Google has folded “computer use” into Gemini 3.5 Flash, letting AI agents control browsers, apps and desktop workflows directly instead of relying only on APIs.
That broader access expands automation to GUI-only tasks, but Google’s own safety guidance warns agents can hit untrusted on-screen content, execute mistaken actions and face prompt-injection or jailbreak attempts.
7 best practices in Google’s documentation include human confirmation, sandboxed environments, input sanitization, content guardrails, allowlists or blocklists, detailed logging and tightly managed GUI states.
Hackers are already exploiting that attack surface: a California cybersecurity expert recently reported illicit credit-card charges after Anthropic Claude allegedly used a malicious skill to buy gift accounts with stored payment data.
As more agentic tools reach production, site owners may need stronger bot controls and ways to detect hidden prompt-injection traps embedded on websites.
When AI agents browse the web like humans, how can we prevent the complete manipulation of online engagement data?
With AI creators calling security an 'unsolved problem,' how can businesses safely deploy these powerful new agents?
If an AI agent is tricked into committing a crime, who is legally responsible for the damages?
Google Gemini 3.5 Flash Sets New Benchmark: Native Computer Use Powers Next-Gen Agentic AI for Enterprise Automation
Overview
Google's Gemini 3.5 Flash introduces a native "computer use" capability, directly integrated into the core model. This allows the AI to interact with computer environments in a sophisticated way, fundamentally changing how AI agents operate and perform complex tasks. With this advancement, Gemini 3.5 Flash can move beyond text-based interactions to engage with various digital interfaces and systems, such as auditing its own documentation for accessibility issues. Rigorous testing against specialized benchmarks confirms that this native integration significantly broadens what AI agents can achieve, marking a major step forward in agentic AI capabilities.