Google has officially introduced computer-use capability as a native feature in its Gemini 3.5 Flash model, enabling developers to build AI agents that can autonomously interact with browser, mobile, and desktop environments while embedding dedicated security safeguards to counter emerging agentic threats.
Announced on June 24, 2026, the feature allows Gemini 3.5 Flash to see, reason, and take actions across software platforms without human intervention.
Previously, computer-use functionality was only available as a separate standalone Gemini 2.5 computer model. Its native integration into the main Flash model significantly broadens accessibility for enterprise and developer workflows.
The capability extends Gemini’s existing toolset, which already includes Search and Maps grounding by enabling agents to control real computing environments directly.
Supported use cases include continuous software testing, knowledge work automation, and long-horizon enterprise tasks spanning multiple professional applications.
Developers can access the feature through the Gemini API and the Gemini Enterprise Agent Platform, with Google also releasing a demo environment via Browserbase and a reference implementation on a public GitHub repository.
When AI agents operate in live environments, browsing websites, reading emails, or interacting with applications, they become vulnerable to indirect prompt injection attacks.
In these attacks, malicious content embedded in a webpage or document attempts to hijack the agent’s instructions, causing it to perform unintended or harmful actions on the user’s behalf.
This threat is well-documented in agentic AI systems and becomes significantly more dangerous when an agent has real-world control over a device or browser.
The risk escalates further in enterprise settings where agents may access sensitive data, internal systems, or execute irreversible actions, dramatically expanding the potential blast radius of a successful injection attack.
To address these risks, Google implemented adversarial training specifically designed to make Gemini 3.5 Flash resistant to prompt-injection attempts during live computer-use sessions.
Beyond model-level hardening, Google is releasing two optional enterprise safeguard systems. The first requires explicit user confirmation before the agent executes any sensitive or irreversible action. The second automatically terminates a task upon detecting an indirect prompt-injection attempt.
Google describes this approach as a “defense-in-depth” strategy, encouraging developers to layer these built-in protections with additional controls such as secure sandboxing environments, human-in-the-loop verification workflows, and strict access control policies.
This multi-layered philosophy reflects established security principles, acknowledging that no single control is sufficient when AI agents operate with elevated privileges in complex, unpredictable environments.
Gemini 3.5 Flash with computer-use capability is now generally available via the Gemini API and the Gemini Enterprise Agent Platform. Google has also published a dedicated safety best-practices guide covering recommended implementation controls for enterprise deployments.
The launch marks a pivotal milestone in agentic AI development, but it equally raises the security stakes. As AI agents gain real-world system access, robust prompt-injection defenses are no longer optional; they are a critical baseline requirement for any organization deploying autonomous AI in production environments.
No Comment! Be the first one.