FRESH

Hacker News

Home

Show HN: Vibium – Browser automation for AI and humans, by Selenium's creator

429 points by hugs

by rukuu001

4 subcomments

Hey man, just wanted to say thanks for Selenium - it was a game changer and had a big impact on my professional life.
I’m interested in checking out Vibium - I’ve been a reluctant adopter of Playwright and hopeful for a new approach.

by dmd

2 subcomments

Does it allow you to inject js, modify the DOM, and most crucially monitor/modify network requests? I do those things in probably 95-99% of the time I reach for playwright mcp in claude, and from the "For Agents" part of the README, it seems like all this can do is click/type/screenshot?

by 999900000999

3 subcomments

As someone who's made a good living primarily in UI automation for over a decade, thank you.
It's been an interesting journey.I do think Playwright is the defacto standard now, but Selenium was the original browser driver.
Anyway, how does Vibium compare to Playwright ? Playwright's main advantage is it has official support for multiple languages.

by michelb

1 subcomments

Interesting, I've been using this skill https://github.com/SawyerHood/dev-browser to save on context and get some more speed. Will try this out!

by rule2025

0 subcomment

What can this mainly do? How is it different from Chrome devtools MCP?

by password-app

0 subcomment

Congrats on shipping v1. The "sense-think-act" architecture is exactly what's needed for agentic workflows.
Re: the login handling discussion upthread—I've been using browser-use for automated password rotation (breach response use case). Two patterns that might be relevant to Vibium's roadmap:
Credential injection: Instead of putting passwords in the prompt, pass them via a sensitive_data parameter. The agent calls enter_password() without the value ever appearing in LLM context. Solves the "blast radius" concern several people raised.
Deterministic 2FA handling: When email verification is required, open Gmail in a new tab, but extract OTPs with local regex—not AI. The LLM orchestrates navigation; code extraction stays local. Handles ~90% of email 2FA automatically.
These patterns should work with any browser automation framework. Built a Mac app around this: https://thepassword.app
Would love to see Vibium add first-class support for credential injection in the API—it's the missing piece for any security-sensitive automation.

by anamexis

1 subcomments

My number one question would be how it compares to Playwright -- differences in design goals, capabilities, advantages and disadvantages.

by moss_dog

3 subcomments

I'd love to be able to lock down the browser to only allow certain URLs (e.g. localhost) so I can give Claude (and other tools) carte blanche to use browser automation (rather than manually approving each command). Is this something on your radar / roadmap?

by hcoura

1 subcomments

How does it handle context bloat between the browser and the llm?
Any plans of exposing more of the browser? For instance playwright is able to store tracing files the agent may decide to read to understand some requests / payloads…
Any plans on allowing the agent to run an arbitrary js script?

by suchintan

1 subcomments

This is very cool. We were thinking about doing something very similar with Skyvern
What was the reason you went down this path instead of extending selenium with AI features?

by rahimnathwani

1 subcomments

If an agent gets a copy of the screen using browser_screenshot and then wants to click somewhere on that screen, how is it meant to find the right css selector to pass to browser_click?
There's a browser_find method, but that assumes you already know what type of element it is. But I can't always tell what type of element something is just by looking at a screenshot.
What have I missed or misunderstood?

by nivekney

2 subcomments

Aside from the project itself, I am learning a lot just from reading the commits. Mostly about the process when one knows how they'd do it.
https://github.com/VibiumDev/vibium/commits/main/?after=ffc3...

by jaredwy

0 subcomment

Hey! You really helped my career. We chatted a lot maybe 13-15 years ago and really helped atlassian scale their selenium tests at the time.
So glad to see you are still in this space!

by rancar2

1 subcomments

I wasn’t able to gather the future state plans beyond what’s noted in the V2 plans:
https://github.com/VibiumDev/vibium/blob/main/V2-ROADMAP.md
What’s next 5 years look like given that you are very good at building long-term projects that last and evolve through time? And for a very specific example, what’s the plan for incorporating new standards like Agent Skills as they quickly evolve and launch?

by saikatsg

1 subcomments

The good old days of browser automation! Thanks a lot for Selenium and all the best for Vibium :)

by palidanx

1 subcomments

Sorry, I kind of have a dumb question here. So we have a bunch of legacy selenium scripts that do end to end user testing, and occasion they break (either because of a network error, or devs committed something that breaks a test).
We were looking at seeing if a model could look at the screenshot of the failure, some of the original website source code, and try to fix the failing test.
My question is with vibium, would it make more sense to port the legacy tests over to vibium, and if a test fail, use its capabilities to try to self-heal?

