Browser agents are AI copilots that can autonomously navigate and take actions in your browser. They show up as standalone browsers (Comet, Atlas) or Chrome extensions (Claude).

They’re especially useful in sites where search/API connectors don’t work well, like searching through Google Groups threads for a bug fix or pulling invoices from BILL.com. Anthropic released Claude CoWork yesterday, and in their launch video, they showcased their browser-use chromium extension: https://www.youtube.com/watch?v=UAmKyyZ-b9E

But enterprise adoption is slow because of indirect prompt injection risks, about which Simon Willison has written in great detail in his blogs: https://simonwillison.net/2025/Aug/26/piloting-claude-for-ch.... And before security teams can decide on guardrails, they need to know how employees are using browser agents to understand where the risks are.

So, we reverse-engineered how the Claude in Chrome extension works and built a visibility layer that tracks agent sessions end-to-end. It detects when an AI agent takes control of the browser and records which pages it visited during a session and what it does on each page (what was clicked and where text was input).

On top of that, we’ve also added simple controls for security teams to act on based on what the visibility layer captures:

(1) Block specific actions on specific pages (e.g., prevent the agent from clicking “Submit” on email)

(2) Block risky cross-site flows in a single session (e.g., block navigation to Atlassian after interacting with StackOverflow), or apply a stricter policy and block bringing any external context to Atlassian entirely.

We demo all the above features here in this 2-minute YouTube video: https://www.youtube.com/watch?v=1YtEGVZKMeo

You can try our browser extension here: https://github.com/ContextFort-AI/ContextFort

Thrilled to share this with you and hear your comments!