Amazon v. Perplexity: Why Major Publishers Are Backing Amazon in the AI Agent Access Fight

Originally published on The Searchless Journal

On April 29, 2026, a coalition representing the most powerful news and media organizations in the United States walked into a federal appeals court and chose a side.

The Digital Content Next coalition, whose members include the New York Times, the Washington Post, Bloomberg, Conde Nast, Dow Jones, the Financial Times, Fox News, Hearst, NBCUniversal, News Corp, NPR, PBS, Paramount, Vox Media, Warner Bros. Discovery, and WebMD, filed an amicus brief in support of Amazon's lawsuit against Perplexity and its Comet browser.

This is not a routine legal filing. This is the first coordinated institutional response by major publishers to the specific threat of AI agents that access, extract, and redistribute their content without consent. The publishers that reach 259 million unique visitors monthly, covering 95% of the US online population, are now formally on record arguing that AI agent access to publisher content must be subject to permission, not assumption.

The case is Amazon.com, Inc. v. Perplexity AI, Inc., Case No. 26-1444, before the Ninth Circuit Court of Appeals. The outcome will determine whether brands, publishers, and platform operators can establish enforceable boundaries around how AI agents interact with their systems, or whether AI companies can freely access password-protected, login-gated, and paywalled content by mimicking human browsers.

If you run a website that generates revenue from ads, subscriptions, or analytics, the precedent this case sets will reach your doorstep regardless of whether you publish news.

The Case Timeline: How Amazon Ended Up Suing Perplexity

The dispute traces back to the second half of 2025, when Amazon's security teams detected anomalous traffic patterns originating from Perplexity's Comet browser, an AI-powered browsing agent designed to autonomously navigate the web, complete tasks, and retrieve information on behalf of users.

According to court filings, Amazon's forensic investigators isolated Comet's browser fingerprint from ordinary customer traffic. The core allegation: Comet transmitted the same user-agent string as Google Chrome, effectively spoofing a standard human-driven browser session while an AI agent operated behind it. This spoofing allowed Comet to access sections of Amazon's platform that were password-protected and gated behind authentication systems designed for human users, not autonomous agents.

Amazon did not discover this in silence. The company contacted Perplexity CEO Aravind Srinivas directly on September 12, 2025, and again on September 29, 2025, informing him that Comet's access to Amazon's password-protected systems was unauthorized. According to Amazon's filings, Srinivas did not deny the characterization.

On November 4, 2025, Amazon filed suit.

The district court issued a preliminary injunction in March 2026, blocking Comet from accessing Amazon's password-protected sections. Perplexity appealed to the Ninth Circuit, where the case now sits.

The DCN amicus brief, filed April 29, 2026, does not introduce new evidence about the Amazon-Perplexity dispute itself. Instead, it argues that the appellate court must consider the broader harm that unchecked AI agent access poses to the entire publishing industry, harm that extends well beyond Amazon's commercial interests.

A separate amicus brief from the Software and Information Industry Association, filed around the same time, reinforces the same position from the software and data industry's perspective.

Who Is Backing Amazon and What They Represent

The DCN amicus brief carries weight precisely because of who signed it. This is not a fringe advocacy group or a trade association representing niche interests. The DCN membership list reads like a who's who of American media:

The New York Times. The Washington Post. Bloomberg. Conde Nast. Dow Jones. The Financial Times. Fox News. Hearst. NBCUniversal. News Corp. NPR. PBS. Paramount. Vox Media. Warner Bros. Discovery. WebMD.

Collectively, these organizations reach 259 million unique visitors per month. That is 95% of the US online population. When a coalition representing virtually every American adult who reads news online files a legal brief arguing that AI agent access threatens their core business model, the court is obligated to treat that argument with the seriousness it deserves.

The publishers' interest in this case is specific and material. Their revenue depends on three mechanisms that AI agent spoofing directly undermines: advertising measurement, subscription value, and content extraction control. The amicus brief makes the case that Perplexity's behavior, spoofing a human browser to access gated systems, damages all three simultaneously.

The SIIA brief adds a complementary voice. The Software and Information Industry Association represents companies that produce and distribute software, digital content, and information services. Their participation signals that the concern extends beyond traditional news publishers to any organization that gates digital content behind authentication or subscription walls.

The Three Mechanisms of Publisher Harm

The DCN brief organizes its argument around three distinct categories of harm. Each one is grounded in specific data, and each one applies far beyond the publishing industry.

1. Ad Metrics Corruption

The most immediate and quantifiable harm is the corruption of advertising metrics. When an AI agent spoofs a human browser and accesses publisher content, it generates page impressions, session data, and engagement signals that look identical to legitimate human traffic in standard analytics dashboards.

