← All PostsGitHub Copilot Can Now Control a Real Browser in VS Code
Developer toolsAI tools

GitHub Copilot Can Now Control a Real Browser in VS Code

July 3, 2026

GitHub Copilot can now drive a real browser. Browser tools hit general availability in VS Code on July 1 — Copilot agents can open pages, click around, fill forms, and read what's on screen, on by default.

Here's what it actually does and the access model behind it.

What Browser Tools Do

Copilot agents get the same browser actions a developer would use manually: open and navigate pages, click, type, hover, drag, handle dialogs, read page content, capture console errors, and take screenshots. There's also scripted flow support for when a fixed sequence of steps beats individual tool calls.

DevTools sit right in the browser toolbar too, so you can inspect elements and debug pages yourself alongside whatever the agent is doing.

The practical use case: point an agent at your local dev server, ask it to test a flow, and let it click through the actual UI instead of you describing what you want tested in words.

The Access Model

Your tabs stay private by default. An agent can't read or interact with a page you already have open until you explicitly hit "Share with Agent" — and you can revoke that access any time. Existing network domain controls still apply on top of that.

GitHub added more detail to the docs on July 1 specifically clarifying which permissions stay under your control, likely in response to feedback during the preview period.

Worth Knowing Before You Turn It Loose

Giving an agent live control of a browser is exactly the capability security researchers have been flagging as risky. A University of Washington study published this week found that agentic browsers from OpenAI, Google, Anthropic, and Perplexity all share the same underlying weakness: an agent reading a malicious page can be tricked into acting on hidden instructions instead of your actual request.

Copilot's browser tools are scoped to explicit tab-sharing rather than open-ended web browsing, which narrows the attack surface compared to a full agentic browser. But if you're pointing it at pages with untrusted content — not just your own local dev server — the same caution applies: treat what the agent reads as untrusted input, not instructions.

How to Use It

It's on by default with GA, shaped by preview feedback. No extra setup required — open Copilot Chat in agent mode, share a tab when prompted, and go.

This is another step in GitHub's push toward agent-native development — fewer things you describe to the AI, more things it can just go check for itself.

Source: GitHub Changelog

Frequently Asked Questions

What are GitHub Copilot browser tools?

GitHub Copilot browser tools let Copilot agents in VS Code control a real browser — opening pages, clicking, typing, reading content, capturing console errors, and taking screenshots, using the same actions a developer would use manually.

When did GitHub Copilot browser tools launch?

Browser tools became generally available in VS Code on July 1, 2026, after a preview period, and are on by default.

Can GitHub Copilot access my open browser tabs automatically?

Your open tabs are private by default. An agent can't read or interact with a page you have open until you explicitly select 'Share with Agent,' and that access can be revoked at any time. Existing network domain controls still apply.

Are GitHub Copilot browser tools safe from prompt injection?

Copilot's browser tools require explicit tab-sharing rather than open-ended browsing, which narrows the risk compared to full agentic browsers. But a University of Washington study found similar agentic browsers vulnerable to prompt injection, so treat any untrusted page content the agent reads with caution.