{"id":4563,"date":"2025-08-27T22:43:01","date_gmt":"2025-08-27T22:43:01","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4563"},"modified":"2025-08-27T22:43:01","modified_gmt":"2025-08-27T22:43:01","slug":"claude-for-chrome-pilot-anthropic-takes-cautious-step-into-ai-browser-wars","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4563","title":{"rendered":"Claude-for-Chrome Pilot: Anthropic Takes Cautious Step Into AI Browser Wars"},"content":{"rendered":"<p>Anthropic, the company behind the Claude AI assistant, has begun testing a Chrome extension that allows the model to operate directly within the browser. The pilot, launched this week, is limited to 1,000 subscribers on the company\u2019s Max plan, which costs up to $200 per month. Other users can join a waitlist for future access.<\/p>\n<p>The extension enables Claude to perform tasks such as clicking buttons, filling out forms, scheduling meetings, and managing documents, all without requiring users to switch between apps.<\/p>\n<p>\u201cWe view browser-using AI as inevitable,\u201d the company said in a statement. \u201cSo much work happens in browsers that giving Claude the ability to see what you\u2019re looking at, click buttons, and fill forms will make it substantially more useful.\u201d<\/p>\n<p>In demonstrations, Claude has been shown finding real estate listings on Zillow, summarizing Google Docs comments, and adding items to a DoorDash cart. This puts Claude in direct competition with other AI browser agents, such as <a href=\"https:\/\/www.eweek.com\/news\/comet-ai-browser\/\" target=\"_blank\" rel=\"noopener\">Perplexity\u2019s Comet<\/a>, Google\u2019s Gemini integration in Chrome, and <a href=\"https:\/\/www.techrepublic.com\/article\/news-microsoft-edge-copilot-mode\/\" target=\"_blank\" rel=\"noopener\">Microsoft\u2019s Copilot in Edge<\/a>.<\/p>\n<h2 class=\"wp-block-heading\">Security risks in focus<\/h2>\n<p>However, the new capability comes with risks. Browser-based AI systems are vulnerable to what experts refer to as prompt injection attacks.\u00a0<\/p>\n<p>\u201cJust as people encounter phishing attempts in their inboxes, browser-using AIs face <a href=\"https:\/\/www.esecurityplanet.com\/news\/ai-agents-vulnerable-silent-hijacking\/\" target=\"_blank\" rel=\"noopener\">prompt injection attacks<\/a>\u2014where malicious actors hide instructions in websites, emails, or documents to trick AIs into harmful actions without users\u2019 knowledge,\u201d <a href=\"https:\/\/www.anthropic.com\/news\/claude-for-chrome\" target=\"_blank\" rel=\"noopener\">Anthropic wrote<\/a>.<\/p>\n<p>In controlled red-team experiments, the company ran 123 attack scenarios; it found that without safeguards, Claude carried out malicious actions 23.6% of the time. In one test, a fake email told Claude to delete all messages \u201cfor security reasons.\u201d Claude obeyed, erasing the user\u2019s inbox without asking.<\/p>\n<p>\u201cPrompt injection attacks can cause AIs to delete files, steal data, or make financial transactions,\u201d Anthropic added.<\/p>\n<p>To address these threats, <a href=\"https:\/\/www.eweek.com\/news\/anthropic-claude-opus-4-end-harmful-conversations\/\">Anthropic has rolled out a layered defense system<\/a>. Users can restrict Claude\u2019s access to specific websites and must confirm high-risk actions, such as publishing content or making purchases. Claude is also blocked from visiting certain high-risk categories, including financial services and pirated content.<\/p>\n<p>These steps helped cut the success rate of attacks nearly in half, down from 23.6% to 11.2%. For attacks targeting browser-specific vulnerabilities, like malicious code hidden in form fields, new safeguards reduced success rates from 35.7% to zero.<\/p>\n<p>Still, Anthropic admits the system is far from perfect: \u201cSome vulnerabilities remain to be fixed before we can make Claude for Chrome generally available,\u201d the company noted.<\/p>\n<h2 class=\"wp-block-heading\">A long road ahead for widespread use<\/h2>\n<p>Analysts warn that while AI agents like Claude could boost workplace productivity, they may also widen the attack surface for businesses.<\/p>\n<p>\u201cIt\u2019s critical to closely monitor and manage the use of these extensions,\u201d said Neil Shah, VP for research at Counterpoint Research, <a href=\"https:\/\/www.computerworld.com\/article\/4046913\/anthropic-invites-enterprises-to-test-letting-claude-operate-chrome-browser.html\" target=\"_blank\" rel=\"noopener\">speaking to Computer World<\/a>. \u201cAny AI extension deployed in an enterprise environment must be enterprise-grade, task-specific, and governed by strict guardrails.\u201d<\/p>\n<p>Others caution that rivals like Google and Microsoft may have an advantage due to deeper ecosystem integration, making it harder for third-party tools like Claude to achieve smooth enterprise adoption.<\/p>\n<p>For now, Anthropic is focusing on careful testing with trusted users. The company urges people to avoid using Claude for Chrome on financial, medical, or legal sites and to stick to familiar, low-risk websites while the system is refined.<\/p>\n<p>\u201cInternal testing can\u2019t replicate the full complexity of how people browse in the real world,\u201d Anthropic explained. The company says feedback from the pilot will be used to improve Claude\u2019s safety systems and teach future models to recognize new attack patterns.<\/p>\n<p><strong>The future of AI safety is unfolding now. Explore how <\/strong><a href=\"https:\/\/www.eweek.com\/news\/anthropic-claude-opus-4-end-harmful-conversations\/\"><strong>Anthropic\u2019s Claude Opus 4 is setting new standards<\/strong><\/a><strong> by tackling harmful conversations head-on.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/www.eweek.com\/news\/anthropic-claude-for-chrome\/\">Claude-for-Chrome Pilot: Anthropic Takes Cautious Step Into AI Browser Wars<\/a> appeared first on <a href=\"https:\/\/www.eweek.com\/\">eWEEK<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Anthropic, the company behind the Claude AI assistant, has begun testing a Chrome extension that allows the model to operate directly within the browser. The pilot, launched this week, is limited to 1,000 subscribers on the company\u2019s Max plan, which costs up to $200 per month. Other users can join a waitlist for future access. [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-4563","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4563"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4563"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4563\/revisions"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}