A federal judge has granted Amazon a preliminary injunction barring Perplexity AI from using its Comet browser agents to access password-protected Amazon accounts and systems.
U.S. District Judge Maxine M. Chesney issued the order in San Francisco federal court, finding that Amazon is likely to succeed on the merits of its claims. The preliminary injunction also bars Perplexity from creating or using accounts for the purpose of AI agent access and orders the company to destroy Amazon data it collected through Comet.
Amazon sued Perplexity in November, alleging the startup committed computer fraud by disguising Comet as a standard Chrome browser and refusing to identify it as an AI agent while making purchases.
What The Court Ordered
The preliminary injunction bars Perplexity from using Comet or any other AI agent to access password-protected parts of Amazon’s systems.
In the order, Judge Chesney wrote that Amazon presented “strong evidence” that Perplexity, through its Comet browser, accessed Amazon user accounts “with the Amazon user’s permission but without authorization by Amazon.”
The court treated user consent and platform authorization as two separate requirements at this stage of the case. A shopper giving Comet their Amazon login credentials didn’t automatically give Comet the right to use them on Amazon’s platform.
Chesney found Amazon satisfied all four legal requirements for a preliminary injunction, including that Amazon would suffer irreparable harm without one. The judge wrote that “Perplexity has made clear that, in the absence of the relief requested, it will continue to engage in the above-referenced challenged conduct.”
The court denied Perplexity’s request for a stay pending appeal but granted a 7-day administrative stay from March 9 so the company can seek a stay from the Ninth Circuit. The court also denied a bond requirement.
Amazon’s Response
Amazon spokesperson Lara Hendrickson told Bloomberg the preliminary injunction “will prevent Perplexity’s unauthorized access to the Amazon store and is an important step in maintaining a trusted shopping experience for Amazon customers.”
Amazon has maintained throughout the case that third-party agents must identify themselves and operate with the platform’s consent. In a statement alongside the lawsuit, the company objected to Comet offering a “significantly degraded shopping and customer service experience.” CEO Andy Jassy said on an earnings call that Amazon expected to partner with third-party agents over time, but on its own terms.
Background
Amazon sent Perplexity a cease-and-desist letter in October, demanding the company stop disguising Comet as a Chrome browser and transparently identify its AI agents when operating on Amazon.
Perplexity responded with a blog post titled “Bullying is not innovation,” arguing that Comet acts on behalf of users who have granted it access to their own accounts. The company’s position was that a user agent inherits the user’s permissions. The court’s ruling rejects that argument, at least at this preliminary stage.
Amazon filed its lawsuit in November under the federal Computer Fraud and Abuse Act (CFAA) and California’s Comprehensive Computer Data Access and Fraud Act. The complaint alleged Perplexity accessed protected computers without authorization, put customer data at risk, and degraded the shopping experience.
Perplexity’s legal response argued that Comet only automates actions the customer directs, like adding items to a cart or completing a checkout. The company compared Amazon’s claims to a platform trying to stop users from hiring assistants to act on their behalf.
Why This Matters
The ruling offers an early look at how a federal court may treat AI agents that access a user’s authenticated account on a third-party platform without that platform’s consent.
The question at the center of this case goes beyond Amazon and Perplexity. OpenAI’s ChatGPT launched checkout features earlier this year. Google, Microsoft, and Shopify are all building or enabling agentic commerce tools. Every one of those products will eventually need to interact with platforms that may not want them there.
The court’s treatment of user permission and platform authorization as separate legal requirements at this preliminary stage gives companies new language to cite in future disputes. If the reasoning holds through trial, AI agents that access logged-in accounts could need permission from both the user and the platform owner, not the user alone.
Security is also part of the picture. Brave published details last August about a prompt injection vulnerability in Comet that allowed attackers to access data in other open browser tabs. Amazon cited Comet’s security weaknesses in its complaint as evidence of harm to customers.
A recent SEJ analysis noted that when AI browsers like Comet visit websites on a user’s behalf, the traffic is often indistinguishable from a regular Chromium browser visit. That creates measurement problems for marketers and raises questions about whether platforms can even detect when an agent is acting on their site.
Looking Ahead
The preliminary injunction stands while the full case proceeds. Perplexity has until March 16 to seek a stay from the Ninth Circuit before the order takes effect.
The broader lawsuit will test whether the CFAA applies to AI agents acting at a user’s direction on third-party platforms. How the court ultimately rules could shape how every agentic commerce product interacts with websites that haven’t opted into agent access.
Perplexity has not publicly commented on the injunction.
Featured Image: Koshiro K/Shutterstock
