Claude is being tested in Chrome to enhance browser-based AI capabilities while addressing prompt injection risks. The pilot involves 1,000 users on the Max plan, focusing on real-world feedback to build stronger safety measures before wider release. Key features include the ability to integrate with tools like calendars and documents. Updates rolled out since the research preview include multi-tab workflows and scheduled tasks. Safety is a top priority. Initial tests revealed a concerning 23.6% success rate for prompt injection attacks, where malicious actors could manipulate Claude to perform harmful actions. For example, Claude once deleted emails based on a fraudulent instruction in a malicious email. To counter this, Claude now requires user confirmations for high-risk actions, offers site-level permissions, and has improved its system prompts to better protect sensitive data. With new safeguards in place, the attack success rate has dropped to 11.2%. Further testing revealed vulnerabilities unique to browser interactions, such as hidden malicious elements in web pages. New mitigations have decreased attack success rates from 35.7% to 0% for specific browser-related threats. The pilot aims to identify additional attack vectors and refine Claude’s defenses based on real-world usage. Trusted testers are needed, particularly those whose setups aren't safety-critical, to help uncover new patterns of unsafe behavior. Interested users can join the waitlist for the research preview at claude.ai/chrome.