Fraud prevention specialist Riskified has warned that Meta’s acquisition of Moltbook marks a definitive transition from experimental autonomous buying to a mandatory infrastructure shift for global merchants. By integrating the agent-to-agent directory into Meta Superintelligence Labs, the social media giant is effectively centralising the framework for programmatic spending.
The move introduces a fundamental change in how financial institutions (FIs) and retailers verify identity. As autonomous agents begin to drive transaction volumes, the traditional “human signal”—the behavioral data points such as typing cadence or mouse movements used to verify intent—disappears from the checkout flow.
Coby Montoya, Director of Market Intelligence at Riskified, explained that this shift necessitates a move toward “agentic telemetry.” This new architecture focuses on the technical footprints and authorization protocols of the AI itself rather than human behavior.
“The fundamental architecture of trust must evolve from validating a human’s identity to verifying an agent’s authority and intent,” Montoya commented. “Merchants need to implement structural safeguards, such as cryptographic handshakes and real-time validation of spending limits, to ensure an agent’s actions remain aligned with the owner’s original parameters.”
The acquisition also raises concerns regarding systemic risk. A centralised agent directory could facilitate high-velocity, automated fraud across the retail ecosystem. If a single point of failure is exploited within a “walled garden” like Meta’s, the scale of autonomous attacks could outpace legacy risk models that rely on friction-based authentication.
Montoya added that the industry faces a significant infrastructure gap in handling these real-time validations. “We are seeing the rise of new threat vectors, including reverse prompt injection, where malicious actors attempt to subvert an agent’s logic during a transaction. Merchants must maintain independent oversight of their risk surface rather than relying solely on the platform’s internal security.”
As agent-to-agent transactions become inevitable, the industry is also facing a looming debate over regulatory frameworks. Current protocols may struggle to assign liability when a transaction is initiated by an autonomous entity rather than a human. For now, the focus for FIs remains on bridging the trust gap by developing robust identity layers that can authenticate programmatic buyers at scale.
