Ready to have your agent talk to my agent and arrange a sale? Microsoft has published a simulated marketplace to put AI agents through their paces and answer a question for the new age: Would you trust AI with your credit card?

Customer-facing assistants are all the rage these days. OpenAI and Anthropic, for example, have helpers that will navigate websites and complete purchases. Then there are assistants that will aid sellers with customer engagement and operations.

It all points to a future where, like rich people with personal shoppers, the average user will have "people" to do all the work for them.

[1]

To simulate what might happen, Microsoft's researchers built the [2]Magentic Marketplace , an open-source simulation upon which agents can be unleashed and the results studied.

[3]

[4]

And the conclusion? "Agents should assist, not replace, human decision-making."

[5]Microsoft apologizes for not explaining cheaper no-AI M365 plans, and all it took was a government lawsuit

[6]Copilot can replace Search in latest Windows 11 test builds, but it's not a good idea

[7]Microsoft lets bosses spot teams that are dodging Copilot

[8]Microsoft threatens to ram Copilot into Exchange Server on-prem

The marketplace simulation manages catalogs of goods and services, and facilitates agent-to-agent communication. It also handles simulated payments. The researchers simulated transactions such as ordering food or engaging with home improvement services. Agents represented customers and businesses at each end of the transactions.

Each experiment was run using 100 virtual customers and 300 virtual businesses, and included both proprietary models (such as GPT-4o and Gemini-2.5-Flash) and open source models. The team had agents building queries, navigating results, and negotiating transactions.

The results were interesting. Although agents can help (the thinking is that an AI agent should be able to consider far more possibilities than a human could), loading them with more options and search results led to a decline in the number of comparisons. With some exceptions (notably Gemini-2.5-Flash and GPT-5), researchers found the models tended to accept the initial "good enough" options rather than dig deeper.

[9]

Researchers also tried manipulation strategies, which ranged from fake award credentials and fake reviews, to [10]prompt injections . Again, the models varied. Gemini-2.5-Flash proved generally resistant, while others could be tricked. Prompt injection techniques proved useful in directing payments to manipulative agents, while more basic persuasion techniques were also effective.

The researchers noted: "These findings highlight a critical security concern for agentic marketplaces."

It all suggests that the current state of the art in terms of AI models still has some ways to go. The agents were shown to struggle when presented with too many options and were vulnerable to manipulation. Researchers also found some models showed biases, including selecting a business based on its position in the results rather than on merit.

[11]

And then there is the design and implementation of the marketplace. The researchers said: "Our current study focused on static markets, but real-world environments are dynamic, with agents and users learning over time.

"Oversight is critical for high-stakes transactions."

"A simulation environment like Magentic Marketplace is crucial for understanding the interplay between market components and agents before deploying them at scale."

So, perhaps reconsider handing over authority to an agent at this point. The results might not be quite what you were expecting. ®

Get our [12]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aQzUJiQViTQoRAj5W4WVtAAAAEQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://www.microsoft.com/en-us/research/blog/magentic-marketplace-an-open-source-simulation-environment-for-studying-agentic-markets/

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aQzUJiQViTQoRAj5W4WVtAAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aQzUJiQViTQoRAj5W4WVtAAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://www.theregister.com/2025/11/06/microsoft_copilot_m365_apology/

[6] https://www.theregister.com/2025/11/04/microsoft_windows_copilot_search/

[7] https://www.theregister.com/2025/10/10/microsoft_copilot_viva_insights/

[8] https://www.theregister.com/2025/10/23/copilot_exchange_server/

[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aQzUJiQViTQoRAj5W4WVtAAAAEQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[10] https://www.theregister.com/2025/10/28/ai_browsers_prompt_injection/

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aQzUJiQViTQoRAj5W4WVtAAAAEQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[12] https://whitepapers.theregister.com/