In March 2026, U.S. District Judge Maxine Chesney granted Amazon’s preliminary injunction blocking Perplexity’s Comet AI browser from accessing Amazon’s platform. The ruling established a principle with profound implications for the agentic economy: user authorization does not equal platform authorization.
Perplexity had user consent. Users chose to deploy the Comet browser agent. The agent accessed Amazon on their behalf. Amazon argued — and the court agreed — that user consent does not constitute Amazon’s authorization. The agent violated the Computer Fraud and Abuse Act and California’s Comprehensive Data Access Fraud Act despite operating with its principal’s full knowledge and approval.
The ruling creates a legal framework that maps directly to how the agentic economy will function. There are at least three distinct authorization layers in any agent transaction.
User authorization: the principal directs the agent to act. Platform authorization: the service being accessed permits the agent. Contractual authorization: both parties agree on what the agent is permitted to do within the engagement.
PocketOS showed what happens when behavioral enforcement fails — an agent deleted a production database in nine seconds. Amazon v. Perplexity shows what happens when authorization scope is undefined — an agent with full user backing still violates platform terms.
The Standard AI Service Agreement was designed for exactly this gap. Every Exacted Paper includes an execution scope that defines what the agent is authorized to do — not just what the user has enabled or what the agent can technically access. The scope is hash-locked before the first token is consumed. Neither party can claim ambiguity after the fact.
The Paper’s authorization hierarchy addresses all three layers the court identified. The SAISA defines the contractual authorization. The Trace records whether the agent operated within that authorization. The DRR resolves disputes when execution and authorization diverge.
Every enterprise deploying AI agents now operates in a legal environment where ‘the user told the agent to do it’ is not a complete defense. The Amazon v. Perplexity ruling makes authorization scope a legal requirement, not just a best practice.
Organizations need bilateral agreements that define what agents are authorized to do — and evidence infrastructure that proves whether they stayed within scope.
FIDO will authenticate the agent. Microsoft AGT will enforce behavioral policies. exact.works holds the agreement that defines what the agent was authorized to do once authenticated and deployed.
The courts have recognized that layered authorization is legally significant. The infrastructure to define, record, and enforce those layers is what separates governed deployments from liability exposure.
Every AI agent needs a contract.
exact.works →