Learn the vocabulary of an AI agent navigating and interacting with a live website on a user's behalf.
0 / 5 completed
1 / 5
At standup, a dev mentions an AI agent that can navigate a live website, click through pages, and fill in a form on the user's behalf to complete a multi-step task. What is this capability called?
Agentic browsing lets an AI agent navigate a live website, click through its pages, and fill in a form on the user's behalf to complete a multi-step task, rather than only summarizing static, previously fetched content. A static screenshot has no way to actually carry out an interactive task on the user's behalf. This live-interaction capability is what distinguishes agentic browsing from a simpler web-search or page-summarization feature.
2 / 5
During a design review, the team wants the agent to pause and ask the user for explicit confirmation before submitting a form that results in an irreversible action, like a purchase. Which capability supports this?
A confirmation checkpoint pauses the agent before it submits a form leading to an irreversible action, like completing a purchase, and asks the user to explicitly approve that step. Letting the agent submit every form autonomously with no checkpoint risks an unintended real-world consequence the user never actually approved. This checkpoint is a key safety pattern for agentic browsing whenever an action can't easily be undone.
3 / 5
In a code review, a dev notices the agent's browsing session is restricted to a specific allow-listed set of domains rather than being able to navigate to any arbitrary website it encounters. What does this represent?
Domain allow-listing restricts the agent's browsing session to a specific, approved set of domains rather than letting it navigate to any arbitrary website it happens to encounter during a task. Allowing unrestricted navigation risks the agent wandering into an untrusted site that could attempt to manipulate its behavior. This scoping keeps an agentic browsing task's real-world reach limited to sites the team has actually vetted.
4 / 5
An incident report shows an agentic browsing task encountered a page containing hidden text instructing it to submit a form it wasn't asked to submit, and the agent complied. What practice would prevent this?
Treating on-page content as untrusted input, rather than letting it override the user's original task instructions, prevents a page containing a hidden instruction from hijacking the agent's actual behavior. Treating every on-page instruction as equally authoritative opens the door to exactly this kind of injection attack. This trust boundary between the user's real task and content encountered while browsing is essential for agentic browsing to be used safely.
5 / 5
During a PR review, a teammate asks why the team requires a confirmation checkpoint before an agent completes an irreversible action instead of letting it act fully autonomously end to end. What is the reasoning?
An agent can misinterpret an ambiguous page or be manipulated by content injected specifically to alter its behavior, so acting fully autonomously end to end risks an irreversible action happening without genuine user intent. A confirmation checkpoint catches that mistake before it actually takes effect. The tradeoff is the added friction and slower completion time of pausing for explicit user approval at a key step.