Opera Neon turns the browser into your local AI agent

Opera Neon launches with a bold promise: agents that act inside your browser rather than in the cloud. Explore Neon Do, Tasks, and Cards, why local execution matters, and what teams should build next.

ByTalosTalos
AI Product Launches

The browser just became an agent runtime

On September 30, 2025 Opera began rolling out Neon, a new browser that embeds artificial intelligence agents inside the browsing session itself. Instead of living in a separate chat window or a remote cloud, Neon’s agents can read, click, type, and organize right inside the tabs you already use. Opera frames the product around three pillars that map cleanly to real work: Tasks to scope and contain a job, Cards to make reusable prompt recipes, and Neon Do to perform on‑page actions in real time. The company confirmed the early access rollout and subscription model on the launch date in its newsroom post, which introduced Neon as a locally executing, privacy‑first agentic browser. See the announcement in Opera ships Neon on September 30.

If this feels like a turning point, you are not alone. For two decades the browser has mostly been a document viewer that fetches pages and runs publisher scripts. Neon reframes it as a programmable assistant that can carry out intent on the live web while you watch and intervene. That shift sounds abstract, so let us ground it in simple examples.

  • Trip planning: Neon opens comparison tabs, extracts dates and policies, fills forms for candidate itineraries, and pauses for your approval before purchase.
  • Market research: Neon gathers filings and recent news, highlights key numbers, and assembles a draft brief inside your task workspace.
  • Repetitive forms: Neon copies details from your notes and applies them across several portals while keeping your session and cookies on your machine.

What shipped and how it works

Neon introduces an operator called Neon Do. You toggle it on inside a Task, then watch as it acts in the visible browser context where you are already authenticated. It can open and close tabs, follow links, fill fields, and gather data across those tabs. When an action needs an explicit confirmation, Neon pauses for you. The important point is where it runs. Neon Do executes within the browser session, not as a remote agent logging into your accounts from somewhere else. That reduces the need to share passwords with cloud services and avoids repeated authentication flows.

Think of Neon Do as a careful junior assistant sitting beside you at the keyboard. You give it a goal in natural language. It plans steps, acts across pages, and shows its work as it goes. Because it operates inside the session that you control, it sees what you see. No plug‑ins are required for most websites, and you can take over at any time by clicking, typing, or turning it off.

Tasks and Cards, explained

Tasks are self‑contained workspaces. Each one functions like a mini browser with its own tabs, history, notes, and context. This is more than a folder of links. It is a boundary for state and memory so the agent does not mix your trip planning with your hiring pipeline. Within a Task, Neon can analyze multiple sources at once and act across them.

Cards are reusable prompt instructions. Picture a deck on your desk. One card might say pull details, another make comparison table, another extract action items. You stack the cards you want, then add the small bit that is unique to today. Over time you collect a personal library and share or install new cards from a store. That turns prompting from a craft you redo every time into a repeatable process. Cards are also a lightweight packaging format a team can review, approve, and version.

Together, Tasks and Cards make agentic browsing legible. Teams can design processes that anyone can repeat. Individuals can capture hard‑won prompting tricks as assets rather than tribal knowledge.

Why local execution beats cloud copilots for many jobs

Most copilots today sit in the cloud. You paste content into a chatbot, authorize a connector, and hope it has enough context to act. Neon flips that by putting the operator inside the browser process. There are tradeoffs, but the advantages for many workflows are clear.

Advantages

  • Privacy and control. Since Neon Do operates in the local browser session, it does not need your passwords or sensitive session tokens in the cloud. You can see every action and pause it at any moment.
  • Lower friction. If you are already signed in to a site, Neon can act in that context without a second login dance.
  • First class web sense. In‑page execution reduces brittleness because the agent interacts with the actual Document Object Model rather than approximations shipped to a remote service.

Tradeoffs

  • Compute budget. Heavy reasoning or large model inference may still use remote resources. Neon’s design encourages local orchestration with the option for cloud sized thinking when needed.
  • Anti‑automation defenses. Sites that aggressively detect automation may require careful pacing and human‑in‑the‑loop checkpoints.
  • Repeatability. Local environments vary. Teams will want standard task templates, selectors, and guardrails to keep automation stable across laptops.

What this means for extension developers

Extension ecosystems were built around event listeners and content scripts. Agentic browsing introduces intent handlers, planning loops, and observable actions that can be previewed or reversed. Here is what to consider if you build for browsers today:

  • Model user intent as a task graph. Cards are one metaphor. You can build your own through extension UIs that define reusable steps, variables, and selectors.
  • Embrace declarative actions. Rather than writing brittle click scripts, declare the outcome, then map it to robust selectors and heuristics.
  • Offer preview and diff for every action. People will trust agents that show what they plan to do before they do it, especially on transactional pages.
  • Design for handoff. Neon Do pauses at key steps. Your extension should expose a clean way to hand control back to the user and resume without losing context.
  • Instrument observability. Log what the agent tried, what changed on the page, and why it chose the next step. Treat that like unit tests for the web.

