Show HN: Prism – Let browser agents access any app

11•rkhanna23•1h ago

Hey HN, We’re Alex, Land, and Rajit. We’re building Prism (prismai.sh), a tool that helps browser agents authenticate onto websites with user credentials. Developers pass in credentials, Prism logs into a website on their behalf, and hands them back the cookies so they have an authenticated session. Here’s an example of how developers can use Prism to complete username/password flows (https://youtu.be/SEtVUnWnxuE), and here’s an example of how developers can use Prism to complete login flows that require an OTP code (https://youtu.be/fe9w9PvrwH0).

We spoke to browser agent developers and saw people copying and pasting credentials and even credit card numbers directly into model system prompts. We were surprised that there wasn’t a better way to give agents access to websites on a human’s behalf. Moreover, we noticed that every company had to build infrastructure to manage OTP, TOTP, and MFA and that auth remained a significant hurdle in agent reliability. We wondered if this was a boring part of the problem of building web automations that someone could automate away.

We started working with Casco, an autonomous security testing company, to enable their agent to access customer sites. Before a pentest, Casco makes a request to Prism’s API specifying test user credentials, a domain, and a login method. For example, give me an authenticated session for the account rajit@prismai.sh for OpenAI via OTP code over email. Our agent logs in on their behalf (without exposing credentials to a model), and we download the cookies and send them back in the response.

To maintain speed and reliability, we use playwright in most cases to login (which gives us speed), and we fallback to AI on failure (which gives us reliability). We have a number of websites we support out of the box and add new scripts as the number of websites we need to support grows. We are working on a way for the agent to update the existing playwright script on failure, so our scripts always stay up to date.

To try our api, you can use our API playground docs.prismai.sh/api-reference/endpoint/login to sign into x.com with the following API key: pk_54abb1cd0a637eb973ed690416e71a953e98f2ea839cf16529bbfa41a41bc016 .

We’d love to learn more about how other developers give agents access to their accounts. We look forward to everyone’s feedback and comments.

Comments

valianter•1h ago

Does this solve Captcha? Or is this only for people who are trying to maintain browser sessions in very niche use cases. Pen Testing is cool but I feel like the main use case is by allowing agents to work across the web on any website.

brene•1h ago

Hi Rene from Casco here. I think the post just referenced us as a customer because we use it for pentesting. For us, Prism solves the "browser agents can reliably auth into any website" problem.

rkhanna23•1h ago

This is a great question. We are broadly interested in the agent access problem (which in some cases may involve solving Captchas).

Right now, we're focused on building connectors for our customers, which has not yet involved Captcha solving.

saarth28•1h ago

I think this could be useful for us, let me DM

brene•1h ago

Hi - Rene from Casco here. Thought to share a bit about our journey of dealing with auth for browser agents before Prism. We have a diverse set of customers whose login experience differ dramatically. Sometimes it's directly accessible on request, other times, you have to click through into a "login menu", other times we'd be dealing with Google sign-in and OTP.

We initially tried manually uploading session cookies to our browser agent after we authenticate locally. But soon realized how unscalable that is. We needed a general purpose API that allows our agents to auth into any application reliably. We needed something like Prism because making an agent reliable for our vertical is hard enough and I don't want us to maintain infrastructure just for the purposes of managing test user credentials and session management. If you're using browser agents and they've "hit the auth wall", then you know what I'm talking about.

Thanks for building Prism for us and letting us be a pilot customer. The API is straightforward and a pleasure to use. Can't wait for user sign-up and GitHub auth support to come soon.

rkhanna23•1h ago

It's a pleasure to work with you. Excited to expand to more login cases and support login to more websites.

Meta launches super PAC to fight AI regulation as state policies mount

Predicting and Preventing Alzheimer's Disease

Old Books vs. Modern Books

Cloudflare Bankrolls Fascists

Ask HN: Private Discords – Invite Only

Caltech Team Sets Record with 6,100-Qubit Array

The Seven Habits of Highly Effective Crew Leads

Trump just signed an executive order approving the new TikTok proposal

To Get People Off the Street, He Pays for a One-Way Ticket Home

Factory Raises $50M Series B

U.S. once again hits new low in World Happiness Report

Notes on RL Environments

New Quasi-Moon Discovered Orbiting Earth, but It's Been Around for Decades

From Sea Peoples to Seaside Villas

Evaluating LLM-Generated Detection Rules in Cybersecurity

A Software Engineering Analysis of the XZ Utils Supply Chain Attack

A new paradigm of proactive, steerable AI

TallMountain – Stoic Virtue Ethics for an LLM Agent

The Licked Hand

Cooling water options for the new generation of nuclear power stations in the UK

Cure for the Fear of Death (1949)

What Is Nightshade?

Illiteracy Is a Policy Choice

Google to soon break yt-dlp; full JavaScript implementation is now required

The Ideas Factory?: Why I think the walking hypothesis is BS

ai.robots.txt – A list of AI agents and robots to block

Tips to protect your phone from thieves

Show HN: Mockylla, a library that allows you to easily mock out ScyllaDB tests

How to Build a Consistent LinkedIn Posting Habit

Finra Approved Amendments for Pattern Day Trading Rules