Overview
Paul Kinlan from Google explores how web browsers can serve as robust sandboxes for AI coding agents, demonstrating this concept through Co-do, a browser-based alternative to desktop coding assistants. The key insight is that browsers already solve the hard problems of running untrusted code safely - something that’s crucial for AI agents that generate and execute code.
Key Facts
- 30 years of browser development have created sandboxes designed to run hostile, untrusted code instantly - perfect foundation for safe AI agent execution
- Co-do demo provides Claude Cowork-like functionality entirely in browser - eliminates need for multi-GB local containers
- File System Access API allows browser file management - AI agents can work directly with your files without local installations
- CSP headers with iframe sandbox enable safe code execution - untrusted AI-generated code runs without system access
- WebAssembly in Web Workers provides isolated computation - heavy AI processing stays contained
- webkitdirectory input tag works across Firefox, Safari, and Chrome - full directory access without browser-specific limitations
- Double-iframe technique enables granular network controls - sophisticated security policies possible with existing web standards
Why It Matters
This matters because it suggests AI coding assistants don’t need complex local setups - the web platform already provides the security infrastructure needed for safe AI agent deployment, potentially making these tools more accessible and eliminating installation barriers.