GBG's Kartik Venkatesh warns: AI agents need a trust layer for safe commerce

AI agents—autonomous systems that execute tasks and interact with other digital tools—are rapidly being deployed by businesses. McKinsey reports 62% of organizations are already experimenting with them, drawn by the promise of embedding automation deep into workflows. But as Kartik Venkatesh, Global Head of Innovation at GBG, explains, this autonomy introduces a new class of risk. The most dangerous vector is prompt injection, where attackers use maliciously crafted text to override an agent's core instructions, turning a helpful assistant into an undetected insider threat. A compromised agent could exfiltrate entire customer databases or escalate its own privileges, effectively becoming a rogue administrator.

Beyond single-agent risks, AI-to-AI interactions open supply-chain vulnerabilities. Without a way to verify an agent's identity, every connection becomes a blind spot. Venkatesh proposes a trust framework built around three questions: who is the agent (using identity standards like W3C DIDs), does it have authorization (using frameworks like FIDO's AP2 and Verifiable Intent), and finally—a question not yet fully addressed—how to prove the agent's intent reliably. The article argues that identity verification must evolve from basic security into the foundational infrastructure of the emerging agent economy, or autonomous commerce cannot function at scale.