This shift is taking place against a broader cybersecurity landscape where attacks are growing in volume and sophistication, while the proliferation of AI makes it easier for would-be attackers to get their hands on malicious tools. And there are real-world implications: The average cost of a retail data breach in 2025 rose to $3.54 million, amplifying the stakes for identity, segmentation, and data protection as stores digitize.

What’s changed: Identities, data, and the store edge

AI agents, edge computing, and IoT multiply who and what has access, where decisions are made, and how data moves — so in retail, security must start with identity and follow data and workloads all the way to the store. Here’s a look at how the retail environment is changing:

Machine identities now outnumber people in many environments. Agentic AI, APIs, sensors, and microservices are transacting on behalf of consumers, as well as brands. Traditional identity access management built for people struggles with issuing, verifying, and governing these non‑human identities.

Data moves more — and some now lives locally. Stores are behaving like micro data centers. AI and store‑level inference increase local data traffic inside stores and produce sensitive data at the edge. Edge and server footprint grows to run AI, vision, and low-latency orchestration — security must follow workloads into the store, not just the cloud.

PCI scope expands at the edge. When payment flows intersect with edge applications like kiosks, cameras tied to loss‑prevention, or AI ordering, cardholder data moves more widely. In turn, retailers are treating Payment Card Industry Data Security Standard (PCI DSS) as an architecture concern, segmenting customer data from AI/IoT zones. As PCI compliance grows more complex, they’re also partnering with managed service providers to help lighten the load for in-house teams.

A practical security blueprint for AI‑ready retail

As retailers embed agentic AI, IoT, and edge applications into everyday operations, security now has to stretch across a far more distributed footprint — protecting people, data, and machine identities that live in stores, in transit, and in the cloud. This is where a digital fabric becomes indispensable: an enterprise-wide framework and mesh that connects applications, devices, locations, and data flows under one set of policies and controls. It’s the backbone that lets retailers place the right workloads in the right place without creating security silos or policy drift across thousands of sites. A sound cybersecurity stance for retail entails:

1) Identity & zero trust for people and machines

Identity access management and zero-trust practices are at the core of effective modern retail cybersecurity. Every person, device, and agent that can act on your behalf should have a unique identity, only the access it needs, and a clear owner. That means giving each class of agent its own credentials, strictly limiting what systems it can touch, requiring approvals or extra verification for high-risk actions, and continuously monitoring behavior for drift. A zero-trust approach reinforces this: don’t assume anything inside the network is safe by default; verify identity, device health, and context every time; then log what was done.

2) Wrap data with consistent rules, from store to cloud

Agentic AI and edge apps are only as safe as the data they’re allowed to see and use. Retailers should define a small set of data tiers (for example: public, internal, sensitive, regulated) and decide up front what each tier is allowed to do with AI. That might mean certain customer or payment data never leaves the payment system, some operational data can be used locally but not retained, and only curated datasets flow to cloud models.

3) Segment workloads accordingly

As AI and edge workloads grow, the store network needs to evolve from a wide-open layout to a series of clearly defined zones that keep sensitive systems separated from everything else. Network segmentation allows retailers to separate traffic for point of sale (POS) and payments, AI and analytics, IoT and building systems, staff devices, and guest WiFi. SD-WAN and secure networking can help enforce those lanes consistently across locations and keep a tight boundary around the cardholder data environment, so PCI scope doesn’t balloon as AI is added.

4) Unify policy with framework

After the core controls are set, retailers need a way to roll them out consistently across every location, app, and partner environment. Security and networking frameworks like SASE let retailers set access, web filtering, and data-protection policies centrally and automatically extend them to new stores, new apps, or new partners. Unified threat management at the network edge gives each site a strong gatekeeper that can block common malware, phishing sites, and suspicious traffic before it reaches devices and AI systems. Every store benefits from the same guardrails, even as edge workloads and AI projects evolve.

5) Detect early, respond fast, and reduce the burden on in-house teams

In an AI-driven, highly connected environment, it’s unrealistic to expect local teams to spot subtle issues on their own. That’s where endpoint detection and response (EDR) and managed detection and response (MDR) come in. EDR keeps continuous watch on laptops, servers, and edge systems for suspicious behavior. AI-enabled MDR adds 24/7 analysts who use AI, machine learning, and threat intelligence to identify and address threats, connect dots across locations, and trigger containment actions when needed.

Agentic AI and edge computing are redefining retail, but they don’t require a new rulebook — just a fabric that puts identity first, keeps data governed from store to cloud, and applies one set of guardrails everywhere.

Learn more about how Comcast Business is helping retailers securely leverage technology to power new customer experiences.