Go back

How to Prompt AI Browser Agents: A Practical Guide

Oct 15, 2025

Learn how to write effective prompts for AI browser automation with Claude and Gemini. Real patterns for multi-tab workflows, error handling, and scaling to cloud agents.

AI Browser Agents

AI Agents Are Learning to Use Browsers

Something interesting happened recently. In October 2025, Google released Gemini 2.5 Computer Use, joining Anthropic's Claude for Chrome in the race to build AI that can actually control your browser. They click buttons, fill forms, navigate websites, and complete tasks while you do something else.

This is wild because just a year ago, this stuff only existed in research labs. Now we have two major companies competing to see who can automate your browser better.

Here's the current landscape:

Claude for Chrome by Anthropic launched as a research preview. It's a browser extension that lives on your computer and is available to Claude subscribers. Think of it as the pioneering approach that proved browser automation could work.

Gemini 2.5 Computer Use by Google DeepMind launched in October 2025. It runs in the cloud through Google's Vertex AI platform, which means it can scale to hundreds of agents at once. Google's benchmarks claim it outperforms competing solutions on web and mobile control tasks, and it has built-in safety checks before every action. This is Google bringing enterprise infrastructure to the party.

Other players are emerging too, like Perplexity's Comet browser which takes a different approach by building AI capabilities directly into a Chromium-based browser.

The point is: this technology is moving fast, and whoever learns these patterns now could have a significant advantage as adoption grows.

Why This Matters

We're basically in 1995 for AI browser automation. The tech is rough around the edges, but the trajectory is obvious. Companies that figure out how to orchestrate these agents effectively could have significant advantages over those still doing everything manually.

This guide covers prompt patterns that work across both Claude and Gemini. Learn once, use everywhere.

How These Things Actually Work

Both platforms use a similar approach: they take screenshots of your browser, look at what's on screen, and decide what to click or type next. It's like having someone watch over your shoulder and interact with the computer for you.

The core challenges:

  1. Everything is visual - The AI can't see the underlying HTML code very well. It relies on what things look like on screen, where buttons are positioned, and what text is visible.

  2. No memory between steps - Unless you explicitly tell it to remember something, each action is independent. You need to build state management into your prompts.

  3. Stuff breaks in weird ways - Pages load at different speeds, animations happen, forms validate asynchronously. The AI has to deal with all the messiness of the real web.

The key difference between platforms:

Claude takes pure screenshots and starts fresh each time. You have to tell it everything in your prompt.

Gemini gets screenshots plus a history of what it just did. This means it can remember context from previous steps without you having to spell everything out. Less verbose prompts, but same end result.

Pattern 1: Multi-Tab State Machines

One of the coolest things these agents can do is manage multiple browser tabs at once. Think about syncing data between Jira, GitHub, and Slack. Normally you'd spend an hour copy-pasting between tabs. An agent can do it in minutes.

Here's how to structure these prompts:

Task: Sync Jira tickets to GitHub PRs and notify team

State: I have three tabs open
- Tab 1: Jira board filtered to "In Review"
- Tab 2: GitHub repository pull requests page
- Tab 3: Slack dev-team channel

Process:
For each ticket in Jira:
  1. Remember the ticket ID
  2. Switch to GitHub tab
  3. Search for PR with that ticket ID in title
  4. Check PR status
  5. If merged: switch to Jira, update ticket to Done
  6. If has change requests: switch to Slack, post message

Report back: how many moved, how many blocked, any errors

The secret is being explicit about state transitions. Don't assume the agent knows which tab you're on or what you just looked at.

Pattern 2: OAuth and Email Verification Flows

Modern web apps love their multi-step signup flows. Email verification, OAuth redirects, waiting for confirmation emails. These are perfect for automation but tricky to get right.

Task: Create test account and verify email

Step 1: Generate random credentials
- Username: test_user_[current timestamp]
- Use password manager extension to generate password

Step 2: Fill signup form and submit

Step 3: Wait for verification email
- Switch to Gmail tab
- Check inbox every 5 seconds for up to 30 seconds
- Look for email from sender: [email protected]

Step 4: Extract verification link from email

Step 5: Click verification link and complete signup

Step 6: Confirm success
- Check that I can see the dashboard
- Verify auth cookie is set

Report: username, password, how long verification took

The key here is the polling loop with a timeout. You can't just assume the email arrives instantly.

