A federal court today granted Amazon a preliminary injunction blocking Perplexity AI's Comet browser from accessing password-protected sections of the Amazon website using artificial intelligence agents - a ruling that draws a sharp legal boundary around what autonomous software can do inside third-party platforms without explicit authorisation from the platform itself.

United States District Judge Maxine M. Chesney, sitting in the Northern District of California, issued the order on March 9, 2026, in Case No. 25-cv-09514-MMC. The decision caps a legal confrontation that began when Amazon filed its complaint on November 4, 2025, marking the first time the e-commerce giant had taken legal action against an AI company over autonomous shopping agents.

The order is stayed for seven days from today's date to allow Perplexity to seek a stay from the Ninth Circuit Court of Appeals. Should that application fail, the injunction takes effect in full.

What Comet's AI agents were doing

The dispute centres on Perplexity's Comet browser, which launched on July 9, 2025, initially available only to subscribers of the company's $200-per-month Max plan. The browser runs on Chromium architecture and includes an AI assistant capable of navigating websites, executing purchases, and performing multi-step tasks on behalf of users.

According to the court order, Amazon provided strong evidence that Comet accesses a user's password-protected Amazon account "with the Amazon user's permission but without authorization by Amazon." The distinction matters legally: the user's consent is not the same as the platform's authorisation. Once inside, the AI agent transmits the user's private account information to Perplexity's servers for the purpose of carrying out the user's requested tasks, according to the court's findings.

Amazon's complaint, filed in November 2025, described additional technical behaviour. The e-commerce company alleged that Perplexity configured Comet to transmit the same user-agent string used by Google Chrome, making the AI agent appear as though a human customer was browsing the site rather than an automated system. The complaint stated that "when the Comet AI agent accesses the Amazon Store, it does not use a unique browser identifier and instead transmits the same 'user-agent' string that is used by Google Chrome." Amazon argued this violated industry standards, noting that other browsers with agentic AI capabilities use distinct identifiers to distinguish AI-initiated requests from direct human activity.

The full public release of Comet came on October 2, 2025, when Perplexity made the browser freely available after millions joined the waitlist during the three-month restricted period. That expansion significantly broadened the potential scope of the conduct Amazon found objectionable.

Amazon grounded its case primarily in two statutes. The first is 18 U.S.C. § 1030(a)(2), the federal Computer Fraud and Abuse Act (CFAA), which requires a plaintiff to demonstrate intentional computer access without authorisation or exceeding authorised access, resulting in information being obtained from a protected computer, with losses to one or more persons aggregating at least $5,000 during any one-year period.

The second is California Penal Code § 502(c)(7), which prohibits knowingly accessing any computer, computer system, or computer network without permission, and provides a civil remedy to owners who suffer damage or loss as a result.

According to the court's findings, Amazon cleared both thresholds. On the $5,000 loss requirement - a threshold the court acknowledged carries some legal complexity in light of the Supreme Court's 2021 decision in Van Buren v. United States - the court found Amazon had "expended significantly more than $5,000" in responding to the situation. The costs arose from "numerous hours spent by Amazon employees in developing tools to block Comet's access to its private customer accounts and detecting future unauthorized access by Comet," according to evidence submitted by Amazon.

The court drew a direct parallel to Facebook, Inc. v. Power Ventures, Inc., a Ninth Circuit case that held a defendant violated § 1030 after a cease-and-desist letter had been issued, and that user consent is "not sufficient to grant continuing authorization to access [plaintiff's] computers after [plaintiff's] express revocation of permission." Amazon had contacted Perplexity's CEO Aravind Srinivas on September 12 and September 29, 2025, and sent a formal cease-and-desist letter on October 31, 2025.

Irreparable harm and the balance of hardships

The court found that Amazon would likely suffer irreparable harm absent a preliminary injunction, principally because Perplexity had made clear that it would continue the challenged conduct if no order was issued. Several precedents from the Northern District of California establish that continued unauthorised access to protected computer systems, despite the issuance of a cease-and-desist letter, constitutes irreparable harm.

Perplexity contested this on multiple grounds. The company argued that an injunction would cost it "its first-mover advantage in the AI-assisted shopping space," along with market share, users, and the ability to iterate on Comet, as well as "the entirety of its multimillion-dollar investment in developing Comet," according to its opposition filing. The court was unmoved. Judge Chesney noted that even under the injunction, Comet would retain access to the entirety of the web outside Amazon's password-protected accounts. More fundamentally, the Ninth Circuit has established that harm flowing from illegal conduct "does not merit significant equitable protection," citing Disney Enterprises, Inc. v. VidAngel, Inc.from 2017.

