Opera Neon and the Dawn of the Agentic Browser Runtime

Opera Neon reframes the browser as a runtime for AI agents, with local-first, in-page execution and new workflow primitives that let the web act. See how agentic browsing reshapes design, security, and go-to-market.

ByTalosTalos
AI Agents
Opera Neon and the Dawn of the Agentic Browser Runtime

Breaking: the browser just became a place to act

On May 28, 2025, Opera turned a page. With Neon, it is not simply adding another sidebar chatbot. It is turning the browser into a runtime where agents carry out tasks inside the very pages you open. In Opera’s own description, Neon’s agent can browse, fill forms, book trips, and even spin up creative work like websites and games. The crucial twist is how it does the work. Neon performs core actions locally inside the browser and introduces a set of workflow primitives so you can compose, monitor, and repeat what the agent does. It is the most direct bid yet to make the browser an execution environment for agents rather than a canvas for documents. See Opera’s framing of the launch and capabilities in its newsroom announcement, which underscores the local privacy posture and the new primitives in its Neon agentic browser overview.

Neon launched as a paid early access product with a waitlist and an initial monthly fee for power users. That pricing choice matters because it signals what this category believes it is selling. Not a browser as a free portal, but a work engine that saves time in measurable ways.

What local-first, in-page execution really means

Local-first means the agent lives where the page lives. Instead of shipping your entire session to a remote automation service, Neon runs control logic inside the renderer. Imagine a careful robot that can see only what you see in a tab. When you ask it to book a hotel, it reads the page’s structure, clicks the right buttons, fills the form, and waits for server responses, all within the same origin constraints your mouse is bound by. The privacy benefit is concrete. Sensitive data like one-time passcodes or account pages do not leave your machine unless you explicitly allow it. Latency improves because the loop between “see element, act on element, observe result” does not cross the network on every step.

In-page task execution is a technical way of saying the agent operates at the Document Object Model layer rather than scraping HTML elsewhere and posting back results. That gives three practical outcomes:

  • It honors web security boundaries. The agent cannot reach across origins without your permission because it is bounded by the browser’s sandbox.
  • It can handle real interfaces. When a site uses custom controls or lazy loads elements, the agent behaves like a user, not like a brittle scraper.
  • It becomes observable. Because the browser already logs events like clicks, fetches, and console output, the agent’s behavior can be captured as a replayable trace.

Neon’s new primitives: Tasks, Cards, Do, and Make

Neon introduces workflow building blocks that raise the agent above a one-off chat.

  • Tasks are named workspaces with goals, context, and state. Think of a Task as a folder that remembers everything the agent has done for a project, from research to final action.
  • Cards are reusable instructions and results. They let you save a good prompt, a web step, or an output so you can slot it into future work. Cards are to agent workflows what templates are to presentations.
  • Do is the in-page operator. You ask it to complete a step and it performs the clicks and form fills right there, under your supervision.
  • Make is the builder. It can compose artifacts like small sites or simple games and, when needed, offload heavy compute to a managed virtual machine so longer jobs continue even if you close your laptop.

Taken together, these are not features in the social media sense. They are primitives for composing automation where it traditionally did not live: the consumer browser.

The new category and its peers

Neon does not launch into a vacuum. The field is forming fast.

  • Comet from Perplexity positions the browser as an agentic search terminal with an assistant that manages tabs, summarizes emails, and navigates pages on your behalf. It is targeted first at premium subscribers, signaling a top-of-funnel that pays to save time.
  • Dia from The Browser Company is the post-Arc bet: an AI-first browser that moves chat and context to the address bar and learns from your recent activity, with an eye toward richer skills. Its maker now operates inside an enterprise software stack, which hints at deeper integrations with productivity tools.
  • Chrome is evolving from AI inside a browser to AI as a browsing layer. Gemini in Chrome summarizes, compares across tabs, and is set to add agentic actions like locating segments in videos or performing site navigation. On-device models already defend against scams and malicious overlays, showing how security will be part of the agentic baseline.

These products differ in tone and scope, but they share a conviction: the browser can execute intent, not just render pixels. The trend also echoes recent work on cross-vendor agent coordination. For a broader view of how vendors are stitching runtimes together, see the internal analysis on the cross vendor agent runtime.

Why developers should see the browser as an agent runtime

Developers who target the browser now have to design for agents as first-class users, not only humans with a mouse. That shift affects APIs, interfaces, and operations.

