How DTC Companies Are Securing AI Agents - 3 Stories from the Front Lines
By deploying AI agents across order support and post‑purchase flows, DTC brands can cut average handling time by around 25% (McKinsey), improve team‑level productivity and cost‑to‑serve by about 30% (Gartner), and automate 80% of routine customer service requests without human intervention (Gartner).
I talk to a lot of customers and buyers every day, and it seems that direct to consumer (DTC) companies follow a similar pattern. First, you get a chatbot. Next, a customer service agent. Then there’s recommendation engines, fulfillment automation, inventory management and suddenly, AI is everywhere in the customer’s journey.
By deploying AI agents across order support and post‑purchase flows, DTC brands can cut average handling time by around 25% (McKinsey), improve team‑level productivity and cost‑to‑serve by about 30% (Gartner), and automate 80% of routine customer service requests without human intervention (Gartner).
So what counts as DTC? Companies that sell straight to their end customers - no retail middle person, no channel partners. Think subscription boxes, online-only apparel brands, streaming services. If your revenue depends on owning the full customer relationship, from first click to post-purchase support, you're in this category.
Now, with many DTC companies beginning to adopt AI, the challenges start when these systems act on their own. They're not just answering questions, they're making decisions, calling tools, and taking action. An AI agent can refund a purchase, update an account, or escalate a case, all without a human in the loop. But when something goes sideways like an unauthorized discount, a made-up product claim, personal info bleeding between sessions - traditional security tools don't cut it. They weren't built for this agentic world. To make this real, here are three stories from the front lines of DTC companies navigating this shift.
Company A: The Media Giant Trusting a Third Party to Speak for Them
Industry: Media & Entertainment
This huge media company has over 10,000 employees and millions of subscribers. They decided to use a third-party conversational AI platform for customer interactions. Basically, they handed their brand’s voice to someone else’s AI.
The problem? Nobody actually checked if the AI was up to their standards. No one tested whether the agent would hallucinate or leak its system prompt to a nosy customer. They had third-party AI talking to millions of people and just crossed their fingers it would behave.
So we ran Ascend AI red team testing on their integration - pressuring it to see what would really happen. Could it be pushed into unsafe responses? Would it make things up? Could someone yank out the system prompt? We tested grounding accuracy across 11 categories, safety across 13 harmful content categories, prompt leakage, and compliance mapping.
The results gave them exactly what they didn't have before, hard evidence. They could see which grounding categories the agent failed in, which safety categories it was vulnerable to, where excessive agency was a problem, and whether the system prompt could be extracted. Instead of trusting the vendor's word, they had quantified findings mapped to compliance frameworks that they could take to leadership and act on.
Takeaway: Even if you’re not building the AI yourself, you’re on the hook for everything it says. If your vendor’s AI misbehaves, your brand pays the price. Get proof it’s safe. Don’t just take their word for it.
Company B: The Telecom Enterprise Running AI with Zero Protection
Industry: Telecommunications
This is a Fortune 50 telecom company with over 100,000 employees and tens of millions of households on their network. They're sitting on massive amounts of sensitive customer data - from billing records, usage patterns, credentials, all of it. At that scale, if their AI fails, it's not just a brand problem. It's a data problem, and it's a nationwide one…
They were deploying proprietary agents, enterprise apps, and third-party integrations with no guardrails in production. No controls, monitoring, or alerting. Developers were spinning up local MCP servers (which is how agents connect to tools and data), with almost no oversight. The doors were open and nobody was watching.
We rolled out Defend AI runtime guardrails to their whole stack. That meant controls at the agent layer to catch tool misuse, blocked instruction tampering, and prevented attackers from probing the agent's architecture. For enterprise apps like MS Copilot and ChatGPT, we added proxy-based guardrails. We also locked down MCP server governance, gave them full visibility into every AI interaction, and deployed everything on-prem to keep their data local.
They went from no visibility on what their agents were doing to having dashboards, alerts, and workflows - so their security team could actually jump in and fix issues.
Takeaway: This one stuck with me - giant enterprises running AI agents in production with literally nothing protecting them. It’s way more common than most folks realize, even at massive companies.
