Microsoft is taking its AI integration to the next level—and potentially your wallet. The tech giant has unveiled "Copilot Checkout," a feature that allows the AI assistant to execute purchases directly within the chat interface, bypassing external websites.

While pitched as the ultimate convenience—imagine telling your computer, "Buy me those sneakers," and it just happens—cybersecurity experts are sounding the alarm. They warn that giving an AI agent direct access to payment gateways creates a massive new attack surface for hackers and "prompt injection" scams.

The Feature

Rolling out via partnerships with Shopify, Stripe, and PayPal, the tool lets Copilot navigate stores and finalize transactions autonomously. It is part of the industry’s push toward "agentic AI"—bots that do things, not just say things.

• The Risk: AI models are prone to hallucinations and manipulation. A malicious website or email could theoretically trick Copilot into buying unwanted items or draining funds through hidden prompts.
• Over-Permissioning: Security firms warn that users might inadvertently grant Copilot access to financial data it shouldn't see. If a hacker compromises your Microsoft account, they now have a direct line to your bank account.
• Forced Adoption: Much like the Copilot button on Windows 11, this feature feels inescapable. Shopify merchants are being auto-enrolled, meaning users might find themselves using it without fully understanding the risks.

Convenience vs. Caution

For Kenyan tech users, who are already targets for digital fraud, this development requires vigilance. Handing your credit card to a chatbot might be convenient, but until the security is bulletproof, it might be safer to keep the checkout manual.