Security Now #1051: "Amazon Sues Perplexity"

Date: November 12, 2025
Host: Steve Gibson
Co-host: Leo Laporte
Podcast: Security Now, TWiT.tv

Episode Overview

This episode centers on the evolving relationship between traditional web platforms and the rise of agentic (AI-driven) browsers—focusing closely on Amazon’s lawsuit against Perplexity AI. Steve and Leo also explore a range of current security and tech topics: the necessity of assembly in performance-critical software, a state ransomware story with a rare happy ending, Defi exploits, the next steps in browser security, and more. The show is rich with insights into how AI agency may fundamentally reshape user rights and the structure of the web.

Main Theme: Amazon vs. Perplexity—AI Agents, User Rights, and Platform Control

Headline Story:
Amazon is suing Perplexity AI, alleging that the agentic browser developed by Perplexity covertly accesses customer accounts and disguises its AI activity as human browsing, particularly for automating shopping on Amazon’s platform. This case highlights an emerging, complex debate: Do users have the right to agents that automate their experience, or does the platform have a right to enforce its rules—even at the expense of user freedom and innovation?

"Where exactly does the AI agency begin and end? Does Amazon, like, refuse to allow us to do anything?" — Steve Gibson (1:46:11)

Key Discussion Points & Insights

1. The New Era of Agentic Browsers (1:39:04)

Background: Agentic browsers like Perplexity’s Comet can automate online activities from shopping to bookings, blurring the line between user-driven and AI-driven actions.
The Lawsuit: Amazon claims Perplexity violated their terms by not identifying itself as a bot/agent, bypassing restrictions on automated access, and degrading the intended customer experience.
Perplexity's Defense: The AI startup frames the lawsuit as "bullying," arguing it’s anti-innovation and that they’re acting in end-users’ interests.
Broader impact: As AI agents become more adept, will commercial platforms embrace or resist customers outsourcing tasks to bots?

"Bullying is when large corporations use legal threats and intimidation to block innovation and make life worse for people." — Perplexity’s blog post (1:43:00)

2. Agency, User Rights, and the Shaping of the Web (1:47:00–1:55:00)

Soft Borders: This conflict echoes earlier debates around ad blockers and robots.txt, but raises new issues about real-time automation and agency.
Chrome Plugin Thought Experiment: If a Chrome extension operated as an agent, would Amazon’s policy be logically consistent, or is the platform seeking granular control because automation threatens their ad-based revenue model?

"This is anything but black and white... One reading is that new AI agency tools are appearing which promise to return to us some of the control that’s been taken away." — Steve Gibson (1:54:08)
Attention Economy: The core tension is between platforms that monetize attention and users seeking frictionless experiences.

3. Platform Power & Precedent (1:55:20)

Amazon’s Position: Argues for a right to block or throttle automated bots and enforces this through legal action, citing other third-party apps that identify themselves (like food delivery and travel sites).
Potential for Blockade: If agents have to self-identify, platforms can "grin and bear it" or simply block them, which could set a restrictive precedent.
The Analogy to Ad Blockers: Steve and Leo anticipate that the eventual outcome may mirror the arms race between advertisers and ad blockers, with user preferences and innovation slowly gaining legitimacy.

"My feeling is that user rights will ultimately prevail, and that Amazon and others will be forced to grin and bear it, much as websites have had to tolerate the presence of ad blockers." — Steve Gibson (1:55:00)

Notable Quotes & Memorable Moments

On the Shifting Web Power Balance:

"We were a captive audience. And now we found out a way. We found a way to get greedy. And you’ve become dependent upon our captivity." — Steve Gibson (2:39:11)
On Platform Revenue Models:

"Amazon makes more money on advertising than it does on product sales." — Leo Laporte (1:47:00)
On User Automation:

"If I told an agent that I'm looking for this Samsung, whatever it is, get me the best price... My default is Amazon and it would have broken that default." — Steve Gibson (1:57:30, paraphrased)
Summary Judgment:

"It's not at all cut and dried." — Steve Gibson (1:37:13)

Timestamps for Key Segments

00:00–01:57: Introductions; preview of main stories and major headlines.
03:38–06:43: FFMPEG’s "assembly tutorials" and the debate on real performance gain.
11:04–31:13: Nevada’s ransomware recovery story—an incident report on best-practice security response.
33:45: The "Clickfix" clipboard security exploit.
35:36: The $128 million DeFi "rounding error" hack.
52:16–59:25: Chrome’s new autofill for government IDs—is convenient identity a looming privacy disaster?
64:09: UK telcos to block number spoofing—a simple, overdue solution.
65:47: The deprecation of XSLT and why browser code must be pruned for security.
98:51: Whisper Leak – Microsoft’s side channel attack on encrypted LLM traffic.
139:04–155:59: Deep dive: Amazon Sues Perplexity, the agency of user-bots, and the coming clash over who controls the user experience online.
155:59–159:07: The gray area—philosophical and practical challenges in regulating agentic access.

