Experts reveal how AI Agents impact retail, shopping and customer loyalty

AI agents are poised to become part of everyday life. Google's Gemini helps plan your week, while OpenAI's voice assistants manage tasks through natural conversation. A wave of startups and innovators are already building AI agent solutions for specific business needs using foundation models from leading providers.
Previously limited to their own data, these models now incorporate additional information and capabilities through special APIs and developments like Model Context Protocol (MCP), creating reliable connections to external sources.
AI agents are here, what does it mean for loyalty?
The marriage of AI and retail loyalty makes a lot of sense. Eagle Eye, for example, already has a powerful AI-driven personalisation engine and other predictive systems, which thrive on ingesting and processing data intelligently.
In addition to being able to ask questions, AI agent helpers can make decisions, compare prices and steer people to where to shop. This stands to change how retailers reach customers.
Four ways AI agents will reshape loyalty:
1. The rise of the personal loyalty concierge: Most loyalty programs today require customer effort; browsing offers, tracking points, redeeming rewards. AI agents reverse this dynamic. Acting as personal concierges, they understand your preferences, track rewards across programs, and proactively suggest ways to maximise benefits while shopping.
2. Mass-market offers become financially unsustainable: Blanket promotions available to all customers will become even less viable in an agent-driven marketplace. AI agents are built to optimise for value, identifying and exploiting the most generous public offers. This cherry-picking erodes margins and will render mass offers increasingly unprofitable.
3. A new era of offer optimisation: AI agents necessitate a step-change in how offers are structured and delivered. Offers must be real-time, personalised, and API-accessible for easy evaluation by AI assistants. Loyalty programs will need to evolve to support dynamic offer issuance, individual targeting, and instant redemption.
4. Trust and transparency become the currency: As AI agents mediate interactions, retailers won't just sell to customers, they'll negotiate with algorithms. Simplicity and genuine value will be rewarded, while complexity and trickery will be filtered out. Clear, fair loyalty programs will build the trust needed for this new landscape.
AI Agents: Opportunities and challenges
Dr Jason Pallant, Senior Lecturer of Marketing at RMIT, says he is intrigued by AI agents because of how they may empower consumers to tailor their shopping experience, as well as how brands will leverage this further with loyalty.
"We know consumers now want, and even expect, tech and AI to help them navigate purchase decisions, particularly complex ones," he says. "AI agents could be a really effective way to do that, helping consumers leverage AI insights without needing prompting skills. The opportunity for brands that get it right could be highly personalised and engaging shopping assistants delivered at scale. That's the promise and potential at least."
Pallant also notes however that brands will need to rethink how they interact with customers vs with agents to ensure both are nurtured correctly.
"Consumers still desire human interaction, particularly for complex purchases, and this actually increases the more technology advances," he says. "Just look at complaints around chatbots that lock consumers in and won't let them talk to humans. More 'intelligent' agents might simulate that human interaction better but there's still a level of technology in the middle.
"That interaction can also create a 'black box' effect, particularly with agents, where it's not always clear to consumers where an answer has come from or why. Brands need to make sure they stay transparent throughout the process to maintain consumer trust."
As with all technologies there can be upsides and downsides, which need to be navigated by brands to ensure they are maximising the good and not forgetting their customers.
"While AI agents might increase engagement and personalisation at scale, they risk losing the human element and competitive advantage of the brand if not used strategically," Pallant says.
Digital connections and [reparing for change
In the retail loyalty space, these connections will require a backend that can process loyalty transactions in real-time, deliver personalised offers at moments of decision, communicate seamlessly with AI systems through standardised protocols, and adapt rapidly as agent capabilities expand.
Remember, getting into a good position on AI isn't just about money. In the case of agentic AI, retailers will succeed if they understand how agents evaluate and present options to consumers, remember that behind the agents are humans who both demand efficiency and occasional acknowledgement, and design their loyalty experiences accordingly.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Techday NZ

