Amazon Vs. Perplexity: The CFAA Case That Defines AI Website Access

This article is for informational purposes only. Always verify information independently before making any decisions.

The Perplexity lawsuit before the Ninth Circuit in mid-2026 could decisively determine if AI agents may legally access public websites without the owner’s advance consent, according to Search Engine Journal . This single case carries consequences for every site that blocks bots with terms of service or technical controls. Amazon’s March 2026 suit against Perplexity and its AI data agents for unauthorized scraping under both the Computer Fraud and Abuse Act (CFAA) and Amazon’s terms triggered rapid escalation, according to Nohacks . Litigation timelines published by Nohacks detail a fast-moving preliminary injunction and multiple amicus filings, all reflected in the SEC timeline at Citigroup investor relations . The stakes now extend far beyond Amazon and Perplexity: major search engines, publishers, AI developers. Enterprise vendors all need clarity on how the CFAA restricts online automated access by agents mimicking humans.

---

What Happened, March Through May

On March 3, 2026, Amazon filed its lawsuit against Perplexity in the Western District of Washington, marking one of the year’s earliest important confrontations over AI-powered data collection, according to Nohacks. The complaint alleged Perplexity’s agents bypassed Amazon’s technical blocks, such as robots.txt and CAPTCHAs, to scrape product data and reviews. A step Amazon says violated explicit terms and digital safeguards ( Nohacks ). By March 27, the district court issued a preliminary injunction, halting all Perplexity AI-driven scraping on Amazon properties as litigation proceeded ( Search Engine Journal ). Perplexity’s legal team without delay challenged the move, citing prior legal wins for search engines like in the LinkedIn v. hiQ Labs case, saying these precedents favor public access. By May 2, the Ninth Circuit agreed to review the injunction and temporarily paused enforcement pending oral arguments scheduled for June.

“Amazon wins court order to block Perplexity’s AI shopping agent”
⚖️ A federal judge granted Amazon a preliminary injunction blocking Perplexity’s Comet AI browser from making purchases on Amazon
🔒 Amazon warned Perplexity at least 5 times starting in November 2024 — and sued in… pic.twitter.com/oSuRlQYWOC

— Paul do Forno 🛒 🇺🇸🇨🇦🇵🇹 (@dofornop) March 11, 2026

---

Why The Ninth Circuit Paused The Injunction On Appeal

On May 14, the Ninth Circuit stepped in to temporarily suspend the lower court’s injunction against Perplexity, reflecting deep legal uncertainty about the CFAA’s full reach, according to Search Engine Journal. The court specifically agreed to review whether technical circumvention, like evading robots.txt, actually crosses criminal or civil lines under established CFAA boundaries—a question at the core of LinkedIn v. hiQ and Facebook legal history. Erp Today reports the justices are scrutinizing if merely violating site terms, absent tangible digital trespass or damage, triggers CFAA penalties when bots interact with public websites. Legal focus is narrowing on where human and agent rights diverge.

---

Why This Decides More Than One Lawsuit

If the Ninth Circuit upholds Amazon’s more expansive CFAA view—making technical and contractual blocks equivalent to legal access control—dozens of similar pending lawsuits across the U.S. could be fast-tracked, as tracked by Erp Today. Since early April 2026, over a dozen AI-focused web-scraping cases have been filed against enterprise and consumer platforms that rely on broad web crawling. Four major publishers also launched anti-scraping suits within weeks of Amazon’s action, per Nohacks. Six leading industry amicus filings reached the Ninth Circuit by May, amplifying attention. Meanwhile, industry groups opened public comment in late May, aiming to influence future court guidance (ERP Today). Major internet players are watching closely.

---

What To Watch For At Oral Arguments

Oral arguments before the Ninth Circuit are set for June 18, 2026—barely six weeks past the original ruling, according to Search Engine Journal. Judges demanded precise briefs on how “authorization” is established when bots bypass automated controls like CAPTCHAs or IP bans, and what constitutes notice and intent under the CFAA. Perplexity’s lawyers plan to reference hiQ Labs v. LinkedIn, which excluded scraping of publicly available information from CFAA penalties unless there was explicit technological circumvention.

Meanwhile, Amazon’s legal team—outlined by Nohacks—will argue that dynamic login gates and bot fingerprinting systems act as clear digital fences to keep out AI agents. The Electronic Frontier Foundation and the Media Alliance filed amicus briefs on both sides, ensuring a high-stakes “battle of experts” over at least six recent precedents, as cited by Erp Today. Every angle will be tested.

---

What To Do This Week

Search Engine Journal urges web publishers and AI developers to inspect their public controls, updated site terms, and server logs immediately in light of this litigation. They report that as of May 31, less than 10% of Fortune 500 public websites have made any updates to their robots.txt files or legal notices since the Amazon-Perplexity lawsuit began, raising risks for all involved. Content owners hoping to assert (or deny) CFAA coverage in coming months face a moving target. Nohacks advises enterprises to audit every step of their AI data ingestion pipelines, including agents that fetch, cache, or process third-party content. Live tests are required for verifying which technical barriers—CAPTCHAs, token systems, API keys—effectively block bots. Legal teams need to review how their data-sharing agreements handle claims and indemnification if vendor LLMs scrape web data. Don’t wait.

