Leading the charge is Writuraj Sarma, Lead Product Manager at Samsung and an independent AI researcher, whose groundbreaking work at the intersection of cybersecurity and AI involving defense systems, predictive analytics, and machine learning has anticipated many of the agentic commerce innovations unfolding today and defining the cybersecurity future.

"In the age of autonomous threats, hesitation is surrender." — Writuraj Sarma

Writuraj Sarma works on agentic AI and cybersecurity. He started talking about it after the huge 2025 cyberattacks on retail and e-commerce. Those attacks showed how weak old defenses are. They also made people think we need a new, self-acting way to protect stuff.

Recent 2025 Attacks on Retail/E-commerce

The first half of 2025 had three big breaches that hit the world market hard:

• Cartier – June. Customer names, addresses, and payment data were stolen.
• Victoria's Secret – May. Hackers shut the site for days. Sales stopped, and shoppers stopped trusting.
• The North Face – A breach on accounts let outsiders see customer data and worker log-ins.

The Department of Homeland Security (DHS) report talks about the same risks. It even calls them "infra risk"when AI-driven attacks adapt fast (DHS, 2025).

What the Attacks Did

The breaches hurt three things:

1. Personal info leaked – Names, shipping spots, and cards got out, making fraud easy.
2. Business stopped – Sites were down during busy times, so money went away.
3. Trust fell – Regulators gave fines, and shoppers stopped trusting the brands.

Why Big Retailers Are Easy Targets

Retail and e-commerce hold huge piles of data. That data includes IDs, cards, and shopping habits. It gives thieves chances for fraud, blackmail, or ransomware. The attacks are getting bigger every year, so it looks like a worldwide problem, not just a few bad guys.

Numbers and Warnings

The FBI and CISA warn evolving cybercriminal groups target retailers; CISA highlights ransomware risks; 97% of top U.S. retailers faced third-party breaches (FBI/CISA)

Victoria's Secret: What Happened in May 2025

• Company loss: Sales stopped, extra money spent fixing the site.
• User trouble: Millions of shoppers couldn't buy or track orders.
• Trust problem: Stock fell, people on social media asked if the brand was safe online.

Lackings of current models (that mostly do not work):

Traditional cybersecurity models struggle to keep up with today's dynamic threat landscape. Most rely on static, perimeter-based security and signature detection, which are ineffective against adaptive, AI-driven attacks. They react only after breaches occur, leaving long detection gaps. Limited automation and siloed monitoring further reduce response speed, while human-dependent processes cannot scale to match the sheer velocity and sophistication of modern cyber threats.

Writuraj Sarma claims that "Agentic AI is our best defense—autonomous, predictive, and relentless against the evolving tide of cyberattacks."

Agentic AI can transform cyber defense for ecommerce and retail by moving from reactive repair to proactive protection. Unlike traditional models, it continuously monitors systems, predicts likely attack patterns, and adapts in real time to evolving threats. By deploying autonomous agents, organizations can rapidly detect anomalies, isolate risks before they spread, and minimize downtime or data loss. This not only reduces immediate financial and reputational damage but also builds long-term resilience and customer trust. Over time, adopting agentic AI builds strengthens reputation strength, lowers security costs, and ensures businesses stay ahead of increasingly sophisticated cybercriminals in a global digital marketplace.

Agentic AI moves security from fixing damage to stop-before-it-happens. Its main powers are:

• Always watching – Pulls in data from the network, computers, and clouds all the time.
• Guessing next moves – Learns patterns and says when a new attack might appear.
• Adapting instantly – Changes rules as threats shift, no human pause needed.
• Finding odd stuff quickly – Spots weird behaviour and isolates it right away.
• Quarantining – Lockdowns hit parts so the bad stuff can't move around.

Result? Less money lost, brand stays clean, lower security costs, and a stronger spot in a digital market.

Core Perks of Agentic AI

• See → Choose → Act – Unlike old ML that only watches, agents watch, decide, and act on their own.
• Made for AI enemies – They are built to fight attackers who also use AI, like AI-written phishing or AI-run ransomware.

Gartner says agents are "autonomous or semi-autonomous things that see, decide and act for owners."That matches what retailers need today.

How It Could Have Saved Victoria's Secret

If an agent had been working during the May 2025 breach, it might have done:

1. Spot – See a sudden rise in strange login tries.
2. Guess – Think a big attack is coming soon.
3. Block – Slow down bad IPs, ask for extra checks, move users to a fake site while the real one stays safe.

Those steps would have kept the site up, saved data, and kept shoppers' trust.

By 2025, Gartner forecasts that 33% of enterprise software applications will include agentic-AI by 2028, up sharply from less than 1% in 2024. In retail/ecommerce specifically, Grid Dynamics cites that AI agents could handle 20% of interactions at "human-readable digital storefronts" by then—this includes browsing, product selection, post-purchase follow-ups, etc. Gartner also warns that over 40% of current agentic AI projects may be scrapped by 2027 due to immature maturity, unclear value, or cost overruns. (source: Reuters)

Risks and Challenges of Using Agentic AI

"Agentic AI offers unmatched power in cybersecurity, but with great autonomy comes risk—misuse, bias, and adversarial manipulation demand vigilant governance." — Writuraj Sarma

Three big risk groups to watch:

1. Immature tools & hype – Early agents may break. Companies need small pilots, clear ROI checks, and avoid getting locked to one vendor.
2. Safety & rules – Autonomy must stay inside policy boxes, have clear approval steps, time limits, and audit logs to trace actions.
3. Adversarial AI – Bad actors can try to poison data, hijack goals, or hack the agent's control panels. Continuous checks and hardened pipelines are a must.

Balancing Promise with Safety

Good governance mixes human-in-the-loop for big decisions with fully-automatic rules for small attacks. Test runs let firms set thresholds, prove models work, and see real cost-benefits before scaling. Red-team style attacks can find weak spots before the bad guys do.

The road ahead for agentic AI in retail and ecommerce lies in creating autonomous defense ecosystems that not only predict but also outsmart cybercriminals. Future use cases include AI agents safeguarding checkout flows from fraud, dynamically securing customer PII vaults, and adapting supply chain systems against ransomware. As retail becomes increasingly digital, these systems will reduce breaches, preserve brand reputation, and inspire customer confidence. The market is poised for rapid adoption, with agentic AI delivering lower security costs, faster recovery, and, competitively, turning cybersecurity from a defensive expense into a strategic enabler of trust and growth.

Final Thought

"Agentic AI marks the shift from human-limited defense to autonomous resilience—always learning, always adapting, always protecting." — Writuraj Sarma

In short, the wave of attacks on retail and e-commerce shows we need a new kind of shield. Agentic AI gives constant watching, decisions made by the system itself, and fast action. Those are the only tools that can match the speed and size of modern hackers. Companies that add these smart guardians won't just get through the next storm—they'll come out stronger, with security as a clear edge over the competition.