Agents in the Browser & Office: Chrome and Microsoft 365
These agents act inside your logged-in session and your own files — powerful for drafting and data work, and exactly why they need careful supervision. Learn what they do, and where the line is.
Two more hires: in the browser, and in Office
Where Cowork works on your files, these two work where you already do — your browser and your Office documents.
Claude for Chrome Beta
A browser agent in a side panel that sees the active tab and can navigate, click, fill forms, extract data and run multi-step workflows.
Use cases: managing calendars, drafting email replies, expense reports, pulling structured data — and driving a web UI a connector can't reach (like QuickBooks).
Claude for Microsoft 365 GA
Claude inside Excel, PowerPoint and Word (Outlook in beta) — reading, editing and drafting where you work.
Highlights: Excel reads whole workbooks with cell-level citations and preserves formulas; PowerPoint builds on-brand slides; Word does tracked-changes edits; Outlook drafts before send. Skills can live in the sidebars.
The new phishing: prompt injection
The leading security risk for browser and agentic tools. Hidden instructions inside a web page or document can try to hijack the agent into doing something you never asked for.
It acts as you
You log in first (including 2FA). The agent operates inside your authenticated session — so it can do what you can do.
Pages can lie to it
A booby-trapped page or document may carry hidden text telling the agent to "ignore your task and do X". Mitigations reduce this — they don't eliminate it.
So you supervise
Anthropic restricts some high-risk site categories by default and advises against unsupervised use for financial transactions, passwords, or sensitive personal data.
Spot the Risk
An agent is about to do each of these. Call it: safe to let run, fine with a quick review, or never unsupervised?
The line: drafting and reading are low-risk; acting on money, passwords, sensitive data, or anything irreversible is human territory. Treat any page or document an agent reads as potentially trying to give it secret instructions.