Dev.to
6/22/2026

Browsers shipped a security model for humans. Agents are asking us to keep using it.
Short summary
Browser security was architected assuming a human user at the keyboard with intentional actions. AI agents now driving browsers replace that human while keeping the same security mechanisms intact—fundamentally breaking assumptions around same-origin policy, permission dialogs, and user gestures. Four commercial agent-browser products expose these gaps; the W3C WebMCP proposal attempts to address them.
- •Browser security assumes human intent; agents replace humans but inherit the same security model
- •Key mechanisms (same-origin policy, user gestures, permission dialogs) fail when agents read cross-origin instructions
- •Four major products (Anthropic Computer Use, Google Mariner, OpenAI Operator, Perplexity Comet) ship with these vulnerabilities
Generated with AI, which can make mistakes.
Is this a good recommendation for you?



