We put agentic AI browsers to the test – They clicked, they paid, they failed

You'd expect a human assistant to handle the task fine. People buying into the hype would reasonably expect the AI to handle it.

When Amazon came out with the "dash" button and then the "Alexa" speakers, I figured they must have expected they'd get some unintended purchases, and that they'd make more profit from those than they'd lose in the people going through the refund process. (That, or they'd learn whether it was profitable, and eat it as an R&D cost if it turned out to be unprofitable.)

I think this might be similar. In short, it's not consumers who want robots to buy for them, it's producers who want robots to buy from them using consumers dollars.

I think more money comes from offering this value to every online storefront, so long as they pay a fee. "People will accidentally buy your coffee with our cool new robot. Research says only 1% of people will file a return, while 6% of new customers will turn into recurring customers. And we only ask for a 3% cut."

I suspect part of this is rich people coming up with use cases. If you're rich enough money means nothing but product selection feels like a burden so you have an assistant who does purchasing on your behalf. You want your house stocked with high quality items without having to think of it.

For the rest of us, the idea of a robot spending money on our behalf is kinda terrifying.

Agent, I need some vitamin D, can you find me the best deal for some rated in the top 5? Agent deployed. Ok we found a bottle with a 30 day supply of Nature’s Own from a well respected merchant. It can be here in 2 days and it is $12. Should I buy? Yes.

Or you could add some other parameters and tell it to buy now if under $15.

Agent, I need a regular order for my groceries, but I also need to make a pumpkin pie so can you get me what I need for that? Also, let’s double the fruit this time and order from the store that can get it to me today.

Most purchases for me are not enjoyable. Only the big ones are.

I think the main driving force is it’s a way to monetize an LLM. If the LLM is doing the buying then a “buyer fee” can be tacked on to the purchase and paid to the LLM provider. That is probably an easier sell than an ongoing monthly subscription.

Also, sellers can offer a payment to the LLM provider to favor their products over competitors.

If you were a lawyer, you’d think something slightly different when you heard the word agent than you would if you were a computer guy. The delta is the fact that under the law of agency, an agent has the power to bind the principal to a contract.

If the lawyers didn’t have this definition in their head there would be no drive to make the software agent a purchaser, because it’s a stupid idea.

Agreed: If I was working with a human interior designer I would still want them to provide me a curated list of options on what decor to buy. Blindly trusting a person seems risky, a robot even more so.

I think it's also more a generic wish to have agents do things without review, this would open up a lot bigger window of possibilities. If it fails at easy shopping, then more crucial decision making is out of the order.

Yea I’ve been surprised about the risk conversations because they cannot do anything if you run them in a sandbox. But it seems like for many the assumed part was we’d hook LLMs into everything asap. It’s absolutely mind boggling.

You don't have to guess about the military applications, it's all over the news. Even bog standard FPV drones that Ukraine is churning out at a rate of >100k/month have image recognition these days, so that if the video stream gets jammed they can finish off the mission autonomously.

Even on a hobby level, ardupilot+openCV+cheap drone kit from amazon is a DIY project within the skill set of a significant part of the visitors of this very site.

Friend of mine told me they'll monitor the refuelling of planes with image recognition AI, just by seeing if the pipe is attached to the plane or not…

Can't wait for the stochastic parrot to press the "launch nukes" button. We deserve it at this point.

The flaw isn't just in the design, it's in the requirements. People want an AI that reads text they didn't read and does the things the text says need to be done, because they don't want to do those things themselves. And they don't want to have to manually approve every little action the AI takes, because that would be too slow. So we get the equivalent of clicking "OK" on every dialog that pops up without reading it, which is also something that people often do to save a bit of time.

Ah, it's like the good old days when operating systems like DOS didn't really make the distinction between executable files and data files. It would happily let you run any old .exe from anywhere on Earth. Viruses used to spread like wildfire until Norton Antivirus came along.

Agenetic browsers is like a sealing tape fix of a high pressure water pipe - it should not exist.

If you want the agent to do things for you - there is literally zero reason to use a browser instead of an API.

Like 1 bulletproof API call vs clicking and scrolling and captcha and scam stores etc - how can this possibly be a good idea?

I have definitely found utility in modeling certain words and phrases as having a value for marketers (and by extension, politicians) that acts much like a natural resource that they can "use up". It's a tragedy of the commons situation in which every participant is motivated to use it up as quickly as possible to their advantage because there is no reason for any given participant not to.

Further based on the way some of these things get used I'm pretty certain this modelling is consciously used by some higher-end marketing firms (and politicians), though by its nature it tends to also be copied by other people not in on the original plan simply by them copying what works, which depletes the value of the word or phrase even more quickly, and the fact that this will happen is part of the tragedy of the commons.

I'm sure it's only a matter of time before AIs become part of this push and we'll witness some sort of coordinated campaign where all our AIs simultaneously wake up one day and push us all with the same phrasing to do some particular thing at the behest of marketers or politicians because it works.

If you only give the AI the ability to do what the end user can already do, the risk is extremely low. It's essential no different then building a static web app where the client is connected to API for all operations. It basically just becomes a new way to interface into a application.

However... That's not how a lot of people are building. Giving an agentic system sensitive information (like passwords, credit cards) and then opening it up to the entire internet as a source for input as asking for your info to be stolen. It'd be like asking your grandma with dementia to manage all your email and online banking.

Yeah, I don't think their attempt to coin a word there is going to work.