(www.anthropic.com)

795 points davidbarker | 3 comments | 26 Aug 25 19:01 UTC | HN request time: 0.239s | source

Show context

medhir ◴[26 Aug 25 19:22 UTC] No.45031022[source]▶

Personally, the only way I’m going to give an LLM access to a browser is if I’m running inference locally.

I’m sure there’s exploits that could be embedded into a model that make running locally risky as well, but giving remote access to Anthropic, OpenAI, etc just seems foolish.

Anyone having success with local LLMs and browser use?

replies(3): >>45031462 #>>45031772 #>>45033430 #

1. onesociety2022 ◴[26 Aug 25 23:07 UTC] No.45033430[source]▶

>>45031022 #

The primary risk with these browser agents is prompt injection attacks. Running it locally doesn't help you in that regard.

replies(2): >>45034703 #>>45034985 #

2. innagadadavida ◴[27 Aug 25 02:10 UTC] No.45034703[source]▶

>>45033430 (TP) #

If each LLM sessions is linked to the domain and restricted just like how we restrict cross domain communication, this problem can be solved? We can have a completely isolated LLM context per each domain.

3. medhir ◴[27 Aug 25 02:58 UTC] No.45034985[source]▶

>>45033430 (TP) #

True, I wasn’t thinking very deeply when I wrote this comment… local models indeed are prone to the same exploits.

Regardless, giving a remote API access to a browser seems insane. Having had a chance to reflect, I’d be very wary of providing any LLM access to take actions with my personal computer. Sandbox the hell out of these things.

↑

Claude for Chrome