By tarsilla-sampaio
Publication Date: 2026-04-20 14:37:00
A US federal court ruling in Amazon.com Services LLC v. Perplexity AI is emerging as an early test case for how agentic AI systems will be governed as they begin interacting directly with enterprise platforms.
A March 9 preliminary decision from the Northern District of California found AI agents may violate state and federal law when accessing password-protected systems without platform authorization, even if acting with user consent. Analysis from JD Supra and Forbes highlight the broader implication: Control over digital systems may ultimately rest with platform operators, not end users or the AI agents acting on their behalf.
At issue is whether an AI agent can act as a proxy for a user across third-party systems, or whether platform-level permissions override user intent.
The Case: User Consent vs. Platform Control
Amazon alleged that Perplexity’s AI agent, Comet, accessed users’ password-protected Amazon accounts to browse products and make purchases without identifying itself as an AI system. According to the complaint, this violated Amazon’s terms of service, which restrict agent access to public areas and require identification of automated traffic.
The court sided with Amazon at the preliminary injunction stage, finding the company was likely to succeed under both the federal Computer Fraud and Abuse Act (CFAA) and California’s Comprehensive Computer Data Access and Fraud Act (CDAFA).
Critically, the court rejected the argument that user consent alone…
