An AI system that can observe a user interface and take actions across software on behalf of a task. In practice, it extends identity governance beyond API access because the agent can navigate live applications, combine steps, and adapt to changing state during the session.
Expanded Definition
A computer-use agent is an AI system that can perceive a graphical or web-based interface and execute multi-step actions inside ordinary software, not just call APIs. That makes it materially different from a script, RPA bot, or headless integration because the agent adapts to changing screens, prompts, and session state while retaining execution authority.
In NHI security, the key issue is not only what the agent can reach, but what identity it is effectively using while it does so. A computer-use agent may authenticate through a browser session, a delegated user account, a service account, or a short-lived token chain, which means access decisions must account for both the agent’s autonomy and the identity material behind it. Guidance across the industry is still evolving, so definitions vary across vendors and no single standard governs this term yet; the closest practical references come from the OWASP Agentic AI Top 10 and the NIST AI Risk Management Framework.
The most common misapplication is treating a computer-use agent as a low-risk UI macro, which occurs when teams ignore the credential context, session persistence, and live decision-making embedded in the workflow.
Examples and Use Cases
Implementing computer-use agents rigorously often introduces tighter session controls and more audit overhead, requiring organisations to weigh automation speed against the risk of unauthorized in-session actions.
- A support agent logs into a SaaS console, reads ticket details, updates fields, and confirms resolution without a direct API integration, while access must still align with NHI governance from the Ultimate Guide to NHIs — 2025 Outlook and Predictions.
- A finance assistant navigates an ERP interface to prepare a payment batch, but approval checkpoints are needed because the agent can traverse screens that were never designed for autonomous control.
- A security operations agent reviews alerts in a browser, enriches cases, and opens remediation workflows, reflecting the agentic application patterns discussed in the OWASP NHI Top 10.
- A procurement agent compares supplier records across multiple web portals, but each login step creates a distinct identity boundary that must be logged and reviewable.
- A controlled internal assistant carries out routine HR onboarding tasks in a web portal, provided the session is time-boxed and the underlying account has only the minimum entitlement required.
These use cases are practical only when teams can observe what the agent clicked, why it acted, and which credentials were present at each step. The same autonomy that makes the pattern useful also makes it harder to separate normal navigation from unsafe action.
Why It Matters in NHI Security
Computer-use agents expand the attack surface because they can operate inside real sessions where secrets, tokens, and privileged workflows are exposed moment by moment. If the agent is compromised, prompted into unsafe behavior, or paired with an overprivileged identity, the result can be lateral movement across systems that would be harder to reach through a single API call. NHI Mgmt Group research shows that 97% of NHIs carry excessive privileges, which is especially dangerous when an agent can navigate interfaces and trigger downstream actions in live business systems.
This is why the term matters for governance, not just automation design. It connects directly to identity lifecycle, auditability, and Zero Trust assumptions, and it is closely related to the abuse scenarios captured in the AI LLM hijack breach and the Moltbook AI agent keys breach. The operational lesson is simple: when a browser session becomes the control plane, access review must move from static entitlement checks to continuous session governance. Organisations typically encounter this consequence only after an agent initiates the wrong action in a production system, at which point computer-use agent controls become operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | NHI-02 | Agentic systems inherit identity and action risks from delegated UI execution. |
| NIST AI RMF | Frames AI systems by risk, governance, and lifecycle controls. | |
| NIST Zero Trust (SP 800-207) | PA, IA, AC | Zero Trust requires continual verification of identity, access, and session trust. |
Classify computer-use agents by risk and require monitoring, accountability, and human oversight.
