Originally published on lexsummary.com.
Background
Perplexity AI developed an agentic AI shopping tool called “Comet,” integrated into its web browser. Comet allowed users to delegate shopping tasks on Amazon — including browsing, product comparison, and purchasing — by logging in with the user’s Amazon credentials and autonomously navigating Amazon’s password-protected account pages. In effect, a user could instruct Comet to find and buy a product meeting specific criteria, and the AI agent would carry out those steps on Amazon’s site on the user’s behalf.
Amazon sent Perplexity a cease-and-desist letter demanding that Comet stop accessing Amazon’s systems. Perplexity did not comply. Amazon then filed suit and moved for a preliminary injunction under the CFAA and California Penal Code § 502, seeking to block Comet from accessing password-protected sections of Amazon’s website using AI agents.
Court’s Holding
Judge Chesney granted Amazon’s motion for a preliminary injunction, finding Amazon satisfied all four factors of the preliminary injunction standard.
Likelihood of Success on the Merits
The court found strong evidence that Perplexity, through Comet, accessed Amazon’s password-protected accounts without Amazon’s authorization — even though individual users had voluntarily provided their credentials. Relying heavily on Facebook, Inc. v. Power Ventures, Inc., 844 F.3d 1058 (9th Cir. 2016), the court held that user consent does not constitute platform authorization, particularly after the platform has expressly revoked permission via a cease-and-desist letter. Amazon also demonstrated over $5,000 in losses from employee time spent developing tools to detect and block Comet’s access.
The court acknowledged that Van Buren v. United States, 593 U.S. 374 (2021), raised questions about whether CFAA “loss” must be limited to “technological harms,” but concluded this issue was likely to be resolved in Amazon’s favor. The California Penal Code § 502(c)(7) claim succeeded on similar reasoning, with the court noting that § 502 does not face the same “technological harm” limitation question.
Irreparable Harm
The court found irreparable harm because Perplexity had made clear it would continue accessing Amazon’s protected systems absent an injunction, citing precedent that continued unauthorized computer access despite a cease-and-desist letter constitutes irreparable harm.
Balance of Hardships and Public Interest
Although Perplexity argued the injunction would destroy its first-mover advantage in AI-assisted shopping and its multimillion-dollar investment in Comet, the court noted the injunction only blocked access to Amazon’s password-protected pages — Comet could still access the rest of the web. The court invoked the principle that “harm caused by illegal conduct does not merit significant equitable protection.” On public interest, the court found the public’s interest in protecting computers from unauthorized access sufficient, largely dismissing Perplexity’s arguments about consumer choice and innovation.
The Injunction
The court enjoined Perplexity and all affiliated persons from accessing Amazon’s protected computer systems using AI agents, ordered destruction of all Amazon customer data obtained through Comet, required no bond from Amazon, denied Perplexity’s request for a stay pending appeal, and granted only a seven-day administrative stay.
Key Takeaways
- Platform authorization controls over user consent. Under Power Ventures, a user’s decision to share login credentials with a third-party AI agent does not override the platform’s right to revoke that agent’s access. A cease-and-desist letter effectively terminates authorization under the CFAA.
- Agentic AI receives no special treatment. The court did not analyze whether an AI agent acting as a user’s delegated representative should be treated differently from traditional scraping or automated access tools. The opinion draws no distinction between data collection and user-directed task performance.
- The “technological harm” question remains open. The court acknowledged Van Buren‘s suggestion that CFAA losses may need to involve technological harms, but resolved the issue in Amazon’s favor without detailed analysis — leaving this important question for future litigation.
- Section 502 provides a parallel (and potentially easier) path. California Penal Code § 502 does not face the same post-Van Buren limitations on the definition of “loss,” giving plaintiffs an additional avenue in California courts.
Why It Matters
This decision is the first federal court ruling to address agentic AI shopping tools under the CFAA, and it lands squarely on the side of platform control. By applying the Power Ventures framework without modification, the court effectively treats AI agents the same as any other unauthorized automated access — regardless of whether the agent is performing tasks the user could legally do themselves.
The ruling has significant implications for the emerging agentic AI industry. If platforms can use cease-and-desist letters to block any AI agent that accesses password-protected pages — even when acting at the user’s explicit direction — then the CFAA becomes a powerful tool for incumbents to prevent AI-driven competition and interoperability. As commentary on this case has noted, the opinion fails to meaningfully engage with the distinction between malicious automation and disclosed, user-directed software functioning as the user’s chosen interface.
The case is expected to proceed to the Ninth Circuit, where the court may be forced to address whether Power Ventures should apply differently when the third party is acting as a user’s delegated agent rather than building a competing platform. The outcome could shape the legal landscape for agentic AI across e-commerce, financial services, and other platform-dependent industries.
Surfaced via Eric Goldman’s Technology & Marketing Law Blog.