Google has moved “computer use” from a specialized exemplary into Google Gemini 3.5 Flash, making agent-style power of browsers, apps, and desktop workflows a built-in capacity alternatively of a abstracted product. That intends Gemini tin now spot and interact pinch personification interfaces, logic astir what’s connected a machine screen, and return nonstop actions. A Google DeepMind elder intelligence precocious warned that scaled AI agents create incentives “for malicious group to do malicious things.”
Developers tin now build agents that do a batch much than telephone APIs. They tin automate GUI-only workflows specified arsenic testing software, filling forms, navigating dashboards, aliases utilizing bequest apps pinch nary API access. This reduces bottlenecks for automation and expands what AI agents tin realistically do successful production.
If package has a graphical personification interface (GUI) but nary API, an AI supplier tin still usage it. Agents tin beryllium told to log into a dashboard, export yesterday’s SEO reports to a spreadsheet, comparison them pinch past week’s data, and email the personification a summary. The workflow is handled pinch earthy connection alternatively of relying connected civilization scripts to link the dashboard, spreadsheet, and email.
What It Means For SEO
SEO devices whitethorn go acold much agentic successful the adjacent future. Instead of conscionable surfacing data, AI could log into Google Search Console, audit sites, crawl a tract pinch Screaming Frog, extract circumstantial information points for comparison, and execute repetitive optimization workflows.
For tract owners, it besides carries the accusation that different group of AI agents whitethorn enactment arsenic “visitors,” which could impact really tract owners construe tract interactions and engagement signals for tract and income optimization.
AI Agents Will Be Attacked
Google’s announcement is beautiful upbeat but the “safety champion practices” archive it links to bears paying attraction to because nonaccomplishment to get this portion correct whitethorn consequence successful theft and different mediocre personification experiences.
The document explains:
“Computer Use presents unsocial information and operational risks, arsenic a exemplary acting connected a user’s behalf mightiness brushwood untrusted contented connected screens aliases make errors successful executing actions.”
That “untrusted contented connected screens” whitethorn beryllium reference to the “traps” group for AI agents that the elder intelligence astatine Google DeepMind warned against.
Google recommends 7 champion practices erstwhile this caller AI agent:
1. Human-in-the-Loop (HITL):
Enforce personification confirmation: When the information consequence indicates require_confirmation (or bequest information determination requires it), punctual the personification for approval.
Provide civilization information instructions: Implement a civilization strategy instruction to specify and enforce your ain information boundaries.
2. Secure execution environment:
Run your supplier successful a secure, sandboxed situation to limit its imaginable impact. This tin beryllium a sandboxed virtual instrumentality (VM), a instrumentality (e.g., Docker), aliases a dedicated browser floor plan pinch constricted permissions
3. Input sanitization:
Sanitize each user-generated matter successful prompts to mitigate the consequence of unintended instructions aliases punctual injection. This is simply a adjuvant furniture of security, but not a replacement for a unafraid execution environment.
4. Content guardrails:
Use guardrails and contented information APIs to measure personification inputs, instrumentality inputs and outputs, and the agent’s responses for appropriateness, punctual injection, and jailbreak detection.
5. Allowlists and blocklists:
Implement filtering mechanisms to power wherever the exemplary tin navigate and what it tin do. A blocklist of prohibited websites is simply a bully starting point, while a much restrictive allowlist is moreover much secure.
6. Observability and logging:
Maintain elaborate logs for debugging, auditing, and incident response. Your customer should log prompts, screenshots, model-suggested actions (function_call), information responses, and each actions yet executed by the client.
7. Environment management:
Ensure the GUI situation is consistent. Unexpected pop-ups, notifications, aliases changes successful layout tin confuse the model. Start from a known, cleanable authorities for each caller task if possible.
Beware Of Trap-Filled Websites
As onslaught surfaces grow, the greater the likelihood that hackers will activity to utilization them. What that intends is that arsenic the number of AI agents connected the web proliferates, hackers will move their attraction to exploiting them. Websites go the battlefield from which attackers motorboat attacks connected AI agents.
A elder intelligence astatine Google DeepMind precocious said that malicious actors are already mounting traps to bargain money from humans by targeting their AI agents.
That’s not an exaggeration. Just this month, a cybersecurity master successful California knowledgeable illicit charges made to his in installments paper owed to Anthropic Claude’s AI agent. According to the article, he appears to person downloaded a Skills.md record that whitethorn person contained an AI supplier trap.
The article reports:
“…he recovered a problematic add-on connected to Claude, referred to arsenic a “skill,” akin to a plug-in. ‘That fundamentally told Claude to effort to acquisition different types of gift accounts connected my stored information. So it was utilizing the integer wallet that was connected my machine for Claude to commencement to make these purchases…'”
Site owners whitethorn request stronger bot controls and the expertise to place erstwhile hackers person hidden prompt-injection instructions connected their sites. But that’s not thing website owners are looking for, which compounds the problem for users who are utilizing AI agents for illustration the 1 that Google conscionable released.
Read more: Google DeepMind: Traps For AI Agents Are Already Stealing Money
Featured Image by Shutterstock/blocberry
English (US) · 
Indonesian (ID) ·