I Gave My AI Agent $25 and Told It to Buy Me a Gift

I loaded $25 onto a virtual debit card. Gave it to my AI agent. Simple task: go online and buy me something I'd actually use. Five hours. Four major Polish online stores. Zero completed purchases. The agent chose the gift perfectly (a fidget slider, knows me well). The hard part was buying it. What happened at each store: Allegro (Poland's biggest marketplace): Cloudflare detected the headless browser within milliseconds. Instant block. Amazon.pl : No guest checkout. Agent tried reading Apple Keychain credentials. Turns out even with root access, encryption is hardware-bound to the Secure Enclave. Wall. Empik (headless): Got to checkout, Cloudflare Turnstile killed it. Empik (real Safari via AppleScript): Browsed products, added to cart, filled shipping, selected delivery. Got 95% through. Then hit a cross-origin payment iframe. Same-origin policy means the agent literally cannot see inside it. Every security layer that makes sense for stopping human fraud also blocks legitimate AI cus