"Undisclosed bot activity that masquerades as human clicks." That phrase, buried in Amazon's November 2025 complaint, deserves more attention than the lawsuit itself. Amazon alleges Perplexity's Comet browser spoofed standard Chrome user-agent strings to pass automated browsing off as human activity, then updated its evasion techniques within 24 hours of new detection measures going live.
The CFAA theory here is narrow and potent: the violation isn't accessing Amazon. It's accessing Amazon without saying you're an agent.
If courts accept that framing, every agentic browser operating on commercial platforms without explicit identity disclosure is carrying compliance risk. Jones Walker's analysis puts this in context: the case arrives just as NIST finalizes identity and authorization standards for autonomous agents. The simplest possible form of agent transparency, announcing what you are, became the legal fault line.