Additional Security Headlines and Insights

Nevada’s Ransomware Recovery:
- Staff responded rapidly and effectively, refusing to pay ransom and restoring 90% of data within a month; an example of disciplined planning and solid backup protocol.
  
  "Governor’s teams protected core services, paid employees on time and recovered quickly without paying criminals. This is what disciplined planning delivers" — Nevada Governor, cited by Steve (19:53)
FFMPEG Assembly Lessons Debate (03:38):
- Discussion on whether assembly gives genuine 10–50x speedups, with skepticism that such claims are often due to poor high-level implementations not using vector instructions.
DeFi Rounding Exploit (35:36):
- Attacker leveraged precision loss in Ethereum-based pools to extract $128 million, illustrating why the complexity of DeFi systems is dangerous for the average user.
Chrome Autofill of IDs (52:16):
- Concerns that storing and autofilling government IDs may herald a future where such credentials are routinely expected online—a major privacy worry.
Deprecating XSLT (65:47):
- Removal of legacy technologies like XSLT is vital for security, as unsupported code increases browser attack surface.
LLM Side Channel Attack Disclosure (98:51):
- Microsoft found that TLS packet sizes/timing could reveal LLM conversation topics and worked with providers to patch the issue, underscoring the constant evolution of attack vectors.

Wider Reflections & Humor

Steve’s wry commentary on browser feature bloat:

"Evolution doesn’t only mean continually tacking on new feature after new feature… it also means trimming off the dead limbs." (76:09)
Light-hearted banter on spam and outdated technology (“impoverished audio version”), plus listeners’ gratitude for SpinRite saving RAID NAS drives—reminder that practical tech problems persist amid AI headlines.

Conclusion

This episode of Security Now is a microcosm of the hottest debates in tech: will the web remain a place where users, with the help of AI, can shape their own experiences, or will entrenched platforms reassert control through legal and technical means? As AI agency grows, user rights, privacy, and the very shape of commerce and search are up for grabs.

Listen For:

1:39:04–1:55:59 — The main discussion on Amazon vs. Perplexity and the agentic browser debate.
19:53 — Nevada’s exemplary ransomware recovery dissected.
52:16 — Chrome’s driver’s license autofill—convenience versus privacy.
98:51 — Fascinating new side channel attack on encrypted LLM data.

Memorable quote:

"We were a captive audience. And now we found out a way. We found a way to get greedy. And you’ve become dependent upon our captivity." — Steve Gibson (2:39:11)

For a deeper dive (or Steve’s detailed show notes and links), visit GRC.com/series/securitynow.

Security Now #1051: "Amazon Sues Perplexity"

Date: November 12, 2025
Host: Steve Gibson
Co-host: Leo Laporte
Podcast: Security Now, TWiT.tv

Episode Overview

Main Theme: Amazon vs. Perplexity—AI Agents, User Rights, and Platform Control

"Where exactly does the AI agency begin and end? Does Amazon, like, refuse to allow us to do anything?" — Steve Gibson (1:46:11)

Key Discussion Points & Insights

1. The New Era of Agentic Browsers (1:39:04)

Background: Agentic browsers like Perplexity’s Comet can automate online activities from shopping to bookings, blurring the line between user-driven and AI-driven actions.
The Lawsuit: Amazon claims Perplexity violated their terms by not identifying itself as a bot/agent, bypassing restrictions on automated access, and degrading the intended customer experience.
Perplexity's Defense: The AI startup frames the lawsuit as "bullying," arguing it’s anti-innovation and that they’re acting in end-users’ interests.
Broader impact: As AI agents become more adept, will commercial platforms embrace or resist customers outsourcing tasks to bots?

"Bullying is when large corporations use legal threats and intimidation to block innovation and make life worse for people." — Perplexity’s blog post (1:43:00)

2. Agency, User Rights, and the Shaping of the Web (1:47:00–1:55:00)

Soft Borders: This conflict echoes earlier debates around ad blockers and robots.txt, but raises new issues about real-time automation and agency.
Chrome Plugin Thought Experiment: If a Chrome extension operated as an agent, would Amazon’s policy be logically consistent, or is the platform seeking granular control because automation threatens their ad-based revenue model?

"This is anything but black and white... One reading is that new AI agency tools are appearing which promise to return to us some of the control that’s been taken away." — Steve Gibson (1:54:08)
Attention Economy: The core tension is between platforms that monetize attention and users seeking frictionless experiences.

3. Platform Power & Precedent (1:55:20)

Amazon’s Position: Argues for a right to block or throttle automated bots and enforces this through legal action, citing other third-party apps that identify themselves (like food delivery and travel sites).
Potential for Blockade: If agents have to self-identify, platforms can "grin and bear it" or simply block them, which could set a restrictive precedent.
The Analogy to Ad Blockers: Steve and Leo anticipate that the eventual outcome may mirror the arms race between advertisers and ad blockers, with user preferences and innovation slowly gaining legitimacy.