21 hours ago

• Techday NZ

World's largest data breach exposes 16 billion credentials

The scale of the latest data breach, involving a staggering 16 billion new credentials and passwords, is forcing both experts and organisations to reckon with the ongoing weaknesses in global digital security. Described as the world's largest data breach, the incident has reportedly swept up data from a vast array of online platforms, including not only commercial giants like Apple and Google but also government services and numerous SaaS (Software as a Service) applications. Brian Soby, co-founder and CTO at AppOmni, whose company specialises in securing digital records, believes the breach was inevitable given the industry's reliance on outmoded security frameworks. Soby warns that the gravity of the situation goes beyond the raw numbers: "This isn't just a collection of old, previously leaked passwords; it appears to be a new, massive, and highly organised library of credentials." According to Soby, cybercriminals now hold a "roadmap for widespread account takeovers" that threatens the backbone of modern digital life — cloud services and SaaS applications — potentially outpacing many current security defences. Soby highlights a critical vulnerability at the heart of today's enterprises. While many organisations invest in identity management and access security projects, basic misconfigurations and failure to disable outdated forms of credential use leave them exposed. "Large credential dumps such as these are likely to highlight just how many organisations indeed remain vulnerable to credential attacks due to these insufficient protections," he adds. Spencer Young, Senior Vice President EMEA at cybersecurity firm Delinea, echoes the concern, underlining that static credentials, especially passwords which are seldom changed, represent an Achilles' heel. "Passwords alone – especially unrotated ones – leave consumers and organisations vulnerable to phishing, credential stuffing, and Pass-the-Hash attacks," he notes. Young stresses that the traditional advice of strong password hygiene is no longer sufficient. Instead, initiatives like automated password rotation and credential vaulting, which reduce the window of opportunity for attackers, should be the new standard. In terms of longer-term solutions, Young observes that passwordless authentication approaches are gaining traction. "Technologies such as biometrics, where biometric data remains encrypted and safely stored in the device and does not travel across the network, improves the authentication process," he explains. However, he warns that passwords themselves are far from obsolete; they are increasingly being relegated to the background as part of a layered, multifactor authorisation system that may include one-time passwords or magic links to enhance security. With cybercriminals orchestrating campaigns using vast troves of login data, the scale of weaponisation is unprecedented. Tim Eades, CEO and co-founder at Anetac, illustrates the dilemma facing organisations across the world, as these troves become "a commodity that are bought, sold, and weaponised in countless attacks." Eades notes that the unrelenting circulation of stolen records magnifies the risk over time, especially as new AI agents — sometimes deployed without adequate safeguards — can introduce further vulnerabilities and thousands of new access points for attackers. "The part that keeps CISOs up at night? These records circulate for years, the risk doesn't go away, it only grows over time." Raising further alarm, Eades points out that until affected organisations are identified, compromised individuals may have no warning or recourse. This opacity not only endangers users but also perpetuates a cycle in which threat actors vie to surpass one another, pushing the boundaries of data breaches ever further. He urges organisations to reinforce security measures: "Leaders should protect all credentials like they are the keys to the castle." Encouraging the use of unique passwords, two-factor authentication, and embedding a culture of security awareness are presented as essential starting points. Another concern arising from the breach is the "snowball effect" it might have on cyber-attacks, especially through the proliferation of sleeper accounts. Xavier Sheikrojan, Senior Risk Intelligence Manager at Signifyd, warns that fraudsters may use stolen credentials not just for immediate exploitation but to create dormant accounts for later and larger-scale attacks. He advocates for proactive action, urging businesses to monitor user behaviour, force password resets, and continually refine machine learning systems aimed at picking up fraudulent activity. As experts across the sector agree, the exposure of billions of records simultaneously marks a pivotal moment in the digital security landscape. While technology continues to advance, so too does the capacity and sophistication of cybercrime, prompting renewed calls for organisations and individuals alike to treat identity and access security with unwavering seriousness and vigilance.

Techday NZ

4 days ago

• Techday NZ

Jamf report finds phishing & infostealers surge on Apple devices

Jamf has released its Security 360 Report, highlighting significant security trends and risks for mobile and Mac devices within organisational environments worldwide. The report, which examines both mobile and macOS platforms, identifies phishing, infostealers, and operating system vulnerabilities as major concerns and areas where enterprises need to focus their cybersecurity efforts. According to Josh Stein, Vice President of Product Strategy at Jamf, the aim of the research is to help security professionals understand and manage the challenges posed by both longstanding and emerging threats. "Our goal with this research is to inform security leaders about the risks impacting their organizations – whether those risks impact Mac or mobile – and provide tangible recommendations for safeguarding their organizations against increasingly sophisticated attacks," said Josh Stein, VP of Product Strategy at Jamf. "Age-old threats like phishing remain extremely prevalent and cannot be overlooked…nor can threats skyrocketing in popularity like infostealers. Jamf remains deeply committed to continuous threat research to not only protect our customers but also contribute valuable insights to the broader security community." Mobile threats The report notes that mobile devices are frequently the sole tools used by employees to access work resources, emphasising the need for robust defences across a variety of threat vectors. Jamf segmented its analysis of mobile device threats into four key areas: phishing, vulnerability management, application risk and malware, and spyware. Phishing attacks remain especially prevalent, with Jamf identifying approximately 10 million such attacks in the past year. The company reported that 25% of organisations experienced a social engineering incident and that one in ten users clicked on a malicious phishing link. The report suggests security training programmes and the adoption of layered, zero-trust security models can help mitigate these risks. In terms of vulnerability management, Jamf found that 32% of organisations had at least one device with critical vulnerabilities, and that 55.1% of mobile devices in use within workplaces were running on a vulnerable operating system. The company highlighted the importance of timely updates to patch known vulnerabilities, as provided by both Apple and Google. The research further discussed application risk, referencing Jamf's previous identification of a Transparency, Consent and Control (TCC) bypass flaw on iOS. The company demonstrated how side-loaded apps can compromise user privacy and emphasised the need for security controls that extend beyond just keeping operating systems up to date. Spyware and advanced malware were identified as threats that, though less frequent than on some platforms, are extremely sophisticated when they do emerge. High-profile individuals, including journalists, politicians, and diplomats, are at particular risk, with Apple sending compromise notifications to users in around 100 countries last year. The report recommends treating mobile devices with the same level of security as other endpoints in the enterprise environment. Threats to macOS Mac devices, which were once principally used by executives and creatives, have become common fixtures in enterprises across a range of sectors. According to the report, this proliferation has broadened the attack surface and increased the diversity of threats targeting the platform. Jamf outlined three principal areas of concern for macOS: application risk and malware, vulnerability management, and social engineering. Infostealers have become the dominant form of malware on Macs, accounting for 28.36% of all Mac malware analysed by Jamf, compared to just 0.25% in the previous year's findings. The report singles out employees in industries such as cryptocurrency as needing to be particularly alert, advocating for both ongoing training and adequate technological defences. The report also addresses myths about macOS security, noting that vulnerabilities persist despite perceptions of invulnerability. Jamf highlighted a recently discovered flaw in Gatekeeper, a mechanism intended to stop unverified apps from being run. The report notes the requirement for both effective technical controls and regular employee training to counter risks posed by software vulnerabilities. Social engineering threats, including phishing, exploit the widespread adoption of Macs in the workplace. Jamf cited campaigns that use professional social media platforms such as LinkedIn as initial attack vectors, rather than the email channels typically associated with phishing. The company recommends comprehensive employee training on all forms of phishing relevant to Mac users. Methodology The findings in the Security 360 Report are based on the analysis of 1.4 million devices protected by Jamf, conducted in the first quarter of 2025. The scope of analysis covered the previous year, included users in 90 countries, and spanned multiple mobile and desktop platforms, including iOS, iPadOS, Android, and macOS devices. The report draws on Jamf's proprietary Threat Intelligence, incorporating data from original research, device usage metrics, and analysis of news and external data feeds.

