Safety and control
The agent works for you, not on its own. Every sensitive action requires your approval. You can watch, pause, take over, or undo at any point.
Approval gates
Purchases, message sends, file deletions, downloads, and logins all require explicit approval before the agent proceeds. Nothing sensitive happens without your say-so.
Live view, pause, and take-over
Watch the agent work in real time. Pause execution at any step. Take manual control of the browser and hand back to the agent when ready.
Undo and revert
Made a mistake or want to try a different approach? Undo the agent's last actions and revert to a previous state.
Prompt-injection resistance
Content on a web page cannot redirect the agent's goals. The agent treats all page content as untrusted data, never as instruction. A page on one domain cannot influence tasks targeting another.
Credentials stay local
Passwords and login credentials are stored in your OS keychain. They are never sent to the cloud in plaintext. The cloud sees only that a login was completed, not the values.