alt Hacker NewsThe security concerns here are valid, but I think people are missing the practical reality: we've already crossed the Rubicon with tools like Claude Code and Playwright MCP.
I've been running Claude Code with full system access for months - it can already read files, execute bash, git commit, push code. Adding browser automation via an extension is actually less risky than what we're already doing with terminal access.
The real question isn't "should we give AI browser access" - it's "how do we design these systems so the human stays in the loop for critical decisions?" Auto-approving every action defeats the purpose of the safety rails.
Personally, I use it with manual approval for anything touching credentials or payments. Works great for QA testing and filling out repetitive web forms.
Replies
I would personally feel a lot better with a container first approach, like attaching an LLM to QubesOS windows, so the non-deterministic chaos monkey can only effect what you want them to effect
This is easy enough with dev containers but once you let a model interact with your desktop, you should be really damn confident in your backup, rollback, and restore methods, and whether an errant rm rf or worse has any way to effect those.
IME even if someone has a cloud drive and a local external drive backup they've never actually tested the recovery path, and will just improvise after an emergency.
A snapshotted ZFS system pushing to something like rsync.net (which also stores snapshots) but I don't know of any timemachine-in-a-box solutions like Apple offers (is there still a time machine product actually? Maybe it's as easy as using that, since a factory reset Mac can restore from a time machine snapshot)
what do you mainly use it for?
> we've already crossed the Rubicon with tools like Claude Code and Playwright MCP.
"we" isn't everybody here. A lot of us simply don't use these tools (I currently still don't use AI assistance at all, and if/when I do try it, I certainly won't be giving it full system access). That's a lot harder to avoid if it's built into Chrome.