AI Agents Are Raising New Questions of Fraud and Privacy Liability
AI Agents Are Raising New Questions of Fraud and Privacy Liability
https://www.pymnts.com/cpi-posts/ai-agents-are-raising-new-questions-of-fraud-and-privacy-liability/
Publish Date: 2026-02-12 14:27:00
Source Domain: www.pymnts.com
Courts are beginning to answer a critical question for the digital economy: when autonomous AI agents act on a user’s behalf, who bears legal responsibility under statutes written decades before such systems existed?
A recent analysis of litigation trends by Babalakin & Co. highlights how judges are applying two established technology statutes — the federal Computer Fraud and Abuse Act (CFAA) and the California Invasion of Privacy Act (CIPA) — to disputes involving so-called agentic AI systems. For businesses building or deploying these tools, the early case law offers concrete compliance signals.
The CFAA, enacted in 1986 as an anti-hacking statute, imposes liability for accessing a protected computer “without authorization” or in a manner that “exceeds authorized access.” Its scope has been narrowed by recent precedent.
In Van Buren v. United States, the U.S. Supreme Court held that “exceeds authorized access” applies only when a user accesses off-limits areas of a computer, not when they misuse data they are otherwise entitled to obtain. And in hiQ Labs Inc. v. LinkedIn Corp., the Ninth Circuit concluded that scraping publicly available data from a site without authentication barriers does not violate the “without authorization” prong.
By contrast, in Facebook Inc. v. Power Ventures Inc., the Ninth Circuit found liability where the defendant circumvented IP blocking measures after receiving a cease-and-desist letter.
These precedents frame the dispute in Amazon.com Services LLC v. Perplexity AI Inc., currently pending in the Northern District of California. Amazon alleges that Perplexity’s AI agent, Comet, accessed nonpublic pages of Amazon’s platform using customer credentials while bypassing technical barriers and bot-detection measures. Perplexity argues the agent acted at the direction of authorized account holders.
The case crystallizes a central issue for agentic AI: does user authorization suffice, or can platforms…
