Notifications
Clear all
Topic starter
08/06/2026 4:38 pm
TL;DR: Anthropic’s Computer Use and OpenAI’s Computer Using Agent show how AI can interact with desktops and browsers to complete multi-step work, but the article also highlights performance, safety, and control tradeoffs across managed virtual environments and direct machine access. Existing IAM and NHI models were built for predefined access, not runtime action selection across arbitrary software.
NHIMG editorial — based on content published by WorkOS: Anthropic’s Computer Use versus OpenAI’s Computer Using Agent (CUA)
Questions worth separating out
Q: How should security teams govern AI agents that can use desktops and browsers?
A: Security teams should govern these agents as privileged runtime actors, not as ordinary automation.
Q: Why do computer-use agents complicate least-privilege design?
A: They complicate least privilege because the useful scope of access is often discovered only during execution.
Q: What breaks when AI agents can self-correct during task execution?
A: Fixed workflow assumptions break first.
Practitioner guidance
- Define separate control zones for browser and desktop agents Map each computer-use workflow to the narrowest possible execution surface.
- Treat every agent action as a runtime authorisation event Capture screenshots, action sequences, and tool invocations so security teams can reconstruct how the agent moved through each session.
- Apply privileged access review to agent-scoped workflows Review which applications, files, and terminals a computer-use agent can reach, then remove any path that is not required for the task.
What's in the full article
WorkOS's full analysis covers the operational detail this post intentionally leaves for the source:
- How Anthropic's Computer Use sets up direct desktop interaction through screenshots, coordinate-based clicks, and iterative action loops
- How OpenAI's Computer Using Agent confines execution to a managed virtual browser and what that changes for containment
- Benchmark comparisons, performance tradeoffs, and cost considerations across the two approaches
- Practical implementation notes for sandboxing, environment setup, and monitoring that are beyond the scope of this governance analysis
👉 Read WorkOS's analysis of Anthropic Computer Use versus OpenAI CUA →
Computer use agents: are your identity controls keeping up?
Explore further
08/06/2026 6:21 pm
Runtime access review was designed for stable privilege, and that assumption fails when a computer-use agent is selecting actions inside the session. These systems can observe state, decide a next step, and keep moving without a human approval gate between actions. The implication is that review cadences built for persistent entitlements do not describe the real control problem anymore; they miss the moment where privilege is assembled and used.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: How do you know if computer-use governance is actually working?
A: You know it is working when the agent stays inside its intended surface, produces complete audit trails, and cannot move into unapproved applications without a policy event. Effective governance shows up as narrow session scope, visible action logs, and blocked cross-boundary behaviour rather than simply successful task completion.
👉 Read our full editorial: Computer use agents are exposing a new identity control gap