Techday NZ

4 days ago

• Techday NZ

Cloudinary unveils MCP Server for easier AI-powered image tasks

Cloudinary has introduced its Model Context Protocol (MCP) Server, aiming to simplify the creation and management of images and video for online channels for users in both coding and non-coding roles. The MCP Server is now available to all Cloudinary users, including those utilising the free plan. Through its integration with large language models (LLMs) such as Claude and Cursor, and compatibility with AI-platform Base44, the MCP Server enables these systems to interact with Cloudinary's image and video APIs using natural language, removing the requirement for manual coding. For developers and non-technical users Cloudinary's MCP Server targets three main user groups: developers working on complex visual media workflows for multi-channel or multi-country campaigns, non-technical app builders who wish to automate tasks such as image resizing and tagging, and general users who want to manage images and video assets without writing code. In addition to the MCP Server, Cloudinary has released AI-ready documentation that provides LLMs with comprehensive information on the platform's APIs. This resource allows both developers and non-technical builders to access and leverage Cloudinary's capabilities quickly and with greater confidence, whether they are orchestrating advanced workflows or preparing assets for various online channels. Cloudinary's integration with Base44 aims to support builders who want to incorporate Cloudinary's media transformation, optimisation, and delivery tools into their agent-driven workflows. This integration is intended to facilitate more streamlined development of visual-rich, scalable applications within agent-based environments. Toolset and workflow automation By utilising the combination of the new MCP Server and AI-ready documentation, users can gain access to a broad set of Cloudinary's features. This includes routine yet essential tasks such as bulk tagging, batch cropping, resizing, and overlaying images and video. Cloudinary states that these automated capabilities are designed to increase accuracy in media transformations while reducing the risk of model errors, often referred to as 'hallucinations' in AI workflows. Through natural language interactions with LLMs, users can now connect with Cloudinary's APIs to complete such tasks without requiring additional integrations or coding expertise. According to the company, this can assist both technical teams looking to improve efficiency and cross-team collaboration, as well as newcomers to visual asset management aiming to build content-driven applications for digital channels. Company statement "Cloudinary was founded by developers for developers and MCP Server is just our latest commitment to ensuring developers and builders of all kinds have the tools they need to build the visual-first experiences and apps they dream about – faster and more easily than ever before," said Tal Lev-Ami, Co-founder and CTO, Cloudinary. "This new era of LLM-powered code generation underscores the importance of open, API-first platforms and tools designed to empower users to build within flexible yet trusted frameworks and models." The company underscores its long-standing use of AI-driven development. Having integrated AI technologies since its inception, Cloudinary has supported businesses and developers in automating visual media processes to help ensure fast and tailored digital experiences for their audiences. Over the past year, the company has released multiple AI-based tools and enhancements, such as AI Vision and generative features like Generative Fill and Generative Upscale. Community and access Cloudinary is encouraging users to join its community and display their projects with the #BuiltWithCloudinary tag. The company also announced an MCP Server Challenge for developers and builders taking place this summer. All Cloudinary users will be invited to participate and will have the opportunity to win prizes. The Cloudinary MCP Server is accessible to all developers and builders, and can be used with any Cloudinary account, including free plans.