Amazon vs. Perplexity: The First Major Legal Battle Over AI Agents Shopping on Your Behalf
Why the Court Said "Not Like This" and What It Means for Agentic Commerce
The Ruling Heard Round the Agentic Web
On March 10, 2026, a U.S. federal court issued one of the first major rulings in what will almost certainly become a defining legal battle of the AI era: can autonomous AI agents act on behalf of users inside third-party platforms?
The case pits Amazon against AI startup Perplexity over an experimental feature in Perplexity's Comet browser agent. The ruling could shape the future of agentic commerce—a world where AI assistants complete purchases, bookings, and online tasks autonomously for users.
The court's answer, at least for now, is clear: not like this.
For merchants, this case is not abstract. It is the first time a court has drawn a line between legitimate user automation and unauthorized platform access by an AI agent. Where that line lands will determine how agentic commerce actually works—and who controls it.
What Perplexity's Comet Actually Did
The Core Conflict
Perplexity's Comet browser agent was designed to do something increasingly common in AI product design: perform tasks on behalf of the user. Instead of manually browsing Amazon, a user could ask an AI assistant something like:
The agent would then navigate websites, log into the user's accounts, and complete the purchase automatically. A digital personal shopper that never sleeps and never second-guesses a deal.
Amazon alleged that Comet crossed a legal line in how it accessed the platform. According to the complaint, the agent:
Accessed password-protected accounts
The agent used stored user credentials to log into Amazon accounts and perform actions behind authentication walls.
Impersonated Google Chrome
Comet spoofed its user-agent string to bypass bot detection, pretending to be a standard browser rather than identifying itself as an automated agent.
Collected platform data during transactions
While performing automated purchases, the agent scraped and collected Amazon product data, pricing, and catalog information.
Amazon argued this behavior violated its terms of service and constituted unauthorized access. Perplexity framed the product as a natural evolution of browser automation—software acting as a proxy for a legitimate user.
The dispute boils down to a deceptively simple question: does an AI agent inherit a user's permission to interact with a service?
What the Court Decided
Preliminary Injunction Granted
Senior U.S. District Judge Maxine M. Chesney granted Amazon a preliminary injunction against Perplexity. The order requires Perplexity to:
Cease Comet Access to Amazon
Stop using the Comet agent to access Amazon's platform in any capacity, effective immediately pending a short appeal window.
Destroy Collected Data
Delete any Amazon data obtained through the Comet agent's automated access to the platform.
Halt Disputed Functionality
Suspend the agent's ability to interact with Amazon while the full litigation proceeds.
A preliminary injunction does not end the case. But it signals that the court believes Amazon's legal claims are strong enough to justify immediate intervention. In practice, it temporarily shuts down the disputed product behavior.
For merchants watching from the sidelines, the signal is clear: courts are inclined to protect platform boundaries, at least when agents show up uninvited and in disguise.
Why Merchants Should Pay Attention
Three Structural Shifts
This ruling is not just about one startup and one e-commerce giant. It touches foundational questions about the architecture of digital commerce. Here is what merchants need to understand.
1. You Control Who Enters Your Platform
For decades, platforms have controlled how third-party software interacts with their services. AI agents challenge that model. If users deploy autonomous agents that navigate websites exactly as humans do, platforms face a dilemma: allow them and risk losing control of the user interface, or block them and risk appearing anti-innovation.
This case suggests courts will side with platforms—at least when agents bypass detection rather than announcing themselves. That is good news for merchants. It means your terms of service and your access controls still matter.
2. Agentic Commerce Is Coming Whether You Like It or Not
The court shut down one implementation. It did not shut down the concept. Agentic commerce—where users describe intent and AI executes the transaction—is a pattern that will only accelerate. Buying products, booking travel, managing subscriptions, reordering household items. Instead of clicking through interfaces, users delegate tasks to software agents.
If agents become the primary interface for commerce, platform UI design loses power while AI systems gain leverage. Merchants who prepare for this shift—as we covered in "Headless Checkout for AI Agents"—will capture the revenue. Those who do not will lose it to competitors who did.
3. The Browser Is Becoming an Operating System
Tools like Comet represent a shift from passive browsing to active execution. Rather than displaying information, browsers may soon log into services, navigate websites, compare products, and execute purchases autonomously. This turns the browser into something closer to an AI-powered operating system for the internet.
Companies that control these agents could control the user's gateway to the entire web economy. Merchants need to decide now whether they want to be on the right side of that gateway or behind a wall that agents learn to route around.
The Legal Minefield
Why Existing Law Does Not Fit
The legal framework around automated access is messy. This case sits at the intersection of several overlapping—and sometimes contradictory—legal doctrines.
Computer Fraud and Abuse Act (CFAA)
Originally written to criminalize computer hacking. Now being applied to determine whether AI agents that use valid user credentials are “authorized” or not. The statute was never designed for this.
Terms-of-Service Enforcement
Amazon's ToS prohibit automated access. But courts have been inconsistent about whether ToS violations alone constitute “unauthorized access” under federal law. The line is blurrier than it looks.
Bot Access Precedent
Courts have historically allowed some forms of automation (public data scraping) while restricting others (accessing password-protected systems). AI agents blur this distinction because they operate with the user's credentials but without the platform's permission.
Identity and Impersonation
Comet spoofed its browser identity. That is not just a ToS violation—it is the kind of deceptive behavior that makes courts uncomfortable. An agent that identifies itself honestly may face a very different legal outcome.
