Amazon wins the first round: Do intelligent agents need platform permission to start shopping on behalf of users?

The “sovereignty battle” between intelligent agents and internet platforms has reached an initial conclusion.

On March 9th, local time, a federal court in California approved an injunction against Amazon, prohibiting Perplexity’s AI agent from continuing to access Amazon’s website.

The controversy centers on Perplexity’s Comet AI browser, a typical intelligent agent product: users simply give commands in the web chat box, and the AI can automatically perform a series of web operations, including writing emails, booking flights, and shopping on e-commerce platforms.

In November last year, Amazon publicly opposed this behavior, accusing Perplexity of infringing by using AI proxies to access Amazon’s site, and demanded an immediate halt to such activities.

According to Amazon, Perplexity’s intelligent agent allows users to authorize the AI to browse Amazon pages and log into user accounts, completing tasks within password-protected areas. During this process, the agent can access private Amazon account information and transmit relevant data back to Perplexity’s servers.

Amazon believes this violates the Computer Fraud and Abuse Act in the United States—although with user consent, without platform authorization, it still constitutes “unauthorized access to protected computer systems.” To demonstrate damages, Amazon submitted a series of evidences to the court, including multiple cease-and-desist notices to Perplexity and the human and technical costs incurred to prevent the agent’s access.

Media reports also indicate that Amazon pointed out Perplexity’s proxy actions impact its advertising business. The company needs to modify Amazon’s ad system and develop new detection mechanisms to filter AI traffic, “because advertisers only pay for exposure to real human users.”

Based on these reasons, Amazon applied to the court for a preliminary injunction, requesting that Perplexity be barred from access during the case proceedings.

Perplexity, however, presented a very different stance in court. The company described Amazon as an “innovation bully,” arguing that AI is merely a tool for users and cannot be separated from them. The company contended that user authorization should not be considered “unauthorized access.” If the court supports Amazon’s injunction, it could hinder the iterative development of intelligent agent products.

Currently, U.S. courts are siding with Amazon. The ruling states that Amazon has a high likelihood of winning and has provided sufficient evidence. The court specifically cited a landmark case—Facebook’s 2009 lawsuit against aggregation site Power.com. The ruling noted that even with user consent, once a platform explicitly revokes authorization and issues a cease-and-desist notice, continued access by third parties still constitutes “unauthorized access.”

Therefore, the court has ordered Perplexity to temporarily stop logging into Amazon accounts on behalf of users and to destroy all Amazon data obtained. Perplexity has filed an appeal this Tuesday.

Although this is only a preliminary injunction and the case still requires formal trial, it offers a glimpse into the attitude of U.S. courts. More importantly, as “lobster”-type intelligent agents become popular, similar debates are likely to recur.

An increasing number of AIs are directly operating web pages for users, breaking the internet order dominated by apps for over a decade. We previously reported that by the end of 2024, some mobile AI assistants could perform cross-application tasks—ordering food, booking flights, or sending messages. These capabilities are novel to users but cause concern for platforms, as intelligent agents might bypass app advertising traffic and recommendation algorithms.

When AI can replace user actions, besides user authorization, is platform “dual authorization” still necessary? Currently, no clear laws or regulations in China address this core issue.

Last June, the China Software Industry Association issued a non-mandatory group standard, “Security Requirements for Intelligent Agent Task Execution,” requiring intelligent agents to obtain both user and third-party app authorization. However, the October update removed the “dual authorization” requirement.

Before regulatory clarity, many platforms are proactively setting boundaries. Amazon and eBay have explicitly prohibited AI proxies from accessing their sites in their user agreements and have blocked dozens of intelligent agents, including ChatGPT.

In China, several mainstream apps have also taken actions to ban mobile intelligent agents. On March 10th, Xiaohongshu released a community notice explicitly forbidding AI from simulating real people, creating non-authentic content, or engaging in false interactions. If all posts are AI-managed and posted, the platform will ban such accounts upon discovery.

(Source: 21st Century Business Herald)