Very high! Some credit card payment providers will return the money to the customer almost instantly upon a chargeback claim and then you’d have to prove that the customer actually authorized the payment.
For this concrete case, you need to be able to prove to the credit card company what the customer asked the AI agent exactly, prove that the agent asked for confirmation, the customer confirmed and that the actual order placed matches what the agent showed the customer initially.
You will need to have proper AI governance and security policies and procedures to satisfy PCI-DSS standards. Under most new AI governance and security standards (e.g. NIST AI RMF), logging is a default expectation especially what scope the user authorized the agent to perform. Also, if there is a human admin involved in the middle, you need to log their intervention too.