AI Agents and the CFAA: Amazon.Com Services V. Perplexity AI

The Ninth Circuit’s upcoming opinion in Amazon.com Services v. Perplexity AI puts the Computer Fraud and Abuse Act under a modern lens, testing whether AI agents that act on a shopper’s behalf can be deemed unauthorized intruders. At issue is the agency test first articulated by Orin Kerr, which treats a third‑party accessing an account with the owner’s consent as acting as the owner—provided the access aligns with the owner’s intent. If the AI merely follows the user’s instructions, the argument is that it should inherit the user’s authorization, sidestepping CFAA liability. Conversely, critics contend that the AI’s independent commercial motives transform the interaction into a breach, especially if Amazon’s terms explicitly forbid such automated access.

The case also revisits the “gate” doctrine emerging from Power Ventures and LinkedIn v. HiQ Labs, where courts distinguish between open‑access sites and those protected by authentication barriers. Amazon’s login system, while primarily a customer‑tracking tool, also serves as a gate that restricts certain functions to authenticated users. How the Ninth Circuit interprets this gate—whether it creates a private space deserving CFAA protection—will influence the legal landscape for countless e‑commerce platforms that rely on user credentials for personalization and transaction processing.

Beyond the immediate parties, the ruling could ripple across the AI industry, shaping how developers design bots that interact with third‑party services. A narrow reading of the CFAA may embolden startups to build more aggressive agents, while a broader interpretation could impose stricter compliance regimes, including explicit user consent mechanisms and robust terms‑of‑service enforcement. Stakeholders—from retailers to AI innovators—should monitor this case closely, as its outcome will likely become a benchmark for future disputes over automated access and digital trespass.