Anthropic, the company behind the Claude AI assistant, has begun testing a Chrome extension that allows the model to operate directly within the browser. The pilot, launched this week, is limited to 1,000 subscribers on the company’s Max plan, which costs up to $200 per month. Other users can join a waitlist for future access.
The extension enables Claude to perform tasks such as clicking buttons, filling out forms, scheduling meetings, and managing documents, all without requiring users to switch between apps.
“We view browser-using AI as inevitable,” the company said in a statement. “So much work happens in browsers that giving Claude the ability to see what you’re looking at, click buttons, and fill forms will make it substantially more useful.”
In demonstrations, Claude has been shown finding real estate listings on Zillow, summarizing Google Docs comments, and adding items to a DoorDash cart. This puts Claude in direct competition with other AI browser agents, such as Perplexity’s Comet, Google’s Gemini integration in Chrome, and Microsoft’s Copilot in Edge.
Security risks in focus
However, the new capability comes with risks. Browser-based AI systems are vulnerable to what experts refer to as prompt injection attacks.
“Just as people encounter phishing attempts in their inboxes, browser-using AIs face prompt injection attacks—where malicious actors hide instructions in websites, emails, or documents to trick AIs into harmful actions without users’ knowledge,” Anthropic wrote.
In controlled red-team experiments, the company ran 123 attack scenarios; it found that without safeguards, Claude carried out malicious actions 23.6% of the time. In one test, a fake email told Claude to delete all messages “for security reasons.” Claude obeyed, erasing the user’s inbox without asking.
“Prompt injection attacks can cause AIs to delete files, steal data, or make financial transactions,” Anthropic added.
To address these threats, Anthropic has rolled out a layered defense system. Users can restrict Claude’s access to specific websites and must confirm high-risk actions, such as publishing content or making purchases. Claude is also blocked from visiting certain high-risk categories, including financial services and pirated content.
These steps helped cut the success rate of attacks nearly in half, down from 23.6% to 11.2%. For attacks targeting browser-specific vulnerabilities, like malicious code hidden in form fields, new safeguards reduced success rates from 35.7% to zero.
Still, Anthropic admits the system is far from perfect: “Some vulnerabilities remain to be fixed before we can make Claude for Chrome generally available,” the company noted.
A long road ahead for widespread use
Analysts warn that while AI agents like Claude could boost workplace productivity, they may also widen the attack surface for businesses.
“It’s critical to closely monitor and manage the use of these extensions,” said Neil Shah, VP for research at Counterpoint Research, speaking to Computer World. “Any AI extension deployed in an enterprise environment must be enterprise-grade, task-specific, and governed by strict guardrails.”
Others caution that rivals like Google and Microsoft may have an advantage due to deeper ecosystem integration, making it harder for third-party tools like Claude to achieve smooth enterprise adoption.
For now, Anthropic is focusing on careful testing with trusted users. The company urges people to avoid using Claude for Chrome on financial, medical, or legal sites and to stick to familiar, low-risk websites while the system is refined.
“Internal testing can’t replicate the full complexity of how people browse in the real world,” Anthropic explained. The company says feedback from the pilot will be used to improve Claude’s safety systems and teach future models to recognize new attack patterns.
The future of AI safety is unfolding now. Explore how Anthropic’s Claude Opus 4 is setting new standards by tackling harmful conversations head-on.
The post Claude-for-Chrome Pilot: Anthropic Takes Cautious Step Into AI Browser Wars appeared first on eWEEK.
No Responses