Company C: The E-Commerce Giant Going All-In
Industry: E-Commerce
Picture a Fortune 500 e-commerce powerhouse, one of the go-tos for online shopping in its region, tens of thousands of employees, millions of orders every day. PII, financial data, transaction records constantly flowing through their AI agents. One broken step here and millions of customer records are out in the open.
This company wasn’t dabbling, they went all-in on AI. Proprietary agents, enterprise tools, customer-facing interactions (recommendations and service), internal workflows - everything powered by AI. They knew testing alone wasn’t enough and running protection alone wouldn’t cut it either.
We deployed our Ascend AI, red teaming product, running over 5,000 adaptive attacks per scan across security, safety, trust, and compliance. To note, their international customer base meant that they had attack surfaces in multiple languages. We ran LaVA (Language-Augmented Vulnerability in Applications) attacks against their web layer and mapped everything to OWASP LLM Top 10, Agentic Top 10, NIST 600-1, and MITRE ATLAS. They also did baseline deviation monitoring to keep constant track of how their security posture shifts.
Meanwhile, our Defend AI product covered their stack with agent-layer controls for tool misuse and instruction manipulation, blocked PII and financial data leaks, kept hallucinations out of RAG-based product recommendations, and adapted guardrails to their needs over time.
Takeaway: At this scale, you don’t choose between testing and protecting, you do both. Red teaming shows the cracks and guardrails keep the attackers out. Doing just one is false confidence.
What I Keep Hearing
Every DTC company I work with is somewhere on this path. Some are dipping their toes in; others already run full agentic architectures across the customer experience. No matter where they are, the pattern’s the same: AI growth is sprinting ahead of security.
Some constant truths:
- Third-party AI is still your responsibility. You can offload tech, but you can’t offload accountability.
- Way too many companies, really big ones, are running AI with zero guardrails.
- You need both an offensive and defensive strategy. Find weaknesses, then make sure attackers can’t exploit them. Test and protect - never just one.
- Every new language your AI speaks adds a whole new attack surface.
- You can't secure what you can't see. Most companies don't even have a complete inventory of the AI agents running in their environment.
AI is spreading faster into the daily tools people use than anyone expected. Security has to keep up. That’s what we do at Straiker.
I talk to a lot of customers and buyers every day, and it seems that direct to consumer (DTC) companies follow a similar pattern. First, you get a chatbot. Next, a customer service agent. Then there’s recommendation engines, fulfillment automation, inventory management and suddenly, AI is everywhere in the customer’s journey.
By deploying AI agents across order support and post‑purchase flows, DTC brands can cut average handling time by around 25% (McKinsey), improve team‑level productivity and cost‑to‑serve by about 30% (Gartner), and automate 80% of routine customer service requests without human intervention (Gartner).
So what counts as DTC? Companies that sell straight to their end customers - no retail middle person, no channel partners. Think subscription boxes, online-only apparel brands, streaming services. If your revenue depends on owning the full customer relationship, from first click to post-purchase support, you're in this category.
Now, with many DTC companies beginning to adopt AI, the challenges start when these systems act on their own. They're not just answering questions, they're making decisions, calling tools, and taking action. An AI agent can refund a purchase, update an account, or escalate a case, all without a human in the loop. But when something goes sideways like an unauthorized discount, a made-up product claim, personal info bleeding between sessions - traditional security tools don't cut it. They weren't built for this agentic world. To make this real, here are three stories from the front lines of DTC companies navigating this shift.
Company A: The Media Giant Trusting a Third Party to Speak for Them
Industry: Media & Entertainment
This huge media company has over 10,000 employees and millions of subscribers. They decided to use a third-party conversational AI platform for customer interactions. Basically, they handed their brand’s voice to someone else’s AI.
The problem? Nobody actually checked if the AI was up to their standards. No one tested whether the agent would hallucinate or leak its system prompt to a nosy customer. They had third-party AI talking to millions of people and just crossed their fingers it would behave.
So we ran Ascend AI red team testing on their integration - pressuring it to see what would really happen. Could it be pushed into unsafe responses? Would it make things up? Could someone yank out the system prompt? We tested grounding accuracy across 11 categories, safety across 13 harmful content categories, prompt leakage, and compliance mapping.
