In December 2025, Legal Advocates for Safe Science and Technology (LASST) and Encode AI filed an amicus brief in the Northern District of California in Amazon.com, Inc. v. Perplexity AI, Inc., partially supporting Amazon’s motion for a preliminary injunction. On March 9, 2026, the district court granted that motion, enjoining Perplexity from using its Comet agentic browser to access password-protected sections of Amazon’s website. Perplexity appealed to the Ninth Circuit.
We will not be filing an amicus brief on appeal. This post explains why.
AI agent activity should be identifiable and traceable
Our district court brief made a narrow point: as AI agents become more capable and widespread, website operators may need to distinguish agent traffic from human visitors to deploy responsive security measures, conduct forensic analysis when something goes wrong, and hold the right parties accountable. We continue to believe that identification and traceability of AI agent activity are essential to the safe development of this technology.
But we have concerns about overbroad application of the CFAA
The core issue before the Ninth Circuit is whether Perplexity’s conduct—accessing Amazon’s site through a browser, with the user’s credentials and at the user’s direction—amounts to a violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030. The district court concluded that Amazon was likely to succeed on its CFAA claim because Perplexity lacked Amazon’s permission to access password-gated parts of its website, relying primarily on Facebook, Inc. v. Power Ventures, Inc.
We are concerned about this use of the CFAA. The statute is a criminal law, originally aimed at computer hacking. Extending CFAA liability to a company whose software accessed a website using a user’s own valid credentials, at that user’s request, raises significant questions about interoperability and freedom on the internet. While we support a norm of AI agents identifying themselves as such, we do not necessarily support platforms having free rein to block AI agents’ access once they have identified themselves, and we do not believe an AI agent accessing a platform (with express user permission) against that platform’s wishes should be criminal activity. The agent-identification interests we raised do not depend on a broad CFAA theory of liability.
Where this leaves us
There are better tools than the CFAA for building the identification and accountability norms AI agents need. We will keep pushing in those directions. We thank the district court for considering our brief, and we will continue to monitor the appeal.