Amazon has filed a lawsuit against Perplexity, accusing the AI search company of violating Amazon Store terms by letting its Comet browser act inside customer accounts without clearly identifying itself. The case adds to a growing fight over so-called agentic browsers, which can use artificial intelligence to carry out web tasks on a user's behalf.
In its complaint, Amazon says it requires automated AI agents that access its store and private account data to disclose themselves. The company argues that transparency is necessary to protect customer data, prevent security risks and maintain control over access to its private systems. Amazon claims Perplexity configured Comet to appear as Google Chrome instead of identifying as an AI agent.
According to Amazon, that setup means the browser can enter the Amazon Store while presenting itself as if it were a standard human-operated browser. The company says that approach violates its conditions of use and creates risks for shoppers, including the possibility that attackers could exploit weaknesses in the browser to reach personal information.
Perplexity has not publicly responded in the source material, but the broader debate is about how AI agents should behave when they interact with websites designed for people, not software assistants.
Agentic browsers differ from ordinary browsers because they combine a normal web interface with an AI layer that can take actions for the user. In practice, that can mean booking travel, filling out forms or making purchases by navigating sites and clicking through pages much like a person would.
That convenience also raises questions about trust and security. Because these systems often share a user's browsing context, they may have access to passwords, cookies and other stored data. If they are allowed to act fully on a user's behalf, they can do things that look, from a website's point of view, almost identical to what the user would do manually.
The source material notes that many websites are uncomfortable with that arrangement. Some object to automated agents operating without permission. Others worry that an AI tool may degrade the shopping experience or undermine site-specific features built around a human customer journey.
Amazon's complaint highlights a separate concern as well. It says that if an AI browser misrepresents itself, the website loses the ability to know who or what is accessing its systems. That, Amazon argues, matters when access involves private customer accounts.
The source material also places the Amazon dispute in the context of prompt injection, a known problem in AI systems that process untrusted content. In those attacks, malicious text or hidden instructions inside a web page, document or image can cause the model to act in unintended ways.
In an agentic browser, that can become more serious because the model is not just reading content. It can also take actions. The source material cites examples where a malicious site or page could steer an AI agent toward the wrong purchase or even trigger account compromise.
Researchers and browser makers have already shown demonstrations of prompt injection against agentic tools, including a case involving Perplexity's Comet browser. Those examples suggest the technology can expand what is possible for attackers if safeguards are weak.
The lawsuit underscores a larger question now facing web platforms and AI developers. As browsers become capable of acting as assistants, companies will have to decide how much autonomy to allow, how to identify automated agents and where the line should be drawn between user convenience and site control.