need to visit a shop's website directly. The agent handles this in the background. In addition to the now-pursued agentic commerce, there has also been the so-called social commerce for a long time. This refers to social media platforms through which shopping can be done directly – also without leaving the platform. This includes, e.g., TikTok Shops or Meta's Shops on Facebook and Instagram.

Agentic systems are vulnerable

It is questionable who is responsible for the selection displayed to the user when searching for AI shopping. So far, there is no further information on this, for example, whether advertising and ads or sponsored products will appear in chatbots in the future, or what form of ranking there will be.

And then there is the question of security risks when an agent goes on a shopping spree. So far, most agents have a built-in security mechanism. As soon as credit card details are requested, the owner must confirm the release. Nevertheless, this mechanism can also be bypassed in case of doubt. Agents are extremely susceptible to attacks, such as prompt injections, where instructions are hidden to the underlying AI models.

Even Sam Altman, CEO of OpenAI, has warned against granting AI agents too much access. OpenAI assumes that prompt injections will remain a persistent problem.

(emw)