What happened: A federal judge in San Francisco granted Amazon a preliminary injunction that stops Perplexity AI’s Comet browser from making purchases on Amazon for users, at least temporarily. The order also requires Perplexity to stop accessing Prime accounts and to destroy Amazon customer data gathered via Comet.

Why it matters: The dispute goes to a core question for “agentic commerce”: does a software agent automatically inherit the permissions of a user who authorizes it, even when the platform itself objects? The court’s early view suggests platforms can treat some agent activity as unauthorized access, even with user consent.

Wider context: Amazon argues shopping agents can bypass the company’s ad-driven shopping funnel and create new security exposure, pointing to prior reports of prompt-injection and phishing weaknesses affecting Comet. Amazon has also taken steps to force AI agents to identify themselves when accessing its services, while building its own agent-style shopping features.

Background: Amazon sued Perplexity in late 2025 under the federal Computer Fraud and Abuse Act and a California computer fraud statute, alleging Comet masked automated sessions as standard Chrome traffic. Amazon says it repeatedly warned Perplexity to stop, and the judge cited evidence that Perplexity previously shipped an update to bypass an Amazon technical block.

Amazon Wins Court Order Blocking Perplexity AI Shopping Agent — Decrypt

Singularity Soup Take: If AI agents have to “blend in” as normal browsers to work, platforms will keep treating them like botnets, not assistants—so the real unlock isn’t better checkout automation, it’s standardised agent identity, auditable consent, and clear rules for what counts as authorised access.

Key Takeaways:

• Preliminary, but powerful: The judge’s order is an interim injunction, not a final ruling, yet it immediately restricts what Comet can do on Amazon and gives Perplexity seven days before enforcement while it considers an appeal.
• User consent isn’t the whole story: The court credited Amazon’s evidence that Comet accessed password-protected Prime accounts with users’ permission but without Amazon’s authorisation, undercutting Perplexity’s argument that agents simply inherit user rights.
• Security is part of the case: Amazon cited prior disclosures of prompt-injection vulnerabilities in Comet and analysis suggesting higher phishing risk than Chrome, arguing that agentic browsing adds a new attack surface for both users and retailers.
• Commerce incentives matter: Amazon pointed to its advertising business and the value of sponsored placements between search and checkout, suggesting shopping agents could strip out monetisation layers even if they increase transaction volume.