Browser Use

What Is Browser Use? How It Works Page Representation Action Space Quickstart Example Reliability Patterns Production & Safety

SECTION 01

What Is Browser Use?

Browser Use is the capability of an LLM agent to control a real web browser — Chromium, Firefox, or WebKit — through a programmatic automation layer (typically Playwright or Selenium). The agent perceives the current page state, decides what action to take next (click, type, scroll, navigate), executes that action, and observes the resulting new page state. This loop repeats until the goal is achieved.

The key value proposition: any website becomes a tool without requiring an official API. Browser agents can research competitors, fill out government forms, monitor prices, extract structured data from dynamic JavaScript-rendered pages, automate repetitive web workflows, and interact with internal web tools that lack programmatic interfaces.

Use cases:

Web research: Systematically visit multiple sites to gather and compare information
Form automation: Fill and submit multi-step forms (applications, registrations, data entry)
Data extraction: Scrape dynamic sites where traditional scrapers fail
Competitive intelligence: Monitor pricing, product changes, or job postings
Internal automation: Operate legacy web apps that have no API

Browser Use vs web scraping: Traditional scrapers use fixed CSS selectors or XPath patterns that break when the page changes. Browser agents understand the page semantically ("find the Add to Cart button") and adapt to layout changes without code updates.

SECTION 02

How It Works

The browser agent loop alternates between observation (what is on the page right now?) and action (what should I do next?).

Goal: "Go to Hacker News and extract the top 5 story titles" │ ┌──────▼──────────────────────────────┐ │ Browser Agent (LLM) │ │ │ │ Observe: screenshot / DOM of page │ │ Reason: where are the story titles?│ │ Act: extract_content(selector) │ └──────┬──────────────────────────────┘ │ action ┌──────▼──────────────────────────┐ │ Browser (Playwright) │ │ navigate(url) │ │ click(element) │ │ type(element, text) │ │ scroll(direction) │ │ extract_content(selector) │ └──────┬──────────────────────────┘ │ new page state └──► back to agent (observe)

The loop terminates when the agent's reasoning concludes the goal is achieved, a maximum step count is reached, or an error cannot be recovered from.

browser-use library: The open-source browser-use Python library (github.com/browser-use/browser-use) provides a high-level agent interface on top of Playwright. It handles the observe-act loop, page parsing, and LLM integration. You provide the goal; it handles the rest.

SECTION 03

Page Representation

How you represent the page to the LLM is the most important engineering decision in a browser agent. The LLM cannot see the browser directly — it receives a processed view of the page state. Three main representations exist, each with tradeoffs.

1. Screenshot (vision): Send a screenshot of the current browser viewport to a multimodal LLM. The model reasons visually about what to click. Pros: works on any page including canvas-heavy UIs. Cons: expensive per step, coordinates can be imprecise, visual context may miss hidden elements.

2. Accessibility tree (a11y tree): Parse the browser's accessibility tree — a structured representation of interactive elements (buttons, links, inputs) with their labels and roles. Much more compact than a screenshot and easier for the LLM to reason about. Most production browser agents use this.

3. Simplified DOM: Strip the raw HTML to just essential elements (links, buttons, inputs, headings) and their text. Sits between screenshot and full DOM in terms of information density.

# Accessibility tree representation (simplified): [1] Link "Y Combinator" (href="/news") [2] Link "new" (href="/newest") [3] Link "past" (href="/front?day=2026-03-30") [4] Span "1." [5] Link "Show HN: An open-source coding agent" (href="item?id=...") [6] Span "312 points by user42 | 147 comments" ... # Agent reasoning: "I can see story [5] with link text. I'll extract [5] through [50]." # Agent action: extract_content("[4]-[50]")

Tradeoff summary: Use screenshots for visual-heavy pages (maps, charts, canvas apps). Use accessibility trees for standard web pages. Never send the full raw DOM — even a simple page can be 500KB of HTML that overwhelms the context window.

SECTION 04

Action Space

The action space defines what the agent can do. A well-designed action space is expressive enough to handle most web tasks but constrained enough that the agent uses actions correctly.

Standard browser actions:

navigate(url): Go to a URL. Used at the start and when following links.
click(element_id or selector): Click a button, link, checkbox, or other clickable element.
type(element_id, text): Type text into an input field, textarea, or contenteditable.
scroll(direction, amount): Scroll the page to reveal more content.
extract_content(selector or region): Extract text content from a portion of the page.
wait(seconds): Wait for dynamic content to load before taking the next action.
go_back(): Navigate back in browser history.
done(result): Signal task completion and return the result.

