Court Finds AI Agent May Violate State and Federal Law by Accessing Amazon Accounts Without Authorization
A court in the Northern District of California has ruled at the preliminary injunction stage that when a website prohibits artificial intelligence (AI) agents from accessing user accounts, continued access by these agents may violate both state and federal law. This finding holds true even if the user has granted permission for the agent’s access. The case is currently on appeal to the US Court of Appeals for the Ninth Circuit, raising significant questions for both platform operators and AI developers.
The Case Overview
In the case of Amazon.com Services LLC v. Perplexity AI, Inc., Amazon accused Perplexity of configuring its AI agent to access users’ password-protected Amazon accounts at the users’ direction. The agent, known as Comet, allowed users to browse products and even make purchases.
Amazon’s terms of service require AI agents to identify themselves via a user-agent string and restrict their access to public sections of the website. Amazon alleged that Comet breached these terms by accessing the Amazon e-commerce platform while logged in, without identifying itself as an AI agent. This raised concerns for Amazon, which was unable to differentiate between the actions of Comet and those of a human user. Consequently, Amazon sought a preliminary injunction to halt Comet’s access.
The Court’s Decision
On March 9, 2026, Judge Maxine M. Chesney granted Amazon’s motion for preliminary injunctive relief. The court found that Amazon was likely to succeed on its claims under the federal Computer Fraud and Abuse Act (CFAA) and the California Comprehensive Computer Data Access and Fraud Act (CDAFA). A pivotal question was whether user consent for the AI agent’s access constituted sufficient authorization, or if the website operator’s terms of service prevailed.
The court sided with Amazon, determining that Comet’s access was unauthorized despite any permission granted by the user. Amazon had previously sent cease-and-desist correspondence to Perplexity, emphasizing its stance that Perplexity’s AI agent’s ongoing access was unauthorized. The court prohibited Perplexity from using AI agents to access Amazon’s protected computer systems and required the deletion of any customer data collected through unauthorized access.
Implications for Websites
Websites aiming to prevent AI agents from accessing account data or performing actions like purchasing on behalf of users should consider drafting explicit terms that prohibit such behaviors. Additionally, requiring AI agents to identify themselves as such during interactions with the website could allow for differentiated treatment of agent traffic compared to human visitors. Should AI agents violate these terms, sending cease-and-desist correspondence may bolster the argument that the access is unauthorized, supporting efforts to obtain injunctions against such conduct.
Implications for AI Agents
Developers of AI agents that access password-protected accounts must heed the potential implications of this ruling. The court’s decision suggests that violating a website’s terms of service could lead to claims under both the CFAA and CDAFA, and that user consent alone may not provide sufficient authorization when a website operator has explicitly revoked it. Nonetheless, this was a preliminary ruling, and there are significant counterarguments, including whether a website’s terms should override a user’s decision to authorize an agent to operate on their behalf, as well as the enforceability of such terms in this context.
The Ninth Circuit’s review on appeal may offer further clarity on these issues. In the interim, developers of AI agents should remain cognizant that both statutes not only provide private rights of action but also may entail potential criminal liability.
