Google has made computer use a built-in tool in Gemini 3.5 Flash, moving the capability out of a separate model and into its mainstream Flash model so developers can build agents that see and act across browser, mobile and desktop.
The more interesting shift is on safety. Alongside targeted adversarial training against prompt injection, Google is shipping two optional enterprise safeguards: one that forces explicit user confirmation before sensitive or irreversible actions, and one that automatically stops a task the moment an indirect prompt injection is detected. Google frames it as defence in depth, to be paired with sandboxing and human review.
As computer-use agents reach the flagship model, vendors are effectively conceding that capability is solved and the open problem is stopping a hijacked agent before it acts.