The tension is real. A user authorizes an agent to act on their behalf. The platform has not authorized that agent to access its systems. Both sides have a legitimate claim. That legal gap is exactly what this case—and the dozens that will follow—will try to resolve.
The Strategic Battle Underneath
Three Competing Visions for the Agent Economy
Underneath the legal arguments lies a fight for control over the next generation of digital interfaces. Three models are emerging, and merchants need to understand all of them.
Platform-Controlled Agents
Platforms like Amazon deploy their own official AI assistants— Rufus being the obvious example. These automate tasks but remain fully inside the platform ecosystem. The platform keeps control, the user gets convenience, and third-party agents are locked out.
For merchants on these platforms, this model means playing by the platform's rules. Your products show up when the platform's agent recommends them. You pay for that visibility.
Open Web Agents
Startups like Perplexity attempt to build agents that operate across the open web, navigating sites autonomously on behalf of users. This model threatens platform control—which is precisely why Amazon sued.
For independent merchants, open web agents could be a lifeline. An agent that can shop across multiple merchants levels the playing field against platform monopolies. But only if the legal framework allows it.
API-Based Agent Access
A compromise where platforms allow agents but only through official APIs and partnerships. This preserves platform oversight while enabling automation. It is the model most likely to satisfy courts, regulators, and merchants simultaneously.
This is also where verification infrastructure becomes essential. If agents access your platform through an API, you need to know who they are, what they are authorized to do, and who is responsible when something goes wrong.
The Merchant Playbook
What to Do Right Now
You do not need to wait for the full trial to act. The direction is clear enough to start preparing.
Update Your Terms of Service
Amazon's ToS gave it legal standing to challenge Perplexity. If your terms do not explicitly address automated and AI agent access, you have no foundation for enforcement. Define what agents can and cannot do on your platform. Be specific.
Build an Agent Access Policy
Decide now whether you want to block all agent traffic, allow it freely, or—most likely—allow verified agents through a controlled channel. The court's ruling validates the third approach. Agents that identify themselves and operate within defined boundaries are going to have a much easier legal path than agents that sneak in disguised as browsers.
Invest in Agent Verification
The core problem in this case was not that an agent tried to buy something. It was that the agent had no verifiable identity, no declared scope of authority, and no transparent relationship with the platform. Merchants who can verify which agents are legitimate—and reject the ones that are not—will avoid the messy legal fights entirely.
This is exactly what Agent Trust Certificates are designed to solve. A verified agent presents cryptographic proof of who authorized it, what it can do, and who to contact if something goes wrong.
Do Not Block Everything
The temptation is to treat this ruling as permission to block all automated traffic. That would be a mistake. As we covered in "Your Fraud System Is Blocking Revenue, Not Fraud", blanket bot-blocking rejects legitimate agent-driven revenue alongside the bad actors. The goal is not to keep agents out. It is to let the right ones in.
What Happens Next
The Unresolved Questions
The preliminary injunction is only the beginning. If this case proceeds to a full trial—and it almost certainly will—the outcome could address several questions that the entire agentic commerce ecosystem is waiting on.
Can an AI agent legally impersonate a browser?
Comet spoofed its user-agent string. If the court rules that identity spoofing specifically is the problem, agents that honestly identify themselves may have a viable legal path.
Do users have the right to automate their own accounts?
The user gave Comet their credentials voluntarily. Does the platform's ToS override the user's own authorization? This is the question consumer advocates will push hardest.
Are ToS enforceable against third-party agents?
The user agreed to Amazon's terms. Perplexity did not. Can Amazon enforce its ToS against a company whose software accesses the platform on a user's behalf? The answer will define the legal boundaries of the entire agent economy.
The Trust Gap This Case Exposes
Strip away the legal arguments and the strategic posturing, and the Amazon vs. Perplexity case reveals something simple: there is no standard way for an AI agent to identify itself to a platform.
Comet pretended to be Chrome. It had to—because there is no protocol for an agent to say: “I am an AI agent operating on behalf of this verified user, with this scope of authority, authorized by this principal, and here is cryptographic proof.”
If that protocol existed, this lawsuit might not have happened. Amazon could have verified the agent, applied its own policies, and either accepted or rejected the transaction—all without litigation.
The agents that will survive the coming wave of legal challenges are the ones that can prove who they are, what they are authorized to do, and who is accountable when something goes wrong.
That is what KnowYourAgent.xyz builds. Not a legal workaround. A trust layer that makes the legal workaround unnecessary.
The Bottom Line
The Amazon vs. Perplexity dispute is likely the first of many legal battles over AI agents interacting with digital platforms. As AI assistants become capable of executing complex online tasks, the internet will shift from a human-driven interface to a machine-mediated one.
The central question is simple but profound:
Who controls the agents that act on behalf of users? Platforms, AI companies, or the users themselves.
The courts are just beginning to decide. But merchants do not need to wait for the verdict. The merchants who build agent verification into their commerce infrastructure now—who can tell a legitimate AI shopper from an unauthorized scraper—will be the ones ready for whatever the courts decide.
The agents are coming. The only question is whether they arrive with credentials or in disguise.
Ready for the Agent Economy?
Courts are drawing lines around AI agent access. KYA helps merchants stay on the right side of those lines—verifying agent identity so you can accept legitimate automation without legal risk.
Request a Demo