by gsnedders

1 subcomments

Is there any plan about how to deal with indirect prompt injection attacks that could trivially be lurking in malicious web pages, given the agent can navigate to an arbitrary URL?

by didip

1 subcomments

And this handles login sessions, cookies, etc.? So much of the modern web is now hidden behind login sessions.

by christophilus

1 subcomments

Nice. I was just thinking of building this very thing. Glad to see I won’t have to. I’ll check it out after the holidays.

by captainregex

1 subcomments

entirely possible I’m just really bad at this stuff but I can’t get browser agents to do simple report pulls without running into a captcha or a dropdown menu that breaks its brain. hopefully this is the one!

by badlogic

2 subcomments

Neat. Any reason why the MCP server doesn't expose a JavaScript/eval tool? Current models excel at writing JS to drive and inspect the DOM. They aren't great at driving browsers via screenshots.

by j2kun

1 subcomments

Is this something you use to generate static browser tests that no longer use the LLM? Or would you need to use the LLM every time you run the tests?

by mintflow

0 subcomment

great project, just add the mcp and try in claude code, it automatically help me to broser a local forum and give a summary of hot posts today.
this is the second MCP i added, quit impressive.
Merry christmas!

by eth0up

1 subcomments

I recently conducted a little research project involving YouTube comments, where selenium made it possible. Quite cool to see the legend here, still active.
Thanks, from a very tiny human.

by pryelluw

1 subcomments

Any plans to support local models through llama.cpp or similar?

by jeff4f5da2

1 subcomments

Since it's in go, wouldn't it be great if it also expose go api?

by jstummbillig

1 subcomments

Cool. Can this currently be used with codex in the same way?

by ripped_britches

1 subcomments

What is the benefit of using this instead of playwright?

by OutOfHere

2 subcomments

I will wait for full Python and Go support.

by mannanj

1 subcomments

Hi this looks really valuable, thanks for developing and sharing. Would you share some use cases and how you or your users use it personally? would love to see some examples and feel the aha "That's how I'd like to use it too!" and it would help me drive and se the problems I have as being solvable by this too rather than seeing a tool/solution looking for a problem. (not implying you're that, but without examples/use cases that's the default way I think)

by michaelsbradley

1 subcomments

Anyone attempting something similar for Qt/QML based apps?

by starik36

1 subcomments

How do you install it into Claude Desktop? I tried the following, but it fails.

    "vibium": {
      "command": "npx",
      "args": [
        "-y",
        "@vibium/mcp@latest"
      ]
    }

by xpe

0 subcomment

I'm thinking about various security models. When it comes to browser integration, I'm particularly interested in defense-in-depth rather than trusting the shIP activities to the captAIn.
Bad puns aside, this is an important area! Many of us want to know what people are building (or should be built) to put security front and center -- or at least integrated --rather than an afterthought. Components might include: sandboxing, access rules, logging, honey-pot mode, perhaps even read-only access for a "protector" agent. (Another common approach here is wishful thinking such as "this ship is unsinkable", but that ship has sailed for me.)
Putting on my dark humor hat, if all else fails, there could be a "time to panic" mode triggered by certain criteria (e.g. a regex matching "your bank account balance is $0").
What can biology teach us? When you think about defense-in-depth for "insider threats" in the human body, what comes to mind? There are many; here is one: reflexes. Your motor planning neurons might send your hand towards a hot surface and succeed, but they will be quickly countermanded [1] by a reflex arc [2].
P.S. Please don't interpret my style as a lack of seriousness. If used carelessly, this technology opens up some impressive botnet potential. Luckily, with the benefit of wishful thinking or just flat-out ignorance, we can trust humans and AIs to be adequately trustworthy. [2] [3]
[1]: maybe overruled is a better term?
[2]: https://en.wikipedia.org/wiki/Reflex_arc
[3]: https://www.schneier.com/blog/archives/2007/02/the_psycholog...
[4]: https://www.anthropic.com/research/agentic-misalignment

0 subcomment

by cboyardee

0 subcomment

[dead]

by maximgeorge

0 subcomment

[flagged]