On the question of public interest, Perplexity argued that an injunction would harm consumer choice and innovation. The court balanced that against the public's interest in protecting computers from unauthorised access - a principle confirmed in Power Ventures - and found the balance sufficient for Amazon.

What Perplexity must now do

The scope of the injunction is precise. According to the order, Perplexity and its agents, employees, successors, assigns, and all persons acting in concert with it are enjoined from accessing or attempting to access Amazon's protected computer systems using AI agents, and from using, creating, or taking over any Amazon accounts for the purpose of allowing Perplexity's AI agents to do so.

The order defines "AI agents" as "any software or computer program deployed through Perplexity's Comet web browser that can autonomously or semi-autonomously perform actions and interact with third-party websites on behalf of, or at the instruction of, any user."

Beyond the access prohibition, Perplexity is required to destroy all copies of Amazon customer data obtained through the challenged conduct - whether held by Perplexity itself, its employees, agents, assigns, or third-party service providers including web hosts, proxy servers, privacy services, and domain registrars. The company must also notify its officers, agents, servants, and employees of the order, and certify compliance by declaration within 30 days of the Ninth Circuit's ruling on the administrative stay.

No bond was required. The court denied Perplexity's request for a $1 billion bond - which Perplexity had sought based on its market valuation - on the grounds that the injunction does not implicate the entirety of its investment in Comet, nor its overall company value, and that the record provided insufficient information to assign a dollar figure to losses limited to Comet's access to Amazon's password-protected accounts.

The court also denied a stay pending appeal, finding that the same factors that supported the preliminary injunction - Amazon's likelihood of success on the merits and the irreparable harm it faced - weighed against granting Perplexity a stay.

This ruling does not arrive in isolation. Perplexity has accumulated legal exposure on multiple fronts. Reddit filed a comprehensive federal lawsuit on October 22, 2025, in the Southern District of New York against Perplexity and three data scraping companies for allegedly bypassing technological controls to access and scrape Reddit content. Perplexity's crawl-to-refer ratio, according to Cloudflare data, increased from 54 crawls per referral in January 2025 to 195 by July 2025 - a 256.7 percent increase relative to referrals.

The Comet browser itself had already attracted security scrutiny before the Amazon lawsuit concluded. Security researchers at Brave disclosed multiple prompt injection vulnerabilities in October 2025, and enterprise security analysis found Comet up to 85 percent more vulnerable to phishing and web attacks compared to Chrome. Amazon's complaint specifically cited these documented vulnerabilities as part of its argument that Comet posed a security risk to its platform and customers.

The question of AI agents and their relationship to platform access has been moving through Amazon's own governance structures in parallel. Amazon updated its Business Solutions Agreement effective March 4, 2026, introducing a formal Agent Policy requiring automated software to identify itself and comply with new access rules. That update formalised Amazon's posture toward AI agents across its entire seller ecosystem, providing a contractual basis for enforcement far broader than any single lawsuit.

Why this matters for marketing and advertising

The implications of this order extend well beyond the specific conduct at issue. Perplexity's broader commercial vision has always positioned Comet as an instrument of agentic commerce - a browser that acts on behalf of users to find and purchase products, bypassing traditional platform experiences entirely. The company's CEO Aravind Srinivas outlined in late 2024 a future where AI agents, rather than human users, become the primary target of digital advertising. In that model, merchants would compete for the agent's attention in the background, with human users never seeing a traditional advertisement.

That vision is now under direct legal challenge. If AI agents cannot access password-protected platform accounts without the platform's explicit authorisation, the intermediary role Perplexity was building for Comet becomes structurally constrained. Amazon's shopping feature was central to Comet's value proposition for users seeking to comparison-shop and purchase without navigating Amazon's own curated experience - one that Amazon argued it "invested billions of dollars over many years to develop."

For advertisers and platform operators, the ruling affirms that the Computer Fraud and Abuse Act applies to AI agent activity, not just human-directed access. The court treated Comet's agentic behaviour as legally equivalent to the kinds of automated access cases previously decided against social-platform scrapers and credential-stuffing services. The logic of Power Ventures - that user consent cannot override a platform's express revocation of permission - now appears to extend to AI browsers acting on user instruction. Amazon's advertising business generated $17.7 billion in revenue in the third quarter of 2025, growing 22 percent year-over-year, and the company had been explicit that non-human ad traffic creates filtering costs that affect that revenue directly.