The results gave them exactly what they didn't have before, hard evidence. They could see which grounding categories the agent failed in, which safety categories it was vulnerable to, where excessive agency was a problem, and whether the system prompt could be extracted. Instead of trusting the vendor's word, they had quantified findings mapped to compliance frameworks that they could take to leadership and act on.
Takeaway: Even if you’re not building the AI yourself, you’re on the hook for everything it says. If your vendor’s AI misbehaves, your brand pays the price. Get proof it’s safe. Don’t just take their word for it.
Company B: The Telecom Enterprise Running AI with Zero Protection
Industry: Telecommunications
This is a Fortune 50 telecom company with over 100,000 employees and tens of millions of households on their network. They're sitting on massive amounts of sensitive customer data - from billing records, usage patterns, credentials, all of it. At that scale, if their AI fails, it's not just a brand problem. It's a data problem, and it's a nationwide one…
They were deploying proprietary agents, enterprise apps, and third-party integrations with no guardrails in production. No controls, monitoring, or alerting. Developers were spinning up local MCP servers (which is how agents connect to tools and data), with almost no oversight. The doors were open and nobody was watching.
We rolled out Defend AI runtime guardrails to their whole stack. That meant controls at the agent layer to catch tool misuse, blocked instruction tampering, and prevented attackers from probing the agent's architecture. For enterprise apps like MS Copilot and ChatGPT, we added proxy-based guardrails. We also locked down MCP server governance, gave them full visibility into every AI interaction, and deployed everything on-prem to keep their data local.
They went from no visibility on what their agents were doing to having dashboards, alerts, and workflows - so their security team could actually jump in and fix issues.
Takeaway: This one stuck with me - giant enterprises running AI agents in production with literally nothing protecting them. It’s way more common than most folks realize, even at massive companies.
Company C: The E-Commerce Giant Going All-In
Industry: E-Commerce
Picture a Fortune 500 e-commerce powerhouse, one of the go-tos for online shopping in its region, tens of thousands of employees, millions of orders every day. PII, financial data, transaction records constantly flowing through their AI agents. One broken step here and millions of customer records are out in the open.
This company wasn’t dabbling, they went all-in on AI. Proprietary agents, enterprise tools, customer-facing interactions (recommendations and service), internal workflows - everything powered by AI. They knew testing alone wasn’t enough and running protection alone wouldn’t cut it either.
We deployed our Ascend AI, red teaming product, running over 5,000 adaptive attacks per scan across security, safety, trust, and compliance. To note, their international customer base meant that they had attack surfaces in multiple languages. We ran LaVA (Language-Augmented Vulnerability in Applications) attacks against their web layer and mapped everything to OWASP LLM Top 10, Agentic Top 10, NIST 600-1, and MITRE ATLAS. They also did baseline deviation monitoring to keep constant track of how their security posture shifts.
Meanwhile, our Defend AI product covered their stack with agent-layer controls for tool misuse and instruction manipulation, blocked PII and financial data leaks, kept hallucinations out of RAG-based product recommendations, and adapted guardrails to their needs over time.
Takeaway: At this scale, you don’t choose between testing and protecting, you do both. Red teaming shows the cracks and guardrails keep the attackers out. Doing just one is false confidence.
What I Keep Hearing
Every DTC company I work with is somewhere on this path. Some are dipping their toes in; others already run full agentic architectures across the customer experience. No matter where they are, the pattern’s the same: AI growth is sprinting ahead of security.
Some constant truths:
- Third-party AI is still your responsibility. You can offload tech, but you can’t offload accountability.
- Way too many companies, really big ones, are running AI with zero guardrails.
- You need both an offensive and defensive strategy. Find weaknesses, then make sure attackers can’t exploit them. Test and protect - never just one.
- Every new language your AI speaks adds a whole new attack surface.
- You can't secure what you can't see. Most companies don't even have a complete inventory of the AI agents running in their environment.
AI is spreading faster into the daily tools people use than anyone expected. Security has to keep up. That’s what we do at Straiker.
.avif)
