Shlumi is an AI agent firewall that detects and blocks automated browser agents — including Claude, Gemini, GPT-Operator, Playwright, Puppeteer, and Selenium — in real time using a lightweight JavaScript detection script.

How does Shlumi detect AI browser agents?

Shlumi collects 30+ browser fingerprinting signals including navigator.webdriver, Chrome DevTools Protocol (CDP) leaks, Playwright globals, headless Chrome indicators, and behavioral patterns. Each session is scored 0–100 and assigned a verdict of clean, suspicious, or bot.

How do I integrate Shlumi on my website?

Add a single script tag to your website's HTML with your API key. Shlumi works with any stack including Next.js, React, plain HTML, WordPress, and Webflow.

Can Shlumi block Claude and Gemini browser use?

Yes. Shlumi specifically detects Claude computer use, Gemini browser automation, and other AI agent tools by identifying CDP-based automation, Chrome object integrity anomalies, and behavioral signals unique to AI-driven browsing.

AgentShield — AI Agent Detection Platform

The Rise of AI Agent Browser Use

In late 2024, Anthropic released Claude's "computer use" capability — allowing the Claude AI model to control a real computer, including a web browser, to complete tasks autonomously. Shortly after, Google's Gemini and OpenAI's GPT-4o gained similar capabilities through tools like GPT-Operator and Project Mariner.

These are not traditional bots. They are AI models that can see a webpage, understand its content, make decisions, and interact with it — filling forms, clicking buttons, navigating menus, and extracting information — all without any human involvement after the initial instruction.

How AI Agent Browser Use Works

AI agent browser use typically works through one of two mechanisms:

1. CDP-Based Control (Claude, Gemini)

The AI model controls a real Chrome browser via the Chrome DevTools Protocol (CDP). The browser takes screenshots, the AI model analyzes them, decides what to do, and sends commands back via CDP. This approach uses a real Chrome installation, making it harder to detect than traditional headless browsers.

2. Browser Extension Integration

Some AI agents operate through browser extensions that inject JavaScript into pages, intercept network requests, and interact with the DOM directly. Claude's browser extension and similar tools work this way.

Why This Matters for Website Security

Traditional website security assumes that automated access is performed by simple scripts with obvious fingerprints. AI agent browser use breaks this assumption in several ways:

Bypasses CAPTCHA

AI models can solve visual CAPTCHAs, audio CAPTCHAs, and puzzle-based challenges that were designed to stop bots. Claude can read a CAPTCHA image, understand the challenge, and complete it correctly.

Understands Context

Unlike a scraper that follows fixed CSS selectors, an AI agent understands the semantic meaning of a page. It can navigate a multi-step checkout flow, understand error messages, and adapt to UI changes — making it far more resilient than traditional automation.

Operates at Scale

A single AI agent can be instructed to visit thousands of websites. Organizations are already using AI agents to automate competitive intelligence, price monitoring, content aggregation, and lead generation at a scale that was previously impossible.

Evades Rate Limiting

AI agents can be instructed to behave like humans — adding random delays, varying their interaction patterns, and rotating through different sessions — making them much harder to block with simple rate limiting.

Real-World Impact

The security implications of AI agent browser use are already being felt across industries:

E-commerce: AI agents scraping pricing data, product descriptions, and inventory levels at scale
SaaS: Competitors using AI agents to systematically test product features and extract proprietary workflows
Media: AI agents harvesting content for training datasets without authorization
Finance: AI agents automating account creation, form submissions, and data extraction from financial portals
Healthcare: AI agents accessing patient portals and medical databases

How to Protect Your Website

Protecting against AI agent browser use requires a multi-layered approach:

Client-side fingerprinting: Detect CDP signals, Chrome object anomalies, and behavioral patterns that distinguish AI agents from humans
Server-side enforcement: Gate sensitive endpoints behind session verification checks
Access rules: Block known datacenter IP ranges and ASNs commonly used by AI agent infrastructure
Rate limiting with context: Apply stricter limits to sessions that show partial bot signals
Honeypot traps: Add invisible elements that AI agents interact with but humans never see

Shlumi implements all of these layers in a single platform, giving you real-time visibility into AI agent activity and configurable enforcement rules — without writing any server-side code.

Conclusion

AI agent browser use represents a fundamental shift in the bot landscape. The question is no longer "is this a bot?" but "is this an AI agent, and do I want to allow it?" Shlumi gives you the tools to answer that question in real time — and act on the answer.

What is AI Agent Browser Use and Why It Matters for Website Security