The scale of the problem is staggering. The Association of National Advertisers conducted a study finding that the overall invalid traffic rate in digital advertising runs at approximately 8.5%. That 8.5% translates to an estimated $63 billion in annual lost ad revenue globally. Not all of that is attributable to AI agents, but the trajectory is clear and accelerating.

DoubleVerify's data makes the AI-specific component concrete. Their analysis found that general invalid traffic, or GIVT, increased 86% year-over-year in the second half of 2024. Of that increase, 16% was directly attributable to AI scraper traffic. Those numbers predate the broader deployment of AI browsing agents like Comet, which suggests the actual current figures are likely higher.

The DCN brief cites a specific and damaging case study: Salon, the online magazine, lost ad business from a mid-size buyer specifically because of GIVT concerns. When a buyer cannot trust that the impressions they are paying for were generated by humans rather than bots or AI agents, they pull spend. That revenue loss is direct, immediate, and unrecoverable.

For publishers operating on thin margins, the difference between 8.5% invalid traffic and 12% or 15% invalid traffic is the difference between profitability and loss. AI agent spoofing pushes the needle in the wrong direction by generating traffic that looks legitimate but carries no commercial value for advertisers.

2. Subscription Erosion

The second harm category targets the subscription model. Publishers who invest in premium, gated content depend on the value proposition that paying subscribers receive something unavailable to non-subscribers. When an AI agent can spoof its way past authentication walls, extract that content, and serve it to users through an AI interface, the subscription value proposition degrades.

This is not a theoretical concern. The DCN brief argues that AI agents like Comet create a free-rider problem at scale. Users who might otherwise subscribe to access premium content can instead ask an AI agent to retrieve and summarize that content. The publisher bears the cost of producing the content, maintaining the infrastructure, and serving the traffic, while the AI company captures the user relationship and the associated revenue.

The publishers framing this argument are not small operations experimenting with paywalls. The New York Times, the Financial Times, Bloomberg, and the Washington Post have built subscription businesses that generate hundreds of millions in annual revenue. Their investment in premium journalism is predicated on the assumption that they can control who accesses their content and under what terms. AI agent spoofing undermines that assumption at a fundamental level.

3. Data Extraction Without Compensation

The third harm category is the most forward-looking and potentially the most consequential. AI agents that access publisher content do not just read it. They extract it, process it, and incorporate it into training datasets, retrieval systems, and answer-generation pipelines. The publishers receive no compensation for this extraction, no attribution in the resulting outputs, and no control over how their content is used downstream.

This is the core of the DCN's institutional argument. Publishers invest billions annually in creating the content that AI systems depend on. The current dynamic, where AI companies access that content through spoofing or scraping without negotiating terms, represents a fundamental imbalance in the value chain. The amicus brief positions the Amazon v. Perplexity case as the first legal opportunity to establish that AI agent access is not a default right but a negotiated permission.

What This Means for Every Brand, Not Just Publishers

The DCN brief is framed around publisher interests, but the legal principle at stake applies to any organization that operates a website with gated content, authenticated systems, or revenue-dependent analytics.

Consider the implications for e-commerce companies. If Perplexity's Comet can spoof its way into Amazon's password-protected sections, the same technique applies to any e-commerce platform with login-gated pricing, inventory data, or customer-specific content. The competitive intelligence implications alone are significant: an AI agent that can access a competitor's authenticated systems and extract pricing, product, or strategy information creates an asymmetric advantage that existing trade secret and computer fraud statutes were not designed to address.

Consider the implications for SaaS companies. Platforms that gate features, data, or analytics behind authentication walls face the same vulnerability. An AI agent that mimics a legitimate user session can extract proprietary data, benchmark pricing, or scrape customer lists without triggering the access controls designed to prevent exactly that behavior.

Consider the implications for any business that relies on web analytics to make decisions. If AI agent traffic is indistinguishable from human traffic in your analytics dashboard, your conversion rate calculations, your audience segmentation, your content performance metrics, and your advertising attribution models are all corrupted. The Salon example from the DCN brief is a warning shot: when buyers lose confidence in your traffic quality, the revenue impact is immediate.

The principle the DCN is asking the Ninth Circuit to affirm is straightforward: when a website operator sets access controls, whether through authentication, rate limiting, or robots.txt directives, those controls should apply to AI agents just as they apply to any other automated system. The fact that an AI agent can mimic a human browser does not grant it the right to bypass controls designed to limit automated access.

The GEO Implication: AI Access Control Is the New robots.txt

For the generative engine optimization community, this case represents a critical inflection point. The SEO era was built on a simple social contract: publishers allow search engine crawlers to access their content in exchange for referral traffic and visibility in search results. That contract was enforced through robots.txt, a technical standard that gave publishers a mechanism to grant or deny access on a per-crawler basis.