Under the hood you will still lean on familiar automation interfaces such as the Chrome DevTools Protocol and the WebDriver BiDirectional protocol. The goal is not to hide the web. It is to package common actions with enough structure and guardrails that anyone on your team can repeat them safely.

For readers shipping enterprise agents today, compare Neon’s on‑page approach with how robust enterprise stacks orchestrate tools and guardrails. Our coverage of OutSystems Agent Workbench GA shows how enterprise teams standardize prompts, approvals, and rollout for reliability.

Mapping MCP and CDP into a coherent toolchain

Over the past year, enterprise teams have been standardizing how language models reach internal systems using the Model Context Protocol. MCP, from Anthropic, acts like a universal port that lets an agent call tools and read private data through a consistent interface. If you have not seen it, start with Anthropic's Model Context Protocol for the mental model and reference components.

Neon suggests a clean split of responsibilities that maps nicely to how large organizations prefer to separate concerns:

  • MCP for backends and private systems. Expose claims systems, deal desks, catalog search, or ticketing through MCP servers that enforce your policies.
  • CDP for frontends and the live web. Execute on‑page actions with the browser’s automation interface where the user is already authenticated.
  • Tasks for state. Each Task holds the context that bridges MCP calls and on‑page actions without leaking data across projects.
  • Cards for repeatability. Cards become the packaging format for your best prompts and step recipes, which you can version, test, and share.

This toolchain lets you pull a customer’s order history through an MCP server, join it with current pricing on partner sites via on‑page actions, and prepare a quote that the human reviews before sending. The sensitive data never leaves the controlled environment, and the risky navigation does not run headless on a random cloud worker.

Security, risk, and compliance

Compliance‑first industries have avoided most agent hype for good reasons. Data residency, auditability, and duty of care outrank flashy demos. A local agent runtime inside the browser changes the calculus.

  • Data stays scoped. Because Neon Do operates in the user’s current session, you can avoid moving credentials and tokens to external services. That narrows the attack surface.
  • Supervised autonomy. Every action is visible, interruptible, and attributable to a user. That enables real approvals and human in the loop checkpoints.
  • Audit by design. Tasks provide a natural container to log prompts, pages visited, and decisions made. Store those logs with the rest of your regulated records.
  • Policy control. Cards and task templates can be pre‑approved for narrow uses, such as pulling specific fields or submitting specific forms, while banning risky actions.

If you are hardening agentic workflows, our look at AI‑DR runtime security for agents covers patterns for real time guardrails, telemetry, and containment that pair well with browser‑local execution.

The next 12 months: how everyday work changes

Shopping

  • Real comparison replaces tab sprawl. Agents will extract structured attributes across merchant pages and render table views inside a Task.
  • Price plus policy becomes the norm. Returns, restocking fees, warranty terms, and shipping windows can be compared in one pass rather than in a fine print hunt.
  • Checkout gets assistance. The agent will prefill forms, apply loyalty numbers, and stop for your consent before payment.

Research

  • Synthesis moves from static summaries to living briefs. As your tabs change, so does the brief. Highlights link to sources in your Task.
  • Literature triage gets faster. Agents will pull abstracts, methods, and sample sizes for papers and cluster them by relevance with citations attached.
  • Source hygiene improves. Because actions happen in your view, you can spot incorrect extractions and correct them, which feeds better prompts back into your Cards.

Robotic process automation

  • The browser becomes the UI robot. Many fragile RPA scripts step through web portals using remote infrastructure. Expect teams to shift simple, high volume tasks to local agentic browsing so employees supervise actions and resolve edge cases in context.
  • Ticket backlogs benefit first. Password resets, address changes, and entitlement checks are ideal pilot candidates. These are frequent, structured, and easy to fence with policy.
  • Dashboards include agent health. Teams will track success rates, time saved, and exceptions, then compare those metrics to human baselines.

What to build now

For developers

  • Author a first batch of Cards. Start with three to five common tasks in your domain. For retail, think pull details, compare variants, and check availability. For support, think classify issue, suggest resolution, and prepare reply.
  • Wrap actions in selectors that fail gracefully. Use semantic cues rather than brittle xpaths. Add small timeouts and retries. Bake in preview and diff.
  • Create a Task template for a critical workflow. Scope it to five to ten steps with a clear handoff point to the human.
  • Add observability from day one. Log prompts, actions, and page states. You cannot tune what you cannot see.

For product leaders

  • Choose one measurable workflow and set a target. Reduce handle time by 20 percent or increase first pass accuracy by 10 percent. Make it falsifiable.
  • Define red lines. List actions agents may not perform without explicit human approval. Start conservative, then expand as confidence grows.
  • Plan for hybrid. Local orchestration is great, but some reasoning or summarization will still happen in the cloud. Document when and why.

For security and compliance

  • Threat model the agent. Treat it like a new user that can click fast. Consider how it could be phished, trapped in infinite scroll, or tricked by deceptive design.
  • Write an audit spec. Decide what to log, how long to retain, and who can see it. Tie logs to Task identifiers and user identities.
  • Approve a Cards catalog. Pre‑approve a small set that covers your top workflows. Review additions on a weekly cadence.

