Google is rolling out Gemini-powered features in Chrome for Android at the end of June, including an βauto browseβ capability that can take actions on the web on a userβs behalf.
Itβs the clearest sign yet that the AI browser wars are moving beyond chatbots and into autonomous territory β with real implications for how organisations think about device management, data governance, and acceptable use policies.
Whatβs Actually Launching
Built on Gemini 3.1, the update brings three headline features to Chrome on Android.
First, a persistent AI assistant that lives inside the browser and can answer questions about whatever page youβre viewing β summarising articles, explaining complex topics, and pulling information from connected Google services like Gmail, Calendar, and Keep.
Second, an image generation and editing tool called Nano Banana that lets users create or modify visuals directly in the browser β turning a webpage into an infographic, for instance, or reimagining a photo with different content.
Third, and most significant, is auto browse. The feature lets Chrome act as an autonomous agent, taking multi-step actions across the web on a userβs instruction.
Any workflow that involves navigating websites, filling forms, or triggering transactions is, in principle, within scope.
Auto browse will be restricted to AI Pro and Ultra subscribers at launch, on Android 12 or higher devices in the US.
Why IT Leaders Should Pay Attention
Agentic AI in the browser is a fundamentally different risk profile to a chatbot.
When an employee asks ChatGPT a question, the answer stays in the chat window. When an agentic browser starts navigating websites, submitting forms, and interacting with third-party services on a userβs behalf, the blast radius of a mistake β or a malicious prompt β grows considerably.
Google has acknowledged this with a confirmation step before βsensitive tasksβ like purchases or social media posts.
But the definition of sensitive is subjective, and in an enterprise context, plenty of consequential actions wonβt trip that filter.
An agent that can read a Gmail inbox and act on its contents is, effectively, operating with the same permissions as the user.
Thatβs a privilege IT teams will want to think carefully about before it lands on managed devices.
The prompt injection risk is particularly worth noting. Google says auto browse is protected against it, but prompt injection β where malicious content on a webpage hijacks AI instructions β remains one of the harder problems in agentic AI security.
Organisations browsing sensitive supplier portals, financial platforms, or customer-facing tools will want to understand exactly what those protections look like in practice before theyβre comfortable.
The Bigger Picture
This launch is part of a broader arms race.
Microsoft has been embedding Copilot deeper into Edge. Apple is integrating its own AI features across Safari and iOS.
The browser, long a relatively neutral piece of enterprise infrastructure, is becoming a battleground for AI platform lock-in β and the feature sets are advancing fast.
For IT and security leaders, the challenge isnβt just evaluating one product.
Itβs keeping pace with a category thatβs moving from passive assistance to active agency in a matter of months.
Mobile device management policies, acceptable use guidelines, and data loss prevention tools were largely written for a world where browsers displayed content. They werenβt written for browsers that act.
The Personal Intelligence feature β which lets Gemini tailor responses based on a userβs interests, family details, and browsing habits β will also raise flags in organisations with strict data handling requirements.
Google says users remain in control, but privacy teams will want to scrutinise what data is used, where itβs processed, and how it interacts with corporate Google Workspace accounts.
Whatβs Next
The rollout begins at the end of June in the US, while international availability hasnβt been confirmed.
For most enterprise IT teams, the immediate action is awareness β flagging this to security and compliance stakeholders before it appears on employee devices, and starting the conversation about what guardrails, if any, need to be in place.
