AI tools urged as ‘inventory denial’ attacks hit UK retail

UK retailers face a growing wave of "inventory denial" cyber attacks that block genuine shoppers from buying goods online and distort stock data, according to Abdelkader Keddari, Director EMEA at retail software company Fluent Commerce.

Keddari said traditional breaches that steal data or lock systems now sit alongside a subtler form of disruption that targets product availability and sales forecasts. He warned that the tactic is gaining traction as retailers contend with a broader surge in cyber crime.

Several major UK retail and consumer brands have experienced significant cyber incidents in recent months, including M&S, Co-op and Jaguar Land Rover.

"The recent high-profile cyber attacks on M&S, Co-op, and Jaguar Land Rover have made it very clear: UK retailers are under significant pressure from cyber criminals. These incidents disrupted operations, caused significant financial losses, have dominated headlines for weeks, and the consequences are ongoing. However, whilst these attacks may be taking up most of the airspace, there's another cyber threat to retail that is quietly growing - one that doesn't lock systems or steal data, but still causes real damage," said Abdelkader Keddari, Director EMEA, Fluent Commerce.

He said attackers increasingly focus on inventory denial, which affects stock visibility and customer experience rather than data integrity.

"Inventory denial attacks are on the rise, and becoming a significant problem. These are attacks designed to manipulate stock availability. Bots flood websites, adding products to baskets without buying them, inundating the system with millions of pointless requests. This means that genuine customers see items as "out of stock," and are unable to purchase them. It's a subtle form of sabotage but it can have a big impact - retailers lose sales and misread demand, causing them to over order," said Keddari.

The approach relies on automated bots that simulate customer behaviour at scale. Attackers exploit the way many eCommerce systems reserve items in online baskets and update stock counts for shoppers in real time.

Retailers often treat cyber security as a perimeter issue focused on network breaches and data loss. Keddari argued that those measures do not address manipulation of application-layer business logic or inventory flows.

"Traditional cybersecurity alone is not enough to stop these kinds of attacks. Retailers need smart tools & multiple technology layers that are able to detect this behaviour in real time. AI is already making a big difference here, with security tools able to use machine learning to spot and block bots before they begin to interfere with inventory. Implemented correctly, these tools are adaptive, fast and don't disrupt legitimate customer activity," said Keddari.

He pointed to an emerging stack that combines bot management, fraud detection and order management software. Each sits at a different point in the eCommerce process and focuses on distinct signals.

Keddari highlighted Order Management Systems as a central element of this approach inside retailers' technology platforms.

"Order Management Systems (OMS) also play a key role as part of the technology layer, acting as a defense mechanism. A robust OMS can monitor inventory changes across channels, detect and flag suspicious patterns, cancel fraudulent movements, validate legitimate requests, and intelligently reallocate stock when needed," said Keddari.

He said that order management can also influence how retailers respond operationally when an incident occurs. This includes how information moves between eCommerce sites, distribution centres and fraud tools.

"Beyond detection, an OMS also enables proactive protection and business continuity. By orchestrating real-time communication between eCommerce, fulfillment, and fraud detection systems, it helps retailers act faster when unusual inventory behavior is detected. This coordination ensures that legitimate customer orders are prioritized, stock visibility remains accurate across all channels, and revenue isn't lost to artificial demand generated by bots," said Keddari.

Retailers have increased investment in AI-based security services in recent years as online sales volumes grow and digital fraud becomes more automated. Many now run dedicated programmes that examine patterns such as basket abandonment, unusual traffic spikes and repeat orders from single devices.

Keddari said inventory denial requires that retailers treat stock data as a target in its own right rather than as a by-product of sales transactions. He argued that AI tools and OMS software work in combination when they sit across multiple sales and fulfilment channels.

"When paired with AI security tools, it can significantly mitigate the impact of these attacks by protecting margins and ensuring products are accurately displayed as available. Ultimately this is an issue that retailers can't afford to overlook - and those who invest in the technology will be those best placed to handle both the headline-grabbing attacks and the smaller quieter ones that are chipping away at revenue over time," said Keddari.