Safety layers
Cloud IsolationEvery task runs in its own sandbox. No access to your local machine, files, or other tasks.
Scoped CredentialsMinimal access tokens for each connected service. Not shared across tasks.
Human Approval GatesPauses before irreversible actions: publishing, sending emails, pushing code, financial transactions.
Audit LogsEvery tool call, file write, and API interaction is logged and reviewable.
BrowseSafe is not bulletproof
While BrowseSafe adds a layer of protection against prompt injection attacks (hidden instructions on web pages designed to manipulate the agent), independent security researchers found significant gaps. Treat it as one defense layer among many, not a guarantee. Always review Computer's outputs for sensitive workflows, and be cautious about connecting high stakes accounts (like financial services) during the early days of the platform.