Where the browser ecosystem goes next

Neon will not be the only agentic browser. Others will blend similar ideas into their own interfaces. The pattern is clear. The browser session is a trustworthy place to run agents because the user is present, credentials are already scoped, and actions are visible. What matters next is standardization of how tasks, prompts, and on‑page actions are packaged so that teams can share and reuse them across tools.

Expect the line between frontends and backends to blur. Agents will fetch private data through MCP, then act on public sites in the same Task. The next wave of tools will make that choreography auditable and safe by design. For a picture of how data gravity is pulling agents closer to where records live, see how agents move into the database and how that trend changes integration patterns.

Frequently asked questions

Is Neon only for power users?

Neon is positioned at launch for people who work on the web all day and want automation they can supervise. The subscription model supports that focus. Over time, expect simpler starter templates for casual users.

Will Neon replace extensions?

Not soon. Many extensions add features that are not about automation. What Neon changes is how users can string those features together under supervision and with better logging.

Does local execution mean no cloud at all?

No. Local orchestration reduces risk and friction, but large scale reasoning may still use cloud models. The important shift is that sensitive sessions stay local, while expensive thinking can happen off device when needed.

The bottom line

Neon’s debut is the clearest signal yet that the browser is becoming the default runtime for local, privacy‑first agents. The ingredients are practical rather than flashy. A visible operator that can click and type where you already work. A container for state that keeps contexts clean. A deck of repeatable prompts that turn expertise into building blocks. None of this removes judgment. It removes drudgery and makes judgment easier to apply. If you start capturing your best workflows as Tasks and Cards now, you will be ready when your team asks the most important question of this moment. What can the browser do for us today while we are watching it work.

Other articles you might like

ShinkaEvolve and the rise of test-time evolutionary compute

Sakana AI's ShinkaEvolve flips the script on scaling by evolving code and training signals at test time. Novelty filters, smart parent sampling, and model bandits deliver state-of-the-art results with far fewer trials.

AI Product Launches
·Read more
OutSystems Agent Workbench GA makes enterprise AI agents real

OutSystems Agent Workbench GA makes enterprise AI agents real

OutSystems has taken Agent Workbench to general availability, formalizing an agent workbench category: a low code control plane to design, govern, and deploy multi agent systems across live enterprise data and workflows with real controls.

AI Product Launches
·Read more
Ray3 lands: Luma's reasoning video model goes production-grade

Ray3 lands: Luma's reasoning video model goes production-grade

Luma's Ray3 is now inside Adobe Firefly, bringing native HDR, ACES EXR sequences, and a fast Draft Mode that preserves composition. With Creative Cloud handoff and agency partners, AI video moves from demo to deliverable.

AI Product Launches
·Read more
Tinker brings distributed fine-tuning to open models

Tinker brings distributed fine-tuning to open models

Thinking Machines Lab introduced Tinker on October 1 and 2, 2025, a developer-first service that turns distributed fine-tuning of open-weight LLMs into a turnkey step. The promise is sovereign AI and scale without owning a GPU farm.

AI Product Launches
·Read more
Agents Move Into The Database: RavenDB Sparks a Shift

Agents Move Into The Database: RavenDB Sparks a Shift

RavenDB’s new AI Agent Creator puts agents inside the database, not outside. Learn why in-database execution can beat external RAG on security, latency, cost, and governance, plus concrete build patterns you can ship in Q4 2025.

AI Product Launches
·Read more
Resemble AI’s Deepfake Drills Arrive for Government Buyers

Resemble AI’s Deepfake Drills Arrive for Government Buyers

On September 9, 2025, Resemble AI made deepfake-simulation drills available to agencies through Carahsoft. Here is why adversarial training will become a required control by 2026 and how defensive agents raise the bar.

AI Product Launches
·Read more
Gist Answers goes live: licensed AI search for publishers

Gist Answers goes live: licensed AI search for publishers

On September 5, 2025, ProRata.ai lit up a 750 publisher network with Gist Answers, a licensed, revenue sharing AI search. Here is how rights aware retrieval, attribution, and pay per query pricing can reshape the web.

AI Product Launches
·Read more
Hume Octave 2 and EVI 4-mini push voice AI mainstream

Hume Octave 2 and EVI 4-mini push voice AI mainstream

Hume AI released Octave 2 and EVI 4-mini, bringing fast multilingual voice agents within reach. Learn what improved in prosody and latency, why it beats text-first UX, and how to ship voice-native copilots now.

AI Product Launches
·Read more
AI‑DR Arrives: Runtime Security for Agentic Apps Goes Mainstream

AI‑DR Arrives: Runtime Security for Agentic Apps Goes Mainstream

September marked a clear shift. Runtime security for language models and agentic apps is now expected, not optional. This guide defines the AI‑DR stack, shows how to ship it in weeks, and offers a practical build versus buy playbook.

AI Product Launches
·Read more