BrowserMan

Browser delegation is not a replacement for clean APIs

Use APIs, CLIs, and MCP when they expose the right action. Use delegated browser access when real work is trapped inside logged-in web UIs.

AI agents should not use browsers for everything.

That sounds strange coming from BrowserMan, but it is the distinction that makes the category more useful.

If a product exposes a good API, use the API. If it has a safe CLI, use the CLI. If it has an MCP server or another first-party action interface with the right semantics, use that. Agents should not pretend to click buttons when the product has already exposed a cleaner way to express intent.

Browser delegation matters for the other half of the world: the workflows that still live inside logged-in web UIs.

Clean interfaces are better when they exist

A good action interface gives the agent a shape to work inside.

It can expose intent instead of pixels. It can validate inputs. It can return structured errors. It can enforce permissions closer to the system of record. It can avoid selector changes, broken buttons, surprise modals, and all the other boring failure modes that make browser automation feel fragile.

That is why the recent wave of agent-friendly product surfaces is healthy.

Support tools are adding CLIs so agents can read conversations, summarize context, and draft replies without getting full database access. Email and infrastructure tools are adding APIs, SDKs, CLIs, MCP servers, and docs written for agents. Larger platforms are moving toward headless interfaces where the API or command surface is not a secondary integration path, but the primary interface for software actors.

That is the right direction.

When the product knows what an action means, the product should expose that action directly.

But a lot of real work is still trapped in logged-in UI

The problem is that most business workflows are not fully represented by clean interfaces.

Operators still work through admin dashboards, customer support inboxes, CRMs, CMS publishing screens, ad managers, ecommerce return flows, vendor portals, internal tools, banking pages, insurance portals, government forms, procurement systems, and one-off client dashboards.

Some of those systems have APIs. Many do not. Some have APIs that cover reads but not writes. Some have APIs that exist on paper but are too slow to integrate for the workflow at hand. Some have multiple disconnected tools where the human process is the integration layer.

That is where browser delegation becomes useful.

Not because clicking is elegant. It usually is not.

It is useful because the logged-in browser is where the work already happens.

The browser session is authority

A signed-in browser is not just context. It is authority.

It can see customer records. It can submit forms. It can publish pages. It can send replies. It can issue refunds. It can update CRM fields. It can change settings. It can move money, spend budget, or expose private data.

So the real question is not “can the agent use a browser?”

The real questions are:

  • What can it inspect?
  • What can it draft?
  • What can it submit?
  • Which actions need approval?
  • What evidence does it leave?
  • How does the user revoke access?

That is a different product problem than browser automation.

It is delegated authority.

The useful rule

The rule I keep coming back to is simple:

Use the API when the API is good.

Use the CLI when the CLI is safe.

Use MCP or another first-party action interface when the product exposes the right semantics.

Use delegated browser access when the real workflow only exists inside a logged-in UI.

This avoids two bad extremes.

The first extreme is browser maximalism: acting like agents should operate every product through a visual browser because that is how humans do it. That creates unnecessary fragility and ignores the work product teams are doing to make better agent interfaces.

The second extreme is API fantasy: acting like every real workflow can be expressed through clean endpoints today. That ignores the messy operational reality of SaaS tools, admin portals, customer accounts, and internal workflows.

The interesting product layer sits between those extremes.

Where BrowserMan fits

BrowserMan is for the delegated browser-session layer.

The agent may run in the cloud, in a workflow runner, inside an IDE, or from another machine. The user’s real Chrome session stays with the user. Cookies stay local. The agent gets controlled access to the browser authority the user chooses to delegate.

That matters most when the task depends on authenticated web surfaces:

  • checking a support inbox before drafting a reply,
  • researching leads across logged-in tools,
  • preparing a CMS update,
  • looking up an order before a refund decision,
  • moving information between a CRM and a dashboard,
  • operating a vendor portal with no useful API,
  • or handling the one business workflow that only exists as “open these five tabs and do the thing.”

In those workflows, the browser is not the ideal interface. It is the available interface.

The product requirement is to make that delegation scoped, logged, revocable, and visible enough that the user can trust it.

Browser agents should not be browser-maximalist

The category will be healthier if browser-agent companies admit this clearly.

Browsers are not the future of every agent action. They are the bridge for the parts of work that have not yet become clean action surfaces.

Over time, more products should expose APIs, CLIs, MCP servers, and first-party agent interfaces. That is good.

But until every workflow has a clean interface, agents still need a way to work through the same logged-in surfaces people use today — without asking users to hand over credentials, copy cookies into a cloud VM, or give the agent unlimited click access.

That is the lane for delegated browser access.

Not browser automation for everything.

Browser authority, when the browser is where the work lives.