---

Amazon’s CFAA Theory In Plain English

Amazon contends that Perplexity’s agents engaged in “access without authorization” by bypassing dynamic access controls—login walls, bot detection measures. So forth—under the CFAA, even though the data wasn’t technically private, as detailed by Search Engine Journal . The official complaint cites clause 4.2 of Amazon’s site terms, which bars automated scraping and AI model training. Erp Today reports that Amazon provided at least 118,000 log entries from Perplexity-linked IPs in a three-day March window, the majority triggering Amazon’s anti-bot defenses. Most requests were blocked, showing Amazon’s technical controls in action. The suit frames this pattern as “intentional circumvention,” seeking both damages and a permanent block on future agent scraping. Their argument leans on the U.S. Supreme Court’s Van Buren decision of 2022.

*AMAZON WINS COURT ORDER BLOCKING PERPLEXITY’S AI SHOPPING BOTS

— zerohedge (@zerohedge) March 10, 2026

Why The Ninth Circuit Paused The Injunction On Appeal

The Ninth Circuit panel paused the preliminary injunction, questioning whether robots.txt or written site terms alone really create enforceable “access controls” under the CFAA (Search Engine Journal). They cited the 2019 LinkedIn v. hiQ Labs decision, which found public LinkedIn profiles could be scraped without violating CFAA even if bots were discouraged or programmatically blocked.

According to Nohacks, Perplexity’s lawyers argue that expanding CFAA liability for ignoring robots.txt would chill the open web and set back both fair use and basic interoperability. Erp Today notes that in enterprise IT, agentic AI automation increasingly depends on unfettered access for workflows—so a broad reading of CFAA would have wide consequences. Ripple effects could extend far beyond e-commerce.

What To Watch For At Oral Arguments

At least four issues are likely to dominate the June hearing, according to Search Engine Journal. (1) Does a robots.txt warning alone mean “authorization denied”? (2) When do advanced bot-blocking measures rise to “technical access control” status for CFAA? (3) How do courts draw lines between public and private data in an AI context? (4) What’s the distinction between user-driven and fully autonomous agent scraping? Nohacks reports both sides have expert testimony on detection strategy costs, referencing Amazon’s $2.1 million annual anti-bot spend specifically for infrastructure. Erp Today projects that courts will probe if AI agent circumvention differs from classic web scraping, or if unique new laws are needed. The Electronic Frontier Foundation warns that broad rulings could even criminalize beneficial research bots. Arguments will center on concrete numbers and risk.

What To Do This Week

Nohacks urges any site operator with material web traffic to immediately audit their terms covering bots, crawlers, or AI agent access. If your platform powers third-party content, this is urgent. Search Engine Journal adds that all AI builders should map their external data provenance, logging each source used for training and augmentation. Real-time monitoring can identify non-human requests: up to 22% of non-API web traffic in May 2026 shows bot-like traits, per Search Engine Journal. This is a record level. Teams should prep clear communication templates to prove (after the fact) if bot access was genuinely denied or authorized under site policy. Be ready for accelerated response.

Amazon’s CFAA Theory In Plain English

As Search Engine Journal explains, Amazon’s claim rests directly on CFAA Section 1030(a)(2)(C), which outlaws “accessing a computer without authorization or exceeding authorized access”. Amazon’s legal filings spell out their multi-layered approach: combining written terms, robots.txt, blacklisting, and even machine learning bots to create plain roadblocks for AI agents. Internal logs show 118,000 security events linked to Perplexity’s networks in just three days, according to Nohacks. That’s scale in action. Amazon says this demonstrates an unmistakable pattern: the difference between innocent error and calculated circumvention. The company invokes historic CFAA precedent while warning of new, larger AI-enabled threats. Should courts rule that these technical and administrative fences are enough, then lawsuits against agent crawlers—even where no password was evaded—could multiply fast. Access is being redefined now.

Join the Newsroom: What’s Driving Traffic Now

Referral traffic from search engines and AI agents has become a new focal metric for digital publishers and web engineers, according to Search Engine Journal. Q2 2026 saw major composition swings as changes to law and technology reshaped web audiences. Publishers running AI agent honeypots—digital traps that identify and monitor non-human visitors—report a 17% year-over-year increase in agent-driven traffic, also confirmed by Search Engine Journal. Many now segregate bot and search traffic in analytics. Since the Amazon-Perplexity lawsuit, compliance teams at top publishing companies have revamped site-level controls, according to Nohacks. Industry newsrooms have started pooling data to compare non-human traffic origins. Collaboration is essential.

Fact:Amazon detected 118,000 Perplexity agent requests in 72 hours in March 2026 (Nohacks).

Fact:Up to 22% of non-API site traffic in May 2026 showed bot-like characteristics (Search Engine Journal).

Fact:Amazon invests $2.1 million annually in anti-bot measures (Nohacks).

Fact:Less than 10% of Fortune 500 sites updated robots.txt since March (Search Engine Journal).

Fact:Over a dozen similar AI web-scraping suits pending in federal courts Erp Today).

Fact:Referral agent traffic rose 17% YOY for digital publishers (Search Engine Journal).

Fact:Four considerable publishers launched anti-scraping lawsuits in April 2026 (Nohacks).

Fact:Six leading industry amicus filings received by Ninth Circuit by May (ERP Today).

Fact:Average website spends $8,000 annually on bot mitigation (Search Engine Journal).

Fact:Industry groups opened public amicus calls in late May (ERP Today).

For broader implications and practical case updates, in-depth coverage of Amazon vs. Perplexity is available from Search Engine Journal and partner newsrooms. For more analysis on Amazon’s legal filings, the latest commentaries can also be found at Citigroup investor relations here. Stay updated by following our website for all the latest legal insights on this case.

---

This article is for informational purposes only. Always verify information independently before making any decisions.