"My feeling is that user rights will ultimately prevail, and that Amazon and others will be forced to grin and bear it, much as websites have had to tolerate the presence of ad blockers." — Steve Gibson (1:55:00)

Notable Quotes & Memorable Moments

On the Shifting Web Power Balance:

"We were a captive audience. And now we found out a way. We found a way to get greedy. And you’ve become dependent upon our captivity." — Steve Gibson (2:39:11)
On Platform Revenue Models:

"Amazon makes more money on advertising than it does on product sales." — Leo Laporte (1:47:00)
On User Automation:

"If I told an agent that I'm looking for this Samsung, whatever it is, get me the best price... My default is Amazon and it would have broken that default." — Steve Gibson (1:57:30, paraphrased)
Summary Judgment:

"It's not at all cut and dried." — Steve Gibson (1:37:13)

Timestamps for Key Segments

00:00–01:57: Introductions; preview of main stories and major headlines.
03:38–06:43: FFMPEG’s "assembly tutorials" and the debate on real performance gain.
11:04–31:13: Nevada’s ransomware recovery story—an incident report on best-practice security response.
33:45: The "Clickfix" clipboard security exploit.
35:36: The $128 million DeFi "rounding error" hack.
52:16–59:25: Chrome’s new autofill for government IDs—is convenient identity a looming privacy disaster?
64:09: UK telcos to block number spoofing—a simple, overdue solution.
65:47: The deprecation of XSLT and why browser code must be pruned for security.
98:51: Whisper Leak – Microsoft’s side channel attack on encrypted LLM traffic.
139:04–155:59: Deep dive: Amazon Sues Perplexity, the agency of user-bots, and the coming clash over who controls the user experience online.
155:59–159:07: The gray area—philosophical and practical challenges in regulating agentic access.

Additional Security Headlines and Insights

Nevada’s Ransomware Recovery:
- Staff responded rapidly and effectively, refusing to pay ransom and restoring 90% of data within a month; an example of disciplined planning and solid backup protocol.
  
  "Governor’s teams protected core services, paid employees on time and recovered quickly without paying criminals. This is what disciplined planning delivers" — Nevada Governor, cited by Steve (19:53)
FFMPEG Assembly Lessons Debate (03:38):
- Discussion on whether assembly gives genuine 10–50x speedups, with skepticism that such claims are often due to poor high-level implementations not using vector instructions.
DeFi Rounding Exploit (35:36):
- Attacker leveraged precision loss in Ethereum-based pools to extract $128 million, illustrating why the complexity of DeFi systems is dangerous for the average user.
Chrome Autofill of IDs (52:16):
- Concerns that storing and autofilling government IDs may herald a future where such credentials are routinely expected online—a major privacy worry.
Deprecating XSLT (65:47):
- Removal of legacy technologies like XSLT is vital for security, as unsupported code increases browser attack surface.
LLM Side Channel Attack Disclosure (98:51):
- Microsoft found that TLS packet sizes/timing could reveal LLM conversation topics and worked with providers to patch the issue, underscoring the constant evolution of attack vectors.

Wider Reflections & Humor

Steve’s wry commentary on browser feature bloat:

"Evolution doesn’t only mean continually tacking on new feature after new feature… it also means trimming off the dead limbs." (76:09)
Light-hearted banter on spam and outdated technology (“impoverished audio version”), plus listeners’ gratitude for SpinRite saving RAID NAS drives—reminder that practical tech problems persist amid AI headlines.

Conclusion

Listen For:

1:39:04–1:55:59 — The main discussion on Amazon vs. Perplexity and the agentic browser debate.
19:53 — Nevada’s exemplary ransomware recovery dissected.
52:16 — Chrome’s driver’s license autofill—convenience versus privacy.
98:51 — Fascinating new side channel attack on encrypted LLM data.

Memorable quote:

"We were a captive audience. And now we found out a way. We found a way to get greedy. And you’ve become dependent upon our captivity." — Steve Gibson (2:39:11)

For a deeper dive (or Steve’s detailed show notes and links), visit GRC.com/series/securitynow.

wavePod

Security Now 1051: Amazon sues Perplexity

Powered by Wave AI

Summary

Security Now #1051: "Amazon Sues Perplexity"

Episode Overview

Main Theme: Amazon vs. Perplexity—AI Agents, User Rights, and Platform Control

Key Discussion Points & Insights

1. The New Era of Agentic Browsers (1:39:04)

2. Agency, User Rights, and the Shaping of the Web (1:47:00–1:55:00)

3. Platform Power & Precedent (1:55:20)

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Additional Security Headlines and Insights

Wider Reflections & Humor

Conclusion

Listen For:

Summary

Security Now #1051: "Amazon Sues Perplexity"

Episode Overview

Main Theme: Amazon vs. Perplexity—AI Agents, User Rights, and Platform Control

Key Discussion Points & Insights

1. The New Era of Agentic Browsers (1:39:04)

2. Agency, User Rights, and the Shaping of the Web (1:47:00–1:55:00)

3. Platform Power & Precedent (1:55:20)

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Additional Security Headlines and Insights

Wider Reflections & Humor

Conclusion

Listen For: