Anthropic presents an experiment where Claude can work inside your browser and perform actions for you. Can you imagine asking it to check your email, fill out a form, or schedule meetings without leaving the tab where you're working? This pilot is the first step toward making that real, but with a strong focus on security and user control. (anthropic.com)
What Anthropic announced
The company launched a controlled pilot called Claude for Chrome. The idea is that Claude can see what appears in your browser, click, fill forms, and carry out tasks you currently do manually. The pilot starts with limited access so the team can learn in real-world conditions before widening use. (anthropic.com)
Who gets access and how it will roll out
For now the rollout is a research preview aimed at trusted users: they’ll start with 1,000 subscribers on the Max plan from a waitlist, and expand gradually as protections are validated. Interested? You can join the waitlist and, if approved, install the extension from the Chrome Web Store. (anthropic.com)
Risks found and why they matter
Browsers are sensitive ground: they hold email, documents, logins, financial services and more. That opens the door to prompt injection attacks, where a page or email tries to trick the agent into doing something dangerous. Anthropic tested these attacks in the lab and found significant success rates without mitigations. (anthropic.com)
To give you an idea, in their initial adversarial tests the attack success rate was 23.6 percent without the new defenses. With mitigations for autonomous mode in place, that fell to 11.2 percent. In a set of four browser-specific attacks, defenses reduced the success rate from 35.7 percent to 0 percent in that controlled test. Those numbers show progress, but also why Anthropic is moving cautiously. (anthropic.com)
What controls and mitigations they implemented
Anthropic outlines several lines of defense designed to keep you in control:
- Site permissions: you can grant or revoke Claude’s access to specific pages.
- Action confirmations: Claude asks for confirmation before taking high-risk steps like posting, buying, or sharing sensitive data.
- Category blocks: whole classes of sites considered high risk—like financial services or adult content—are blocked by default.
- Improvements to
system promptsand classifiers that spot suspicious instruction patterns.
In short, the extension isn’t an unfiltered autonomous robot; it works with controls and prompts so you decide the critical steps. (anthropic.com)
How they’re testing it in practice
Inside the company they’ve already used Claude for Chrome for concrete tasks: managing calendars, drafting email replies, filing expense reports, and testing website features. But they acknowledge internal tests don’t reflect real-world variety, so they’re asking trusted testers to use the extension in authentic situations and report bugs and new attack patterns. (anthropic.com)
If you want to participate or prepare
If you want to try it, join the waitlist and, when you get access, install the extension from the Chrome store and authenticate with your Claude credentials. Meanwhile, Anthropic recommends using Claude for Chrome only on trusted sites and avoiding it on platforms that handle financial, legal, or medical information until defenses are even stronger. (anthropic.com)
A closing thought
The arrival of agents that act inside the browser raises a simple question: do you want to delegate routine tasks to an AI that interacts with your pages, or do you prefer to keep manual control? Anthropic’s proposal shows you can push functionality forward without giving up safety measures, but it also reminds us that AI innovation requires constant vigilance. Sensible approach as a user? Test cautiously and demand transparency about how and when the AI acts in your browser. (anthropic.com)