Amazon’s cease and desist to Perplexity over its Comet agent puts a line in the sand: who controls execution at checkout. Consumer appetite for AI shopping and a B2B shift to marketplaces suggest the momentum is one way, but the rules are being written in real time.
Amazon has drawn a line under who gets to act at checkout.
On October 31, the company sent a cease and desist letter to Perplexity alleging that Comet, its agentic browser, accessed the Amazon Store without transparent identification, degraded the shopping experience, and violated computer misuse laws. The letter demands that Comet stop disguising itself as a standard browser, identify itself when operating on Amazon, and respect Amazon’s decisions about third-party agents.
Amazon followed with a public statement on November 4 saying third-party applications that make purchases on behalf of customers should operate openly and respect a service provider’s decision on participation, arguing that this ensures a positive experience. It reiterated concerns about a “significantly degraded” customer journey.
Perplexity pushed back in a blog titled Bullying is Not Innovation, framing the dispute as a fight over user choice and the right to employ an AI assistant that acts with a user’s credentials and permissions. The company argues user agents are private, personal and powerful, and that platforms should not block them from acting on a user’s behalf.
“Perplexity is fighting for the rights of users. People love our products because they’re designed for people. User choice and freedom are at the heart of everything we build,” the statement reads.
“Perhaps that’s what makes us a target for corporate bullies. But Amazon shouldn’t forget what it’s like to be our size and passionate about a world-changing product. They too once faced intimidating threats and fought aggressively in every case to give users a better choice.”
“Amazon also forgets how it got so big. Users love it. They want good products, at a low price, delivered fast. Agentic shopping is the natural evolution of this promise, and people already demand it. Perplexity demands the right to offer it.”
Court-watchers will note the stakes. Amazon’s letter cites the Computer Fraud and Abuse Act and California’s CDAFA, details prior outreach to Perplexity in 2024 and 2025, and alleges countermeasures were circumvented after Amazon restricted Comet’s access. It also claims Comet misidentified itself as Chrome and raises security concerns based on public reports.
The timing matters; we are in Black Friday season, and agentic shopping sits at the intersection of ads, recommendations, fulfilment and payments. Platforms are moving to codify “agent terms,” requiring clear agent IDs, policy compliance and technical attestation before an assistant can place an order.
If that becomes the norm, consent signals and identity proofs for AI-initiated purchases will need to be built into checkout.
The consumer signal points one way
Worldpay’s latest UK research suggests shoppers are ready for assistance, but not full autonomy. Almost one in three UK consumers would let an AI assistant browse for them, rising to 45% among 18–34s.
Looking to 2030, shoppers expect around 7% of their online purchases to be agent-driven, implying roughly £29.2 billion of UK e-commerce spend via agents. Guardrails are non-negotiable: 60% want to approve each purchase, 58% want a 24-hour cancellation option, over half prioritise fraud protection, and many want spend caps and access to a human when things go wrong.
Assisted, reversible flows will beat full auto for now. Approval prompts, spend limits, merchant allowlists and auditable logs will be table stakes for consumer trust.
Marketplaces are becoming the operating system for B2B buying
RS2’s new whitepaper points to a structural shift as nearly half of global B2B turnover migrates to online marketplaces by 2030, with investment in marketplace platforms up around 450% since 2016.
As instant payments, account-to-account rails and super-apps blend into procurement, orchestration becomes the capability banks and PSPs need to stay in the loop. RS2 argues that AI-driven routing across cards, A2A and currencies can lift efficiency and lower cost, with ISO 20022-native stacks enabling richer risk and reconciliation data.
The direction of travel is similar in consumer and B2B: dense platforms want to manage discovery, risk and settlement in one place, while agents optimise method mix against cost, speed and rewards.
What this means for payments teams
- Identity and consent: If a bot presses buy, the stack needs delegated authentication, passkeys and session binding that prove a human authorised the agent to act. Most UK shoppers say they want to approve each purchase, so “payer-in-the-loop” patterns will dominate early deployments.
- Method selection: An effective agent will route dynamically between cards, wallets, A2A and BNPL based on interchange, acceptance, reward value, fraud risk and delivery promises. That pushes orchestration logic up into the agent layer, not just the gateway.
- Data and tokens: Expect demand for network tokenisation, EMV SRC and, eventually, an “agent-initiated” flag at network level so issuers can preserve approvals, risk scores and chargeback logic when the initiator is an agent acting for a verified user.
- Auditability and reversibility: Approval logs, change histories and time-bound cancellations are the safety valves regulators and platforms will look for, aligning with consumer expectations from the Worldpay study.
Liability is the next battleground
The dispute taxonomy changes when an agent is involved. A bad recommendation or prompt-injection is different from mis-fulfilment or counterfeit goods.
Protections are asymmetric between cards and A2A, and marketplaces will seek to allocate liability via terms and technical constraints on agents. Amazon’s letter foreshadows this by linking transparent agent identity to the ability to manage security, CX quality and returns.
Amazon’s public line is that third-party agent apps must operate openly and respect participation choices. Perplexity’s line is that user agents are an extension of the user and should not be blocked. The likely near-term outcome is not a ban on agents, but platform-defined participation: explicit agent registration, technical identification, and feature restrictions until quality and safety thresholds are met.
In practical terms, that means agent attestations, rate and scope limits, and a requirement to expose human-verifiable consent artefacts at purchase time.
