thanks for explaining that. I could see some value and also tremendous risk.

My concern is that the Windows Credential itself doesn’t have a ton of value (opening windows apps) but the browser cookie jar (e..g Edge or Chrome) , which the Credential unlocks, has tremendous value — and threats.

The core problem is lack of granularity in permissions. If you allow the agent to do browser activities as your user, you can’t control which cookie / scope it will take action on.

You might say “buy me chips” and it instead logs into your Fidelity account and buys $100k worth of stock.

Let’s see how they figure out the authorization model.