The case also raises questions that the advertising technology industry will need to answer. As advertising platforms have begun building their own AI agent infrastructure - Amazon launched its own Ads Agent at the unBoxed conference in November 2025, and IAB Tech Lab released an Agentic RTB Framework the same month - the question of who controls agent access, and under what conditions, is shifting from a product concern to a legal one. Today's ruling suggests that platforms retain the right to define those terms unilaterally, and that AI companies building agents to act inside those platforms do so at their own legal risk if they act without platform-level authorisation.

Perplexity has seven days to seek relief from the Ninth Circuit. If the appellate court denies a stay, the company will face the need to certify compliance within 30 days - including destruction of any Amazon customer data obtained through the challenged access.

Timeline

  • July 9, 2025 - Perplexity launches Comet browser for $200/month Max subscribers; browser includes AI agent functionality for autonomous web browsing and purchasing
  • July 14, 2025 - Perplexity acquires OS.ai domain, signalling broader ambitions beyond the browser itself
  • August 29, 2025 - Perplexity's head of advertising and shopping Taz Patel departs after nine months
  • September 12 and 29, 2025 - Amazon contacts Perplexity CEO Aravind Srinivas over Comet's unauthorised access; Srinivas does not deny the conduct
  • October 2, 2025 - Perplexity releases Comet to the public at no cost, expanding the scope of the challenged access
  • October 21-22, 2025 - Brave publicly discloses prompt injection vulnerabilities in Comet; Reddit files lawsuitagainst Perplexity and data scrapers in the Southern District of New York
  • October 25, 2025 - Comet security vulnerabilities are reported in detail, with enterprise analysis finding the browser up to 85% more vulnerable to phishing than Chrome
  • October 31, 2025 - Amazon sends formal cease-and-desist letter to Perplexity
  • November 4, 2025 - Amazon files federal lawsuit against Perplexity in the Northern District of California; Amazon issues legal demand to stop AI-assisted shopping; Perplexity calls the action bullying
  • November 4, 2025 - Amazon files motion for preliminary injunctive relief
  • November 11-13, 2025 - Amazon launches Ads Agent and advertising infrastructure at unBoxed conference; IAB Tech Lab releases Agentic RTB Framework v1.0
  • February 17, 2026 - Amazon posts updated Business Solutions Agreement to Seller Central, introducing formal Agent Policy effective March 4
  • March 4, 2026 - Amazon's Agent Policy takes effect, requiring AI agents to identify themselves when accessing Amazon services
  • March 6, 2026 - Hearing held before Judge Chesney in the Northern District of California
  • March 9, 2026 - Court issues order granting Amazon's preliminary injunction; seven-day administrative stay granted to allow Perplexity to seek appellate relief

Summary

Who: Amazon.com Services LLC (plaintiff) and Perplexity AI, Inc. (defendant), in Case No. 25-cv-09514-MMC before United States District Judge Maxine M. Chesney of the Northern District of California.

What: A preliminary injunction barring Perplexity from using AI agents deployed through its Comet browser to access password-protected sections of Amazon's website, and ordering the destruction of Amazon customer data already obtained through that access. The court found Amazon likely to succeed on claims under the federal Computer Fraud and Abuse Act (18 U.S.C. § 1030(a)(2)) and California Penal Code § 502(c)(7).

When: The order was issued on March 9, 2026. It is stayed for seven days to allow Perplexity to seek a stay from the Ninth Circuit Court of Appeals. The underlying lawsuit was filed on November 4, 2025.

Where: United States District Court, Northern District of California. The conduct at issue involves Perplexity's Comet browser accessing Amazon's e-commerce platform using AI agents that operate on behalf of users.

Why: Amazon argued that Perplexity's Comet browser accessed user accounts on Amazon's platform without Amazon's authorisation, transmitted private account information to Perplexity's servers, concealed the AI agent's identity by mimicking Google Chrome's user-agent string, and continued doing so after repeated requests to stop. The court found this conduct likely violated two computer fraud statutes, that Amazon faced irreparable harm, and that the balance of hardships and public interest favoured the injunction.

Share this article
The link has been copied!