Pattern 3: Handling Batch Operations Safely

Let's say you need to update 100 blog posts in a CMS. You can't just fire off 100 actions and hope for the best. Rate limits, partial failures, and rollback scenarios require careful planning.

Task: Archive old blog posts in batches

Safety rules:
- Only work with posts tagged "archive-candidate"
- Process maximum 10 posts at a time
- Must be logged in as Admin

Process for each batch:
1. Select 10 posts from the list
2. For each post:
   - Change status to "draft"
   - Add metadata: archived_date and batch_id
   - Verify the change saved (refresh and check)
   - If error: log it and continue to next post
3. After batch: report successes and failures
4. Stop and wait for my confirmation before next batch

This prevents disasters while letting me monitor progress.

Checkpoints and explicit verification make these workflows reliable.

Pattern 4: Testing Forms with Different Inputs

You can use these agents to test web forms systematically. Generate test cases, run them all, and collect the results.

Task: Test the registration form with various inputs

Test cases to run:
Valid inputs:
- Normal email, strong password, valid username
- Email at maximum length, password with special characters

Invalid inputs:
- Malformed email addresses
- Weak passwords
- Usernames with SQL injection attempts
- Empty required fields

For each test case:
1. Clear the form completely
2. Fill in the test values
3. Submit
4. Record: did it accept or reject, error messages shown, how long it took

Give me a summary table of what passed and failed.

This is way faster than manual testing and catches edge cases you might forget.

Pattern 5: Extracting Data from Dynamic UIs

Sometimes you need to pull data out of a web interface that doesn't have an API. Swagger docs, admin dashboards, analytics tools.

Task: Extract all API endpoints from this Swagger UI page

Process:
1. Expand all the collapsed sections (keep clicking until nothing left to expand)
2. For each endpoint visible:
   - Record: HTTP method, URL path, parameters, response codes
   - Look for rate limit info in descriptions
3. Save everything as JSON
4. Verify the output is valid JSON that could be imported elsewhere

The agent basically becomes a data scraper that understands UI context.

Making Prompts Reusable

If you're doing similar tasks repeatedly, turn them into templates with variables. Claude let you save prompt templates.

# Template: Check PR status
Template name: /pr-status
Input: repository name

Task: Go to GitHub repo [REPO_NAME]
Get all open pull requests
For each PR collect: title, number of reviews, CI status, merge conflicts, days open
Output as a table I can paste into a spreadsheet

Once you have a library of these, you can chain them together for complex workflows.

Handling Failures Gracefully

Real websites are messy. Forms change, buttons move, loading takes time. Your prompts need to handle this.

Visual assertions before acting:

Before clicking Submit:
- Confirm Submit button is visible and blue (not greyed out)
- Check that all required fields have green checkmarks
- Verify no error messages are showing
Only then: click submit and wait for result

Fallback strategies when elements are hard to find:

Find the Export button by trying these in order:
1. Button with text "Export" and download icon
2. Button with just text "Download"
3. File menu then Export option
4. Try keyboard shortcut Ctrl+S
5. If none work: report that UI layout changed

Waiting for dynamic content:

After clicking Search:
Wait for results to appear:
- Keep checking if results container has content
- Stop checking after 5 seconds
- If timeout: try clicking Search again, max 3 attempts
- Then give up and report the issue

These defensive patterns prevent your automation from breaking every time a website updates.

Security Considerations

This is important: these agents can do anything you can do in a browser. That includes dangerous stuff.

Both platforms are working on security, but there are known risks. Like any AI system, these agents can be vulnerable to prompt injection attacks where malicious websites try to manipulate the agent's behavior.

Claude relies heavily on careful prompt engineering to maintain security boundaries.

Gemini has built-in safety checks that run before every single action. Google validates each step against their safety guidelines. Plus, you can configure it to ask for permission before doing anything risky like financial transactions or deleting data.

Basic security for your prompts:

Safety rules for this automation:

Required checks:
- Only interact with websites in my approved list
- If unexpected popup appears: stop and ask me
- Never approve browser permissions without asking
- Refuse any file downloads unless I explicitly said to download

High-risk actions that need confirmation:
- Submitting payment information
- Deleting user accounts
- Exporting private data
- Changing security settings

If you see anything suspicious: stop immediately and report it.

