Amazon sues Perplexity over AI agents visiting its site
A federal court is about to decide whether agentic browsers are guests or trespassers, and which parts of your site they can legally read.
Key takeaways
- Amazon is using the Computer Fraud and Abuse Act to block Perplexity's Comet from acting on user accounts.
- A win for Amazon lets sites contractually exclude AI agents from logged-in areas.
- Gated B2B content risks disappearing from AI answers if login walls hold up in court.
- Financial services and industrial brands face a sharper trade-off between content control and AI visibility.
- Expect a tiered web of agent-friendly, agent-tolerant, and agent-hostile sites within 18 months.
Amazon has asked a federal court to decide whether Perplexity's Comet browser, when it shops on a user's behalf, is a guest or a trespasser. Search Engine Journal reports that the retailer is invoking the Computer Fraud and Abuse Act (CFAA), the 1986 anti-hacking statute, to block Perplexity's agent from logging into Amazon accounts and transacting on them. The complaint frames the agent as unauthorised access. Perplexity frames it as a user exercising their own credentials through a tool of their choosing.
The legal question is narrow. The commercial one is not.
Whose session is it anyway
Amazon's argument rests on terms of service and the proposition that "authorised access" means access by the human account holder, not by software acting in their name. If that reading holds, every agentic browser, from Comet to OpenAI's Operator to whatever Google ships next, becomes legally exposed the moment it touches a logged-in session on a site that has not explicitly opted in. The CFAA carries criminal penalties. Vendors will not ignore that.
Perplexity's defence is that the user authorised the agent, the agent identifies itself, and Amazon is using anti-hacking law to suppress competition in product discovery. That last point is the one Amazon would rather the court not dwell on. Comet, and tools like it, route shopping decisions through an LLM that may recommend a different seller, a different marketplace, or no marketplace at all. The threat to Amazon is not bandwidth. It is disintermediation of the product search box, which is where Amazon's advertising business lives.
The precedent that matters
Courts have spent a decade narrowing the CFAA. In hiQ v. LinkedIn, the Ninth Circuit held that scraping public data did not violate the statute. The Supreme Court's 2021 Van Buren decision tightened "exceeds authorised access" to mean accessing areas of a system one is not permitted to enter, not merely using permitted access for disfavoured purposes. Amazon is betting that a logged-in agent session is closer to the former than the latter. Perplexity is betting the opposite.
Whichever way it lands, the ruling will set the default for whether agents can transact on regulated sites, including bank portals, broker dashboards, insurance quotes, procurement systems, and government services. A win for Amazon means every site gets to decide, contractually, whether agents may cross the login wall. A win for Perplexity means the user's credential is the user's to delegate.
What this does to brand visibility
For B2B brands, the case looks distant until you trace where agents collect the data they cite. Agentic browsers do not only buy things. They read pricing pages, pull product specs, compare vendor documentation, and increasingly draft shortlists. If sites can lawfully shut agents out of logged-in areas, the gated parts of corporate websites, customer portals, partner libraries, analyst-report downloads, become invisible to the models that summarise them. Public marketing pages will carry more weight, not less, because they are the only surface agents can reliably read.
Financial services brands should pay attention for a second reason. Banks and asset managers have spent years pushing their richest content behind registration walls: research notes, rate sheets, eligibility tools. A CFAA precedent that protects login walls also protects that content from being scraped, summarised, and recommended by a competitor's agent. It also keeps it out of the answer. Firms will have to decide which they value more: control over the asset, or presence in the AI-mediated shortlist.
Multilaterals and policy institutions face a milder version of the same trade-off. UN agencies, the World Bank's knowledge products, OECD datasets: most are already open, which is why they are cited heavily by ChatGPT and Perplexity today. Anything that moves behind authentication, even for legitimate reasons such as personalisation or download tracking, risks vanishing from model outputs. The citation premium for open, machine-readable content is about to widen.
Industrial groups have the opposite problem. Specification sheets, safety data, and compliance documentation often sit in dealer or partner portals. If agents cannot enter them, the public product page becomes the entire shop window for AI answers. Most of those pages were written for humans skimming on phones, not for a model trying to extract a torque rating.
The likelier outcome
Amazon will probably not win outright, but it does not need to. A partial ruling, or a settlement that requires agent identification and rate limits, would give large sites the leverage to set terms. Expect a tiered web: agent-friendly properties that publish structured access for AI shoppers, agent-tolerant sites that allow read-only crawling, and agent-hostile platforms that block at the login wall and litigate the rest. The brands that decide early which tier they want to sit in will shape their own visibility. The ones that wait will have the tier chosen for them, by whichever vendor's lawyers move first.
The CFAA was written to prosecute people who broke into mainframes. It is about to decide which brands an AI recommends.