Three layer safety architecture
1
User Control
Takeover mode pauses for sensitive actions. Real time visibility into agent behavior. Manual approval for purchases and logins.
2
Data Privacy
Credentials not stored between sessions. Isolated browser environment. No access to your main browser's data.
3
Adversarial Defenses
Monitor model with 99% recall on prompt injection. Blocklist for malicious sites. Content policy enforcement.
No autonomous financial transactions
Operator cannot autonomously spend your money. Any action that involves payment, purchase confirmation, or financial commitment requires explicit user approval through takeover mode. This is a hard safety constraint that cannot be bypassed by prompt design or custom instructions.
Watch mode for maximum control
If you want full visibility, keep the agent's browser window visible while it works. You can see every click, every page load, and every form fill in real time. If the agent takes an unexpected action, you can interrupt and take over at any point, not just at predefined takeover checkpoints.