alt Hacker NewsI wonder if we really need agents to have control of a full computer.
Maybe a browser plugin that lets the agent use websites is enough?
What would be a task that an agent cannot do on the web?
Replies
I personally won't allow full control for a long time.
On the other hand LLMs have been a very good tool to build bespoke tools (scripts, small CLI apps) that I can allow them to use. I prefer the constraints without having to think about sandboxing all of it, I design the tools for my workflow/needs, and make them available for the LLM when needed.
It's been a great middle ground, and actually very simple to do with AI-assisted code.
I don't "vibecode" the tools though, I still like to be in the loop acting more as a designer/reviewer of these tools, and let the LLM be the code writer.
Browser plugins have a security problem that's easy to miss: the agent runs inside your existing browser profile. That means it has access to your active sessions, stored credentials, autofill data — everything you're already logged into. A sandboxed machine is actually the safer primitive for untrusted agent tasks, not the more paranoid one. I work on Cyqle (https://cyqle.in), which uses ephemeral sessions with per-session AES keys destroyed on close, because you want agents in a cryptographically isolated context — not loose inside your personal browser where one confused-deputy mistake can reach your bank session.
Every week there is a news article about some script kiddie who shot themselves in the foot after vibe coding their production-ready app, without the help of any senior engineer, because, let's face it, who needs them, right? Only to end up deleting their production database, or leaking their credentials on a html page or worse, exposing their sensitive personal data online.
I'm actually pro-agents and AI in general - but with careful supervision. Giving an unpredictable (semi) intelligent machine the ability to nuke your life seems like the dumbest idea ever and I am ready to die on this hill. Maybe this comment will age badly and maybe letting your agents "rm -rf /" will be the norm in the next decade and maybe I'll just be that old man yelling at clouds.
Run anything multi threaded?
Not sure if this is a joke
But how would claude code work from a browser environment?
Or how would an agent that orchestrates claude code and does some customer service tasks via APIs work in a browser environment?
Would you prefer it do customer service tasks via brittle and slow browser automation instead?