Amazon vs. Perplexity: Battle Over Who Controls Your Cart

Amazon vs. Perplexity: The Legal Stakes of AI Agents That Shop for You

Perplexity AI says Amazon is "bullying" after receiving a cease-and-desist letter demanding it stop letting users buy items on Amazon through Perplexity's AI browser, Comet. Amazon alleges Perplexity's agents access the store and user accounts without authorization and without proper disclosure. Both sides are positioning for a broader fight over whether third-party AI agents can transact on major platforms without explicit permission.

Key Points for Counsel

• Amazon's Oct. 31 letter alleges computer fraud and lack of disclosure when Comet agents act on users' behalf.
• Amazon has introduced technical and policy measures to block external AI agents and claims Comet evades those controls.
• Perplexity frames Amazon's move as anti-competitive and contrary to consumer choice, arguing users "love" the ability to shop via Comet.
• Amazon is building its own agents (Rufus; "Buy For Me"), signaling a controlled-ecosystem strategy.

What Happened

Perplexity's Comet Assistant helps users search for items and place orders on Amazon. Amazon sent a cease-and-desist, asserting Perplexity lacks authorization to access the store, user accounts, or account details via "disguised or obscured" AI agents, and that Perplexity fails to disclose agent actions to users. Amazon has also acted to block external AI crawlers and agents on its site.

Perplexity responded publicly, calling the letter an "aggressive legal threat." The company argues Amazon should welcome easier shopping and that Amazon prioritizes ads and upsells over user utility. Amazon counters that Comet degrades the shopping experience and does not honor platform decisions about third-party agent participation.

The Core Legal Theories Amazon Is Signaling

• Computer Fraud and Abuse Act (CFAA): Unauthorized access or access that "exceeds authorization" (especially to logged-in accounts or behind technical controls). Post-Van Buren, scope is narrower, but evading technical measures or using masked automation for account-level actions remains risky. See 18 U.S.C. § 1030.
• Breach of Contract: Violations of Amazon's Terms of Use, Acceptable Use, and API policies that restrict automated access, scraping, or acting for third parties without consent.
• Trespass to Chattels: Interference with Amazon's systems (e.g., automated traffic that evades blocking). Classic reference point: eBay v. Bidder's Edge.
• Deceptive Practices / Disclosure: Failing to clearly disclose when an agent acts, how it selects products, and whether results are sponsored or limited could invite regulatory scrutiny. The FTC's work on "dark patterns" is relevant for agent transparency and consent. See FTC guidance on dark patterns.

Where Perplexity May Push Back

• User Authorization: If the user authenticates and instructs Comet to act as their agent, Perplexity may argue its access is authorized by the account holder, not "without authorization." The strength of this defense depends on proof of informed consent and compliance with platform terms.
• Disclosure and Controls: Clear, up-front disclosures about agent actions, selection criteria, and limitations can blunt deception claims. Robust consent flows and receipts matter.
• Competition Arguments: Amazon's own agents (Rufus; "Buy For Me") may raise exclusion concerns if Amazon blocks third-party agents while favoring its own. That said, refusal to deal on a proprietary platform is often lawful absent monopoly power and specific exclusionary conduct.
• Public vs. Authenticated Access: hiQ v. LinkedIn protects scraping publicly accessible data; access to logged-in areas or evasion of technical controls is a different story. The factual record will be decisive.

Platform Enforcement Toolbox (What Amazon Can Do)

• Legal: CFAA, breach of contract, trespass to chattels, and demand letters seeking removal of Amazon from agent experiences.
• Technical: Bot detection, rate limiting, CAPTCHAs, credential checks, session heuristics, and automated takedowns.
• Commercial: Offer vetted APIs and partner programs while blocking noncompliant access.

Practical Checklist for Companies Building Shopping Agents

• Authorization: Obtain and log explicit, informed consent for each action; present granular scopes (search, cart, checkout), revocation, and audit trails.
• Terms Alignment: Map each target site's ToS/AUP/API terms. If prohibited, seek written permission or avoid automated interactions entirely.
• Transparency: Disclose when the agent acts, how products are ranked, if results are sponsored, delivery-speed tradeoffs, and data sources.
• Technical Respect: Do not evade blocks. Honor robots, rate limits, and anti-automation controls. Masking agent identity worsens intent evidence.
• Account Handling: For user logins, use user-present flows where permitted. Avoid shared credentials or headless sessions that mimic users without clear consent.
• Payments & Authority: Validate authority to charge, E-SIGN/UETA consent to transact, refunds/returns flows, and chargeback handling.
• Safety & Recourse: Provide order confirmations, itemized explanations, human handoff, and dispute resolution terms that will withstand scrutiny.
• Data Governance: Minimize collection, segregate tokens, and implement least privilege. Prepare for discovery with complete interaction logs.
• Marketing Claims: Avoid overpromising delivery speed or "best price." Substantiate claims and update models to reflect real availability.

Risk Posture for Perplexity

• High if Amazon can show evasion of technical controls, lack of clear disclosures, or access to account-level data without compliant authorization.
• Moderate if Perplexity has strong consent records, explicit on-screen disclosures, and can shift to a permissioned/API-based model.
• Lower if Comet disables Amazon purchasing, limits to public pages, or negotiates a partner carve-out with transparency standards.

Antitrust and Competition Considerations

Blocking third-party agents while launching in-house agents invites scrutiny, but refusal to grant access to a private platform is usually lawful. Risk increases if Amazon conditions access in ways that foreclose competition or leverages dominance to exclude agent intermediaries without neutral criteria. Expect arguments about "quality" and "user protection" to be tested against objective standards.

Likely Near-Term Outcomes

• Injunction Threat: If talks fail, Amazon could sue for injunctive relief under CFAA and contract claims.
• Negotiated Access: A vetted API, identity disclosure, and audit requirements in exchange for continued access.
• Design Changes: Clearer user disclosures, user-present workflows, and disabling of certain actions on Amazon.

Action Items for In-House Legal Teams

• Audit any agent-driven shopping features against target-site terms and technical controls.
• Implement explicit, layered disclosures and per-action consent for search, add-to-cart, and checkout.
• Adopt an "API-first unless permitted otherwise" policy; document all permissions and exceptions.
• Stand up incident response for complaints, chargebacks, or takedown requests; keep immutable logs.
• Partner with product and security on bot identity, rate control, and user-present verification.

Bottom Line

This fight isn't just about one letter. It's a test case for whether independent AI agents can transact on dominant platforms without formal permission. If your company builds agents that buy things, assume platforms will enforce, regulators will ask for disclosures, and courts will look hard at authorization, consent, and intent.

If your legal team needs to skill up on AI agent workflows and risk controls, see curated training resources at Complete AI Training - Courses by Job.