The AI agent era has no equivalent contract. AI companies access publisher content through a combination of crawling, API access, and, as the Amazon case alleges, spoofing. Publishers have no standardized mechanism to grant or deny AI agent access, no reliable way to measure how much of their content is being extracted by AI systems, and no established framework for negotiating compensation.

The DCN's participation in the Amazon v. Perplexity case is an attempt to force the creation of that framework through the courts. If the Ninth Circuit rules that AI agent spoofing of authenticated access is unauthorized and legally actionable, it establishes a precedent that every website operator can invoke. If the court rules in Perplexity's favor, it signals that AI agents can access any content they can technically reach, regardless of the access controls the content owner has put in place.

This is why the 5W AI Citation Source Index findings matter in this context. The top 15 domains capture 68% of all AI citations. If the legal framework allows AI agents to access those domains' content without permission or compensation, the value extraction is concentrated and enormous. If the framework requires permission, the negotiation dynamics shift dramatically in favor of content creators.

For brands thinking about how Perplexity chooses sources, this case directly affects whether Perplexity, and AI companies broadly, will need to negotiate access terms with the publishers they cite. The comparison between Perplexity, Gemini, and ChatGPT referral traffic patterns will look very different if publishers can legally restrict AI agent access.

The concept of agentic commerce, where AI agents autonomously browse, compare, and purchase on behalf of users, depends on the assumption that agents can access commerce platforms freely. The Amazon v. Perplexity case tests that assumption for the first time in a federal appellate court.

The Stakes for the AI Visibility Industry

The AI visibility for publishers stack, from citation monitoring to content optimization to AI access negotiation, is being built on the assumption that publishers will increasingly want to understand and control how AI systems interact with their content. The DCN's amicus brief validates that assumption. The organizations representing 259 million monthly visitors are now formally arguing in federal court that AI access control is essential to their business survival.

If the Ninth Circuit sides with Amazon and the publishers, expect a rapid escalation in demand for tools that help brands audit their AI exposure, negotiate access terms with AI companies, and monitor AI agent behavior on their properties. If the court sides with Perplexity, expect publishers to accelerate their investment in technical countermeasures, from advanced bot detection to content watermarking to authentication systems specifically designed to resist AI agent spoofing.

Either way, the era of passive acceptance is ending. The publishers have drawn their line.

Find out which AI engines cite your brand, and which ones are accessing your content without permission. Run a free AI Visibility Audit and get a baseline report on your AI citation presence across ChatGPT, Perplexity, Gemini, Claude, and Google AI Overviews.

Sources

1. Digital Content Next, Amicus Brief, Case No. 26-1444, United States Court of Appeals for the Ninth Circuit, April 29, 2026.
2. Software and Information Industry Association, Amicus Brief Supporting Amazon, siia.net, May 1, 2026.
3. PPC Land, "Why Major Publishers Are Backing Amazon Against Perplexity's AI Spoofing," May 1, 2026.
4. Press Gazette, "Publishers Back Amazon in AI Agent Access Dispute," May 1, 2026.
5. Playwire, "Publishers Back Amazon Against Perplexity in AI Agent Dispute," May 1, 2026.
6. Association of National Advertisers, Invalid Traffic Study, 2025. Estimated $63B annual loss at 8.5% IVT rate.
7. DoubleVerify, Invalid Traffic Benchmark Report H2 2024. GIVT up 86% YoY, 16% attributed to AI scrapers.

FAQ

What is the Amazon v. Perplexity case about?
Amazon sued Perplexity in November 2025 alleging that Perplexity's Comet browser spoofed Chrome user-agent strings to access Amazon's password-protected systems without authorization. A district court issued a preliminary injunction in March 2026, and Perplexity appealed to the Ninth Circuit.

Why are publishers supporting Amazon instead of staying neutral?
Publishers see AI agent spoofing as a direct threat to ad revenue, subscription models, and content control. The DCN brief argues that if AI agents can bypass authentication by mimicking human browsers, the entire access-control infrastructure that publishers depend on becomes meaningless.

What is user-agent spoofing?
User-agent spoofing is when a browser or agent transmits a user-agent string that identifies it as a different browser. In this case, Perplexity's Comet allegedly transmitted the same user-agent string as Google Chrome while operating as an autonomous AI agent.

How does this affect brands that are not publishers?
Any company with gated content, authenticated systems, or analytics-dependent revenue faces the same risk. AI agent spoofing corrupts analytics data, enables unauthorized data extraction, and undermines access controls regardless of industry.

What happens if Perplexity wins the appeal?
A Perplexity victory would establish that AI agents can access any content they can technically reach, even behind authentication, as long as they mimic a standard browser. This would force brands to invest in AI-specific access controls and bot detection rather than relying on existing authentication systems.

Explore your brand's AI visibility and learn how to control your AI access perimeter. Visit Searchless.ai for the complete GEO platform.