The architecture of agentic commerce: Why Amazon tried to block Comet and why you shouldn’t

Opinion – Week in Focus

The CEO of Particular Audience examines the background to the legal dispute between Amazon and the Gen AI engine Perplexity, and its implications for the future.

In November, Amazon sued Perplexity, accusing the AI startup of covertly ​accessing private Amazon customer accounts through its personal AI assistant, the Comet browser, ​and of disguising automated activity as human browsing. The lawsuit said Perplexity’s system posed security risks for customer data and that it had ignored repeated requests to stop.

Last month, a U.S. federal judge in San Francisco granted Amazon a preliminary injunction that temporarily blocked Perplexity from using the Comet browser to access Amazon’s password‑protected sections or to make purchases on behalf of Amazon users. It also required Perplexity to delete any data collected from Amazon’s protected areas in the process of making those purchases (A U.S. appeals court has since put the injunction ruling on hold).

The court’s original ruling might have established that an AI agent is not a human user; it is a third-party script executing commands. On appeal, one might have argued that blocking agents violates user agency. If a human user explicitly authorises an AI agent to act on their behalf, logging in with their credentials to execute their intent, the bot is their proxy.

As it stands today, legally and technically, user authorisation and platform authorisation are not interchangeable. Consider a person with visual impairment—they might depend on this proxy for accessibility, or grant a personal assistant, such as the Comet browser, permission to pay for goods and collect them on their behalf.

I suspect that the main issues here are security and cost: Perplexity’s Comet spoofed a standard Chrome browser to bypass bot mitigation. To a platform’s security architecture, a helpful shopping bot spoofing a browser looks exactly the same as a malicious bot executing credential stuffing, DDoS attacks, or credit card testing.

Further, to understand why Amazon pushed this to federal court, you have to look past the philosophical debate over “user extensions” and examine the raw unit economics of server architecture and retail media.

The infrastructure tax of bots

Currently, AI agents interact with commerce by scraping the visual web.

Let’s quantify the absurdity of this. If a bot executes 1,000 product queries a minute, and a retailer serves a standard 3mb webpage—complete with high-res hero banners, heavy JavaScript, and CSS for a visual layout—to a headless browser, that is three gigabytes of bandwidth and compute burned per minute.

The AI script simply parses the underlying DOM (Document Object Model) for the price and inventory, discarding the visual elements entirely.

So the retailer pays 100% of the infrastructure and compute costs to serve rich media to an entity without eyes, yielding a clinically guaranteed 0% clickthrough rate (CTR). In other words, they are paying server fees to show billboards to a robot.

Amazon’s real motivation: protecting the billboard

Amazon is an infrastructure and advertising network disguised as an “Everything Store.” Its advertising business generates tens of billions of dollars at massive margins. When a human searches for toothpaste, they click on the “Sponsored Products” link and get distracted by “Frequently Bought Together” widgets.

By contrast, a bot executes a surgical, objective procurement script. It ignores the ads entirely.

Amazon isn’t blocking a bot from buying a product; it is protecting the retail media margin that subsidises its entire e-commerce operation.

The alternative path for retailers

Most retailers are not Amazon. They do not own the internet’s infrastructure, and they desperately need net-new customer discovery.

For the broader market, being “GEO” (Generative Engine Optimisation) available is critical. You want AI assistants recommending your inventory to users.

But you cannot achieve GEO by letting bots scrape your expensive visual frontend. This is where the web must bifurcate.

Retailers need a dedicated doorway for AI, which is exactly what architectures like Retail-MCP (Model Context Protocol) enable.

Instead of rendering a heavy, ad-laden HTML page for a bot, an MCP endpoint serves only the required, permissioned data—stock, prices, loyalty incentives, and functional ad units—directly to the agent in milliseconds via a lightweight JSON (JavaScript Object Notation) payload.

This enables the retailer to eliminate the compute waste, protect its analytics from bot pollution, and still capture the sale.

The future: toll roads for bots

Will the debate over AI agents disappear when they become ubiquitous?

No, it will simply become monetised.

While the billing infrastructure doesn’t exist at scale today, the endgame is clear. Retailers will not outright ban bots; they will build toll booths.

By routing AI through secure, programmatic endpoints rather than the visual web, platforms will eventually charge micro-tolls for agentic API access or require revenue-share agreements for automated procurement.

The future of e-commerce isn’t about stopping the bots; it’s about serving them the right data for the right economic return.

James Taylor is CEO and founder at retail media platform Particular Audience