Google has added built-in computer use capability to its Gemini 3.5 Flash model, bringing into the main Gemini Flash product a feature that had previously existed as a separate Gemini 2.5 computer use model. The integration places the computer use tool directly inside the primary Flash model rather than offering it only as a standalone option.
The computer use functionality is designed to let developers construct agents that can see, reason and take action across multiple endpoints - including browser, mobile and desktop environments. Google said this capability enhances performance on longer-horizon and enterprise-oriented automation tasks. The company specifically cited continuous software testing and knowledge work inside professional applications as areas that benefit from the integrated capability.
To address risks tied to agents operating in live environments, Google applied targeted adversarial training aimed at reducing vulnerabilities to prompt injection. In addition, the company rolled out two optional enterprise safeguard systems. One safeguard requires explicit user confirmation for sensitive actions, while the other automatically halts tasks if an indirect prompt injection is detected. These safeguards are optional but available for organizations seeking additional protections.
Google advises developers to layer these safeguards with operational controls. Recommended measures include secure sandboxing of agent activity, human-in-the-loop verification for critical steps, and strict access controls. The company says further safety measures and implementation guidance are documented in its best practices materials.
Access to the computer use capability in Gemini 3.5 Flash is available through the Gemini API and through the Gemini Enterprise Agent Platform. For testing purposes, Google also provides a demo environment hosted by Browserbase where developers and enterprises can experiment with the feature set.
Summary of availability and access
- The computer use feature is now integrated into Gemini 3.5 Flash rather than limited to Gemini 2.5 standalone.
- Developers can use the Gemini API and the Gemini Enterprise Agent Platform to deploy and test agents that operate across browser, mobile and desktop.
- A demo testing environment is made available via Browserbase.
Context on safety and controls
- Google implemented targeted adversarial training to mitigate prompt injection risks for agents interacting with live systems.
- Two optional enterprise safeguards require explicit confirmation for sensitive actions and can stop tasks if indirect prompt injection is detected.
- Google recommends combining these safeguards with sandboxing, human verification and strict access controls, and documents additional practices in its guidance materials.