How does Corma’s clicker agent work?

Chrome-Based Automation Layer

To reliably interact with web applications, the agent uses a secure, isolated Chrome browser environment.

The automation layer provides the agent with structured information about each page, including:

• full HTML structure

• displayed text and labels

• clickable elements and their properties

• form fields and their expected inputs

• which elements are visible, hidden, enabled, disabled, or selected

This gives the agent an accurate, machine-readable view of the interface, making it more robust than coordinate-based bots.

Step-by-Step Action Execution

1. Interpret the Page

   The agent understands which elements exist and what actions they correspond to.

2. Decide the Next Step

   Example: Enter email → Click Login → Open User Settings → Disable Account

3. Execute Actions in the Browser

   Using real Chrome actions such as:

   • clicking

   • typing

   • scrolling

   • navigating

   • waiting for elements to load

4. Validate the Result

   After each step, the agent re-reads the updated page structure to ensure success before continuing.

This loop continues until the full task is completed.

Security, Isolation & Compliance

Isolated Browser Sessions

Every automation run executes inside a dedicated, isolated Chrome session.

An agent:

• cannot access anything outside its assigned browser instance

• cannot read local files or machine data

• cannot access external systems except for the webpage it’s automating

• cannot persist data except for allowed logs

This ensures strict technical and operational isolation between clients and tasks.

Credential Handling

• All credentials come from the client’s secure vault (e.g., 1Password, Bitwarden).

• We do not store credentials on our platform.

• Depending on the client’s setup, direct integration with the secret manager may be possible.

Two-factor authentication (2FA) is supported for various integrations.

Support varies by SaaS platform and may require brief manual approval from the client, especially when a new device/browser session is detected by the service.

Transparency & Auditability

For every automation run, we can provide:

• a full video replay of the browser session

• step-by-step logs

• success/failure indicators for traceability

This ensures complete visibility into agent activity and simplifies audits.

Hosting & Deployment Model

The agentic system currently runs in the cloud (AWS), similar to most SaaS products.

If a client requires strict on-premise execution, a local deployment option may be considered in the future, but this is not yet on the product roadmap due to engineering complexity.

FAQ

• Can the agent access sensitive data such as emails, messages or files?

  1. Yes, but only what an authorized administrator can already see, and only when required to perform a task.

     The agent operates through a browser with the same visibility as a human admin. This allows it to view information such as user email addresses when performing actions like listing users or deprovisioning accounts.

     Key protections

     • Purpose-limited access: Data is only accessed when explicitly requested (e.g., listing users). There is no passive or background data collection.

     • Least privilege: Specialized agents have narrowly scoped permissions. Read-only agents cannot make changes.

     • No secret exposure: Passwords, tokens, and one-time codes are never included in prompts and are automatically redacted from logs.

     • Tenant isolation: Each customer runs in a fully isolated environment. No cross-customer access is possible.

     • Domain restrictions: The agent can only access customer-approved domains.

     • Ephemeral sessions: All sessions are terminated and cleaned up after execution.

     • Full auditability: Actions are logged and browser sessions are recorded.

     In short: the agent accesses only what’s necessary, only when asked, only within your environment, and only for the duration of the task.

• Does the agent store any of our credentials?

  1. No. Credentials remain entirely within your existing secure vault. Only success/failure logs are stored for traceability.

• What happens if a page layout changes?

  1. Because the agent reads structured HTML and uses reasoning, it can adapt to many UI changes automatically.

     If a platform undergoes major redesigns, the system may require validation or small adjustments.

• Is the automation safe to run on production accounts?

  1. Yes. The isolated Chrome environment ensures that the agent can only perform the actions it is explicitly instructed to perform.

• How does two-factor authentication work with the agent?

  • If a SaaS platform requires 2FA, the automation will pause and request manual approval if needed.

    We support various 2FA flows, and support continues to expand as more SaaS systems are integrated.

• Can clients use their own LLM provider?

  • Yes. OpenAI and Gemini are supported by default; additional providers can be integrated upon request.

• Can we host the agent locally instead of in the cloud?

  • Not today.

    On-premise hosting may be considered in the future but is not currently planned due to engineering requirements.

• Which LLM "Large Language Model"?

  • The system uses Large Language Models (LLMs) : gpt-4.1, gpt-4.1-mini and gemini-2.5-flash

• What are the the delivery model implemented?

  • The system uses public APIs from OpenAI API and Google Gemini API.

General Information: what is actually an AI Agent?

An AI agent is a software system that can understand a goal, decide how to achieve it, and autonomously take actions.

Traditional automation follows rigid, pre-defined scripts. In contrast, our AI agents use advanced reasoning (powered by Large Language Models, or LLMs) to:

• interpret interfaces dynamically

• make decisions based on context

• adapt to layout variations or unexpected changes

• carry out tasks step-by-step, similar to a trained human operator

Rather than relying on a single all-purpose agent, our architecture uses multiple specialized agents, each with limited scope and strict access controls.

Examples of Specialized Agents

• Login Agent – Handles authentication workflows

• Deprovisioning Agent – Removes or updates user accounts

• Information Extraction Agent – Retrieves or parses structured data

• Provisioning Agent – Creates and configures accounts

Each agent can only operate within the specific application areas it is assigned.

For example, an agent allowed to access Slack’s admin settings cannot read Slack conversations.

We currently use LLMs such as OpenAI and Gemini, but the system can be adapted to use other models if a client prefers—this only requires validation and performance testing.