Claude Code’s desktop app can now open a browser window inside the coding session itself. The agent can pull up documentation, load a design file, or visit a live website, then read the page, click through it, and interact with its elements, the Claude Code team said in an announcement thread on X on July 10.
That closes a loop that coding agents have mostly left open. Claude Code could already run and interact with a developer’s local dev server, watching a page render as code changed. Extending that same interaction model to external sites means the agent can now read a library’s documentation, study a competitor’s UI, or check a Figma link without the developer copying text back into the chat window. The step from “reads what you paste” to “goes and looks” is a meaningful jump in autonomy for a tool that spends most of its time translating specifications into code.
The market context matters here. A cottage industry of browser-use agents (open-source projects and hosted services like Browserbase) already exists to give any LLM control of a browser, typically bolted on as a separate tool call outside the coding environment. Anthropic folding that capability directly into Claude Code’s desktop app collapses a step that previously required stitching together a coding agent and a browsing agent as two systems. Browser-use agents built as standalone tools now compete with a version of the same capability that ships natively where the code gets written.
The browser runs in a sandboxed environment with configurable settings, according to the announcement. Users choose whether a browsing session persists between uses, which is the detail worth pausing on. A persistent session means Claude Code can stay logged into an internal wiki, a staging environment, or a paid documentation portal across a whole coding session. That is convenient. It is also a new credential-handling surface, since a session that persists across restarts carries whatever cookies and login state it captured. A sandboxed, ephemeral-by-default browser limits what the agent can see and touch even if a prompt injection or a malicious page tries to redirect it.
The announcement does not include independent testing of how the browser handles adversarial pages, nor benchmark data comparing it to standalone browser-use tools. It also does not specify how granular the sandbox configuration is, whether it is scoped per-domain, per-session, or globally. Those are the questions that determine whether this is a convenience feature or a new attack surface for teams that give Claude Code access to internal tools.
The feature requires the latest desktop app version, and Anthropic has published documentation at code.claude.com/docs/en/desktop under browse-external-sites. Teams running Claude Code against internal documentation or design systems should review the session-persistence default before rolling this out broadly: an agent that can log in once and stay logged in is exactly the kind of access that security reviews exist to catch.
The Claude Code team announced the feature in a thread on X on July 10, 2026.