Anthropic has unveiled a research preview of Claude for Chrome, a browser-based AI agent powered by its Claude AI models. The initial rollout is limited to 1,000 subscribers on Anthropic’s Max plan, while a waitlist has been established for additional users interested in accessing the new feature.
The Claude for Chrome extension allows select users to engage with Claude through a sidecar window. It maintains awareness of the user’s browser activity. Users can authorize Claude to perform actions within the browser, facilitating task completion on their behalf.
The integration of AI into browsers has become a competitive area for AI labs. The aim is to create more seamless connections between AI systems and users. Perplexity recently introduced Comet, its own browser featuring an AI agent designed to assist users with various tasks. Speculation suggests that OpenAI is also developing an AI-powered browser with similar capabilities to Comet. Google has already begun integrating its Gemini models into Chrome.
This push for AI-enhanced browsers gains additional significance in light of Google’s ongoing antitrust case. A final decision in the case is anticipated shortly. The presiding judge has indicated the possibility of mandating Google to divest its Chrome browser. In response, Perplexity submitted an unsolicited bid of $34.5 billion for Chrome. OpenAI CEO Sam Altman also expressed potential interest in acquiring the browser.
Anthropic addressed potential safety concerns associated with AI agents having browser access. Brave’s security team identified a vulnerability in Comet’s browser agent. This vulnerability made it susceptible to indirect prompt-injection attacks. Such attacks involve malicious code on a website that could manipulate the agent into executing unintended instructions upon processing the page.
Perplexity responded to the reported vulnerability. Jesse Dwyer, Head of Communications at Perplexity, communicated to TechCrunch via email that the identified vulnerability raised by Brave had been addressed and resolved. The resolution underscores the importance of proactive security measures in the evolving landscape of AI-powered browser agents.
Anthropic aims to use this research preview to identify and address novel safety risks. The company has already implemented defenses against prompt injection attacks. These interventions have reduced the success rate of such attacks from 23.6% to 11.2%. This demonstrates a commitment to mitigating potential vulnerabilities as AI agents become more integrated with browser functionality.
Users have the option to restrict Claude’s access to specific websites within the app’s settings. Anthropic has implemented default restrictions, preventing Claude from accessing websites offering financial services, adult content, and pirated content. These measures are designed to protect users from potentially harmful or inappropriate online environments.
Before executing high-risk actions, such as publishing, purchasing, or sharing personal data, Claude’s browser agent will request user permission. This measure adds an additional layer of security and ensures that users retain control over sensitive operations conducted through the AI agent.
This is not Anthropic’s first venture into AI models capable of controlling computer screens. In October 2024, the company introduced an AI agent with the ability to control a PC. However, initial testing revealed limitations. The model exhibited slow performance and a lack of consistent reliability.
Agentic AI models have seen improvement. Modern browser-using AI agents, including Comet and ChatGPT Agent, have become more reliable in performing simple tasks. While capable of handling basic functions, these systems face limitations. Many agentic systems still struggle with complex problems due to the intricacies of real-world scenarios.
