Combating digital shrink with AI
Autonomous agents as the new standard for retail integrity
For years, retail has focused on the essential pillars of uptime and scale. The primary goals were to keep the website from crashing and ensure the payment gateway stayed up during peak traffic. However, as the line between physical stores and digital platforms vanishes, a new and more costly challenge has emerged: protecting margins.
In the industry, we call this "shrink," which refers to the billions of dollars lost annually to theft, administrative errors, and fraud. Traditionally, loss prevention was a physical task involving cameras, security tags, and floor walkers. In our current omnichannel world, shrink has gone digital. To combat loss, the next generation of retail leaders is deploying a brain at the intersection of the user, network, and the transaction to enable the concept of an autonomous shrink analyst.
The stark reality: Retail shrink by the numbers
According to the National Retail Federation (NRF) 2025 report, the scope of the shrink problem is expanding at an alarming rate. Retailers reported an 18% increase in the average number of shoplifting incidents per year, while ecommerce fraud rose by 55%. Perhaps most notably for those managing omnichannel transitions, 71% of retailers noted a significant increase in fraudulent return practices.
These are not just security problems. They are operational failures that directly impact the bottom line. When 85% of retailers report that they are now looking to AI to detect or prevent fraud, the question for the CTO is no longer if they should use AI, but where that AI should live to be most effective. If your fraud detection logic sits in a centralized data center while the theft is happening at a local self-checkout or through a mobile app, the window for intervention has already closed. We must move the intelligence closer to the point of the transaction: We need an AI-powered, autonomous shrink analyst close to customers.
Agentic AI readiness questions for the board
Retail leaders must ask themselves three critical questions to ensure their infrastructure is ready for the agentic AI era:
Do we have a unified view of our inventory state? If your digital storefront and your in-store point-of-sale (POS) logs are not being ingested into a common platform like a global fabric observability engine, you may have a visibility gap that could lead to shrink. Data silos are the primary playground for modern fraud.
An autonomous shrink analyst can provide that unified view, presenting insights generated from digital storefront and POS data.Are we protecting our business logic or just our perimeter? Traditional security stops attackers, but it does not stop bots from legally holding your inventory or draining loyalty points.
Your shrink analyst can detect the abuse of your store's basic functions, not just "attacks" in the traditional sense.Is our AI sitting next to our data? Latency is the enemy of loss prevention. If your fraud detection requires a round trip to a centralized cloud, the shrink has already left the building.
By placing the shrink analyst close to where the users are, you can combat real-time problems with real-time solutions.
The retailers that win the next decade will not just be the ones with the fastest websites or best user experiences. They will be the ones that use their network to gain total visibility into every item, scan, and click. By deploying autonomous shrink agents at the intersection of the user, network, and the transaction, we are not just stopping theft. We are ensuring the integrity of the entire retail ecosystem.
Modern OAT threats: Digital shrink defined
While traditional theft happens on the physical floor, a more subtle form of digital shrink is occurring through automated threats. To understand the necessity of an autonomous shrink analyst, let’s focus on one of the most prominent "digital shrink" vectors it is designed to mitigate: denial of inventory. This threat is categorized by the OWASP Automated Threat (OAT) project as one of the most significant drains on modern retail profitability.
Denial of inventory (OAT-021) is a silent margin killer that occurs at the intersection of logistics and cybersecurity. Sophisticated bot networks, now increasingly powered by agentic AI, systematically add high-demand items to thousands of digital carts without ever completing the checkout. This creates what we call "phantom shrink." Your systems show the items as unavailable to legitimate customers, driving them to competitors, while the physical inventory sits idle on a shelf. By the time the bots release the hold on these items, the peak demand window has passed. This often forces the retailer to apply steep markdowns just to move the product, destroying the original margin expectations for that SKU.
Addressing this denial of inventory vector is critical for maintaining margins and avoiding customer churn.
The visibility gap: Unifying the commerce OS
The modern retail environment is a sprawl of disparate data. POS systems, warehouse inventory logs, and in-store IoT sensors often live in silos. This fragmentation is exactly where shrink thrives. When a customer uses a digital coupon in a store, or a “buy online, pick up in-store” (BOPIS) order is processed, multiple systems must communicate. If those systems are not talking in real time, the opportunity for error or fraud increases significantly.
To address this challenge, retailers are shifting from reactive reporting, which often results in omnichannel inconsistencies, toward unified commerce. Unified commerce is an integrated retail strategy that merges all sales channels (online and physical) into a single, cohesive system. By leveraging tools like a global fabric observability engine, organizations can ingest and unify logs from the web storefront, mobile apps, and retail POS backends into a single source of truth.
Bringing intelligence to the point of sale
For an AI agent to be effective, it must operate within that narrow window of a customer transaction. By leveraging a distributed model for AI application deployment, retailers can process information and stop fraud the moment it happens, right where the customer and the product meet. With the right application deployment platform, retailers can rapidly deploy these analyst agents globally and run complex inference models right where the transaction happens.
This architecture does not just improve security. It also improves the customer experience. When the shrink analyst handles the heavy lifting of fraud detection, legitimate customers face fewer false positives, leading to a frictionless checkout.
The rise of the autonomous shrink analyst
If visibility represents the eyes of the operation, then an AI agent at the intersection of the user, network, and the transaction is the brain. This agent is an intelligent layer built atop a connectivity cloud. The agent should use bot management to filter noise, client-side security to protect the browser, and an AI inference service to execute complex logic in real time.
Unlike traditional security, this agent focuses on total retail integrity:
Contextual fraud detection: The agent identifies impossible scenarios, such as a high-value refund being processed in a physical store at the exact moment the associated digital account is logging in from a different state.
Inventory hoarding mitigation: The agent distinguishes between a human shopper and an inventory-hoarding bot. It automatically releases held stock back into the available pool when it detects OAT-021 patterns.
The trusted agent protocol: As retail moves toward agentic commerce, where customers use their own AI assistants to shop, the analyst works with industry-standard protocols like Web Bot Auth, Trusted Agent Protocol, and Agent Payments Protocol (AP2). This allows the store to securely differentiate between a customer’s helpful shopping assistant and a malicious bot.
Real-world validation: The triad of integrity
Cloudflare’s connectivity cloud enables you to build this autonomous shrink analyst. Bot management, client-side security, and an AI developer platform can help protect your site and users while deploying AI inference close to users.
Here are three examples of how leading retail organizations are using Cloudflare’s platform to protect their retail margins in unique ways:
Shopify runs their commerce engine on Cloudflare, ensuring that their unified POS remains synchronized with digital storefronts globally. This prevents the "inventory lag" that often leads to overselling or phantom stock issues.
Delivery Hero uses Cloudflare to manage massive traffic surges while maintaining millisecond-level accuracy for local warehouse stock. As a result, they can ensure that the "digital shelf" and the "physical shelf" remain in perfect harmony.
Fossil understands that shrink often starts in the customer's own browser. Page Shield secures the client-side environment. By monitoring for unauthorized script changes, Fossil prevents Magecart-style attacks, double-tap skimming, and carding bots from compromising the checkout process.
The future of retail integrity
The shift toward an agentic retail environment is not merely a technical upgrade. It is a fundamental change in how we define loss prevention. By moving intelligence to the intersection of the user, the network, and the transaction, we are closing the gap that has traditionally allowed shrink to flourish in the shadows of siloed data.
We are entering an era where the network does more than just move bits. It acts as a cognitive backbone of the commerce lifecycle where the priority is to ensure that every digital and physical touchpoint is part of a unified, intelligent fabric. When we secure the business logic as rigorously as the perimeter, we do more than just stop bots and prevent theft. We create a resilient foundation where innovation can thrive without compromising the margin. Total retail integrity is the new standard, and the autonomous shrink analyst is the key to achieving it.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Dive deeper into this topic.
Learn more about techniques to help stay ahead of fraud and emerging threats to your retail business in the Strategies for securing payment information in retail white paper.
Author
Aaron McAllister, PCIP – @aaron-mcallister-mba
Field CTO, Cloudflare
Key takeaways
After reading this article you will be able to understand:
The financial impact of automated inventory hoarding on retail profitability
When distributed AI agents provide superior protection over central clouds
Why leaders must secure core business logic rather than just perimeters