Stopping action: Always include a done(result) action. Without it, the agent has no way to signal completion and may loop indefinitely checking if it's done.

SECTION 05

Quickstart Example

Using the browser-use library for a simple research task:

# pip install browser-use playwright langchain-anthropic # playwright install chromium from browser_use import Agent from langchain_anthropic import ChatAnthropic import asyncio async def main(): llm = ChatAnthropic(model="claude-opus-4-5") agent = Agent( task="Go to https://news.ycombinator.com and return " "the titles and URLs of the top 5 stories.", llm=llm, # Optional: use_vision=True for screenshot-based observation ) result = await agent.run(max_steps=20) print(result.final_result()) asyncio.run(main())

For custom browser control with direct Playwright:

import anthropic, asyncio from playwright.async_api import async_playwright client = anthropic.Anthropic() async def get_page_state(page) -> str: # Simplified: get page title + visible links title = await page.title() links = await page.evaluate( "() => Array.from(document.querySelectorAll('a')).slice(0,20)" ".map(a => ({text: a.textContent.trim(), href: a.href}))" ) return f"Page: {title}\nLinks: {links}" async def browse(goal: str): async with async_playwright() as p: browser = await p.chromium.launch(headless=True) page = await browser.new_page() await page.goto("https://news.ycombinator.com") for _ in range(10): state = await get_page_state(page) resp = client.messages.create( model="claude-opus-4-5", max_tokens=500, messages=[{ "role": "user", "content": f"Goal: {goal}\n\nPage state:\n{state}\n\nWhat is the result?" }] ) print(resp.content[0].text) break # single pass for demo asyncio.run(browse("List the top 3 Hacker News stories"))

SECTION 06

Reliability Patterns

Browser agents frequently encounter failure modes that don't exist in API-based tools. These patterns significantly improve reliability in production.

Step limiting and loop detection: Set a hard cap on steps (typically 20–50 for most tasks). Track which pages the agent has visited and actions it has taken. If the agent repeats the same action 3 times without progress, escalate to human review.

Error recovery: When an action fails (element not found, page load timeout, CAPTCHA), give the agent explicit recovery options: try an alternative selector, reload the page, or navigate to the home page and restart. Don't silently retry the same failed action.

Goal verification: After the agent signals completion, run a verification pass: did the agent actually achieve the goal? For data extraction, validate that the output matches the expected format and isn't empty. For form submission, verify the confirmation page loaded.

Structured output: Ask the agent to return results in structured JSON rather than natural language. This makes downstream processing reliable and errors obvious.

Anti-bot detection: Most production websites use bot detection (Cloudflare, reCAPTCHA, behavioral fingerprinting). Browser agents are frequently blocked on high-traffic commercial sites. Ensure compliance with the site's terms of service and robots.txt before deploying. CAPTCHAs require human intervention — never attempt to bypass them programmatically.

SECTION 07

Production & Safety

Deploying browser agents in production requires careful attention to security, legal compliance, and operational reliability.

Security: Run browsers in isolated Docker containers with no access to the host filesystem or internal network. Use dedicated browser profiles with no saved passwords or payment methods. Never let an agent access URLs or sites outside a predefined allowlist for sensitive workflows.

Credential safety: Never inject credentials into the agent's context window. Use a separate credential injection step after the agent has navigated to the login form — don't let the LLM see or handle passwords. Consider a human-in-the-loop step for any action involving financial transactions or account changes.

Legal compliance: Respect robots.txt and terms of service. Many sites explicitly prohibit automated access. Competitive scraping of certain data (financial, personal) may have legal implications. Always consult legal before deploying agents that interact with third-party sites at scale.

Monitoring: Log every agent step, the page state observed, and the action taken. Set up alerts for high error rates, unusual action patterns, and unexpected navigation to sensitive domains. Implement rate limits to prevent inadvertent denial-of-service on target sites.

Starting point: Before building a custom browser agent, check if the target site has a public API. APIs are faster, cheaper, more reliable, and legally clearer than browser automation. Use browser agents specifically for cases where no API exists.

Table of Contents

What Is Browser Use?

How It Works

Page Representation

Action Space

Quickstart Example

Reliability Patterns

Production & Safety

Related concepts