  • Tooling and integrations. Expect Model Context Protocol style connectors to become the lingua franca for attaching tools, data, and credentials to agents. If your product offers an application programming interface today, your next step is to ship an agent connector that exposes safe, scoped actions an in-page agent can call. A practical starting point is to study how standardized tool interfaces are documented for agent frameworks in the OpenAI Agents SDK MCP guide. For a complementary look at running MCP endpoints at the edge, see how Cloudflare frames edge-native Agents SDK and MCP.
  • Sandboxing and least privilege. Agents should operate with the smallest possible scope by default. Treat each Task like a container. Scope credentials to a domain, set time limits on grants, and require a fresh user gesture for cross-origin jumps. For integrations, ship read-only first, then add write scopes with explicit consent.
  • Observability by design. Give users and administrators the equivalent of a black box flight recorder. Every agent session needs a trace that shows page events, tool calls, data access, and outbound network requests. Export traces to existing observability stacks and attach redaction rules so sensitive fields are masked at the source.
  • Testability and determinism. Provide fixtures that simulate pages, latencies, and error states so developers can run a headless agent end to end without hitting production sites. Record and replay should be a default capability so a failed booking can be reproduced.

What enterprises will demand from agentic browsers

Enterprises will not greenlight autonomous actions until they see controls that match their risk posture. Expect these requirements to define the category:

  • Identity that binds person to agent. Tie agent sessions to enterprise identity and single sign on so every action maps to a human principal. Support step-up authentication for sensitive actions like wire transfers. Identity as a control surface is covered in our piece on the identity as agent control plane.
  • Policy as code. Administrators should encode rules that say who can do what where. For example, allow in-page form fills on vendor portals, block automated checkout on consumer retail, and require human double check on purchase orders above a threshold.
  • Audit and eDiscovery. Every action must be queryable. Investigators should be able to answer what an agent did, what it saw, what data it touched, and why it decided to act. Redaction and retention schedules must carry over to agent traces.
  • Data residency and local-first controls. In regulated sectors, being able to prove that the agent acted locally and that raw page data never left the region will be a selling point. Local-first architectures help because they minimize the material that could leave the device.

Go to market is shifting from free to saved-hours math

Browsers used to monetize via default search deals and advertising. Agentic browsers monetize like software robots by converting saved minutes into monthly fees.

  • Subscriptions as the norm. Neon’s paid early access and premium gating in peers point to a simple equation. If an agent can reliably save an hour per week, users accept a monthly fee. The renewal hinges on measurable outcomes, not brand affinity.
  • Marketplaces for workflows. Expect a marketplace where users buy Task templates and Cards for specific jobs. Think of a vendor who sells a vetted vendor onboarding flow or a travel team that shares a company booking policy as a reusable Card set. This will create a new creator economy inside the browser with a clear need for review, curation, and policies.
  • Enterprise bundling. The most aggressive growth will come from bundling the agentic browser with work suites. If your help desk, project tracker, and knowledge base are already integrated, an agent can move across them with fewer friction points and clearer permissions.

Build and pilot checklist for the next 90 days

If you are an engineering or product leader who wants to test agentic browsing safely and productively, here is a concrete plan.

  1. Select one narrow, high-friction workflow. Examples: vendor onboarding, candidate scheduling, expense reimbursement. Pick a task with clear success criteria and limited blast radius.

  2. Define the guardrails. Decide what the agent may read and write, which domains it can act on, and when to require a human confirm. Put it in policy before you write code.

  3. Map the pages. For the chosen workflow, list the sites and forms. Identify authentication steps, required fields, and common failure modes like two factor timeouts.

  4. Choose a browser and channel. Pilot Neon for in-page actions, or run a controlled test in an alternative agentic browser. If your environment is Chrome-centric, enable its AI features and simulate the agent steps with human-in-the-loop confirmation.

  5. Wire a minimal connector. Expose a few safe actions through a tool interface an agent can call. Read-only first, then add a write action with a narrow scope tied to a service account.

  6. Implement session traces. Capture every step the agent takes, store it with retention rules, and build a simple replay viewer for your team.

  7. Add test harnesses. Record a few real sessions, replace secrets with fixtures, and run them in continuous integration to catch regressions.

  8. Train supervisors. Teach users to intervene. Give them a pause, step, and undo. Make it obvious when the agent is acting.

  9. Measure outcomes. Track minutes saved, error rates, and completion rates. Compare against a control group using manual steps.

  10. Review and expand. Conduct a blameless postmortem, adjust policies, and add one more workflow only if the metrics justify it.

What this signals for web standards

When agents become first-class actors, the platform needs first-class affordances. Here are concrete proposals that standards bodies and browser vendors can rally around.

  • Agent Automation API. A standard interface for in-page actions with explicit consent prompts. It would expose controlled primitives like click, fill, wait for element, and file upload, each gated by permission grants with scope and time limits.
  • Capability tokens. A browser-issued, site-scoped token that encodes what the agent may do for the next session. Sites can request, narrow, or revoke these tokens via a declarative policy page.
  • Page affordance map. A machine-readable manifest a site can publish that labels important controls and safe flows. Think of it as structured hints that reduce agent guesswork without exposing internal logic.
  • Agent trace events. A unified schema for logging agent actions and page reactions designed to plug into observability stacks. Include fields for redaction, data classification, and policy decisions.
  • Human in the loop control. A standardized prompt and overlay that gives users pause, confirm, and step-through controls with a visible indicator when the agent is acting on the page.

