The security concerns here are valid, but I think people are missing the practical reality: we've already crossed the Rubicon with tools like Claude Code and Playwright MCP.
I've been running Claude Code with full system access for months - it can already read files, execute bash, git commit, push code. Adding browser automation via an extension is actually less risky than what we're already doing with terminal access.
The real question isn't "should we give AI browser access" - it's "how do we design these systems so the human stays in the loop for critical decisions?" Auto-approving every action defeats the purpose of the safety rails.
Personally, I use it with manual approval for anything touching credentials or payments. Works great for QA testing and filling out repetitive web forms.
replies(4):