Claude for Chrome is «the next logical step,» writes Anthropic, after connecting Claude to calendars, documents and emails.
— We view browser-using AI as inevitable, they go on, and cite the large portion of work being done in the browser interface.
They now want to give Claude the ability to help there, too — and says it can click buttons and fill in forms, and can even find you a house in Seattle for $800k with some pretty specific features on Zillow.
Hidden dangers lurking in text
The kicker is that it can also be pretty dangerous to use due to prompt injection, and is only being «previewed» with 1,000 users on their Max plan — in order to have trusted users test out safety features.
The problem is hidden text that function as instructions to the AI. They can read like an «innocent» request from higher ups to delete your emails for security reasons.
In early tests, Claude for Chrome would follow such instructions, but it was later mitigated by Anthropic and requests like this are now flagged as a «suspicious security incident email.»
Limited to 1,000 testers
That’s the main reason why the Claude agent isn’t being released widely just yet. While Anthropic is making progress on prompt injections and setting up trusted websites, reducing attacks to some 11.2% — it could still end up deleting all your emails or spread sensitive information.
Anthropic is mostly concerned with financial services and adult and private content, but also instructs the new users to avoid «use of Claude for Chrome for sites that involve financial, legal, medical, or other types of sensitive information.»
They also say they will gather insights from the pilot to uncover real-world behavior and attacks that aren’t picked up by controlled tests — so if you do hop on the preview, just remember that it’s a dangerous world out there, and the Chrome plugin isn’t fully safe just yet.
Read more: Anthropic’s launch page. writeups on TechCrunch, Ars Technica and Mashable.