If the industry aligns on these, we will get safer, more capable agent behavior with less brittle reverse engineering.

The competitive field just got real

Neon raises the bar by combining local-first in-page actions with a workflow model you can reason about. Comet is pushing on search-native agent flows and premium tiers. Dia is streamlining the interface and leaning into skills and context. Chrome is using its reach to ship safety features and, soon, agentic actions at web scale. Each path teaches something about adoption. Local-first execution will be the default ask in privacy-conscious markets. Enterprise buyers will require identity binding, policy as code, and auditable traces. And the economics will run on saved hours rather than ad clicks.

To put this moment in context, consider how adjacent platforms are going agent native. Productivity suites are turning documents into agent targets, as covered in our look at Office goes agent native. As more platforms expose safe actions and structured context, the value of an agentic browser that operates where users already spend their day only grows.

A smart close for a very new chapter

We have been here before. Tabs felt strange, then became obvious. Extensions felt risky, then became routine. Agentic browsing is likely to follow the same pattern if it respects the web’s rules and offers real control. Neon’s debut shows how. It does work where the work is, gives you primitives to shape it, and makes the results repeatable. The next great applications of the web will not be pages you visit. They will be workflows you run. The browser just became their natural home.

Other articles you might like

Agent Engine and A2A: Google makes cross vendor agents real

Agent Engine and A2A: Google makes cross vendor agents real

Google Cloud just made agent interoperability practical for enterprises. With Agent Engine, A2A, tracing, connectors, and streaming, teams can ship multi agent workflows across vendors with real controls and speed this quarter.

AI Agents
·Read more
Agent Bricks and MLflow 3.0: Turning Point for Enterprise AI

Agent Bricks and MLflow 3.0: Turning Point for Enterprise AI

Databricks unveiled Mosaic AI Agent Bricks and MLflow 3.0 with built-in evaluations, tracing, and governance. Learn why this stack changes production agents and how to build and ship across AWS, Azure, and GCP.

AI Agents
·Read more
Cloudflare’s Agents SDK and remote MCP bring edge-native AI

Cloudflare’s Agents SDK and remote MCP bring edge-native AI

Cloudflare’s new Agents SDK pairs with remote MCP servers, Durable Objects and Workflows to move agents from laptop demos to governed, low-latency production. See what shipped and how to deploy it with confidence.

AI Agents
·Read more
Okta turns identity into the control plane for AI agents

Okta turns identity into the control plane for AI agents

On September 25, 2025, Okta introduced Okta for AI Agents and Cross App Access, extending OAuth so enterprises can centrally authorize agent-to-app access. See what changed, who backs it, and how to roll it out.

AI Agents
·Read more
Figma’s MCP server plugs design systems into AI agents

Figma’s MCP server plugs design systems into AI agents

Figma’s remote MCP server lets agents and IDEs query components, tokens, styles, and usage rules directly from your design system. Expect cleaner handoffs, faster reviews, and automation that follows your standards.

AI Agents
·Read more
ChatGPT Agent is the first mainstream computer-using AI

ChatGPT Agent is the first mainstream computer-using AI

On July 17, 2025, OpenAI turned chat into computer use. ChatGPT Agent researches, clicks, and acts inside a virtual computer with narration and approvals. Explore strengths, limits, and how to put it to work.

AI Agents
·Read more
GitHub Copilot’s Coding Agent Hits GA: A Teammate, Not a Tool

GitHub Copilot’s Coding Agent Hits GA: A Teammate, Not a Tool

GitHub Copilot’s coding agent is now GA and ready to own end to end tasks. It plans changes, runs tests in isolated runners, opens draft PRs, and works within branch protections and review gates.

AI Agents
·Read more
Agentforce 3 shifts the AI race to control, scale, and trust

Agentforce 3 shifts the AI race to control, scale, and trust

Agentforce 3 reframes the AI platform race around control, scalability, and trust. With Command Center observability, native MCP interoperability, and automatic model failover, Salesforce pushes agents from demos to dependable digital labor.

AI Agents
·Read more
Amazon’s agentic Seller Assistant transforms SMB e-commerce

Amazon’s agentic Seller Assistant transforms SMB e-commerce

Amazon is evolving Seller Assistant into a permissioned agent that plans, executes, and reports across inventory, account health, compliance, and ads. See what changed on September 17, 2025 and why it matters for SMBs.

AI Agents
·Read more