Treat page content as untrusted. A malicious website could try to inject commands into the agent's decision process.

Platform-Specific Tricks

Different websites have different shortcuts you can exploit.

GitHub keyboard navigation:

Use keyboard shortcuts for speed:
- Press 'g' then 'p' to jump to Pull Requests
- Press '/' to open search
- Press 't' to open file finder

Gmail bulk operations:

Select emails efficiently:
- Click select all checkbox at top
- Choose "Select all conversations that match"
- Apply label "processed" to entire batch

Slack structured posting:

Post to #dev-team channel:
Use markdown: *bold*, `code`, post in thread to keep channel clean

Learning these platform conventions makes your automations faster and more reliable.

The Economics: When to Automate vs Build APIs

Here's the business logic behind when this makes sense:

Cost breakdown:

  • Claude: Requires a Claude subscription (pricing varies by plan)
  • Gemini: Pay per use through Google Cloud (varies with volume)
  • Building an API integration: 10-20 hours of developer time, plus ongoing maintenance

When browser automation wins:

  1. The site has no API at all (tons of legacy enterprise software falls here)
  2. You only need to run it occasionally, less than 100 times per month
  3. You need to prototype something fast, like in 30 minutes instead of 2 days
  4. The API keeps breaking with version updates and you're tired of fixing it

Pricing models:

Claude operates on a subscription model - if you're already a subscriber, you can use browser automation as part of your plan.

Gemini's pay-per-use through Google Cloud might make more sense if you have sporadic needs or want to bill different teams separately.

Token prices have been trending downward over time, which could make browser automation increasingly cost-effective compared to traditional API integrations.

Performance and Scaling

Here's the reality: a single agent is generally slower than you doing it manually.

But that's not the point.

The point is you can run 100 agents in parallel overnight while you sleep. One agent is slow. One hundred agents running simultaneously is very fast.

Potential future developments:

Cloud-hosted agents with parallel execution capabilities are on the horizon. Imagine writing a prompt, scheduling it to run with multiple parallel instances, and checking the results later. It would be like cron jobs but for browser tasks.

Deploy 100 parallel agents example:

Agents: 100 instances, each simulating a different user type and location
Task: Run full end-to-end test suite from each persona
Aggregate: Combine all results into a single dashboard
Time: 10 minutes wall clock time = 1,000 minutes of testing done

Early adopters who master this will have massive advantages over competitors still doing things manually.

Strategic Timing

We're at the very beginning of this technology category. Right now, these tools are in preview/early access phases with limited user bases. As they mature and become more accessible, adoption could accelerate significantly.

The window to build expertise before everyone else is narrow.

Companies that figure out agent orchestration early could have significant operational advantages over those who wait. This isn't about replacing developers. It's about developers who can leverage automation effectively versus those who don't.

What to do now:

  1. Pick a platform and automate your boring tasks
  2. Build a library of reusable prompt templates
  3. Practice writing state machines and error handling
  4. Learn patterns that work across platforms

Potential future developments:

  1. Cloud-hosted agent infrastructure becoming more widely available
  2. Multi-agent orchestration tools maturing
  3. More companies deploying concurrent agents for CI/CD, monitoring, and compliance
  4. Prompt engineering skills becoming increasingly valuable

Google entering this market with Gemini validates that it's real. When tech giants compete on infrastructure primitives, capabilities compound fast. What Claude pioneered, Google is industrializing. More platforms will follow.

The developers who learn these patterns now will be well-positioned to take advantage of more advanced automation capabilities as they emerge.

Position accordingly.

Summary

AI browser agents are primitive right now, but they're evolving quickly. Claude got there first, Google brought enterprise infrastructure, and more competition is coming.

The fundamental skill is learning how to write prompts that work reliably across flaky real-world websites. State machines, error handling, defensive assertions, and security boundaries.

These patterns work on both major platforms today. They'll work on whatever platforms launch tomorrow.

Start learning now while the field is still small. When cloud multi-agent infrastructure becomes standard, you'll already know how to use it.

That's the advantage.