Show HN: Smooth – Faster, cheaper browser agent API
smooth.shHey there HN! We're Antonio and Luca, and we're excited to introduce Smooth, a state-of-the-art browser agent that is 5x faster and 7x cheaper than Browser Use (https://docs.circlemind.co/performance).
We built Smooth because existing browser agents were slow, expensive, and unreliable. Even simple tasks could take minutes and cost dollars in API credits.
We started as users of Browser Use, but the pain was obvious. So we built something better. Smooth is 5x faster, 7x cheaper, and more reliable. And along the way, we discovered two principles that make agents actually work.
(1) Think like the LLM (https://x.com/karpathy/status/1937902205765607626).
The most important thing is to put yourself in the shoes of the LLM. This is especially important when designing the context. How you present the problem to the LLM determines whether it succeeds or fails. Imagine playing chess with an LLM. You could represent the board in countless ways - image, markdown, JSON, etc. Which one you choose matters more than any other part of the system. Clean, intuitive context is everything. We call this LLM-Ex.
(2) Let them write code (https://arxiv.org/pdf/2401.07339)
Tool calling is limited. If you want agents that can handle complex logic and manipulate objects reliably, you need code. Coding offers a richer, more composable action space. Suddenly, designing for the agent feels more like designing for a human developer, which makes everything simpler. By applying these two principles religiously, we realized you don't need huge models to get reliable results. Small, efficient models can get you higher reliability while also getting human-speed navigation and a huge cost reduction.
How it works:
1. Extract: we look at the webpage and extract all relevant elements by looking at the rendered page.
2. Filter and Clean: then, we use some simple heuristics to clean up the webpage. If an element is not interactive, e.g. because a banner is covering it, we remove it.
3. Recursively separate sections: we use several heuristics to represent the webpage in a way that is both LLM-friendly and as similar as possible to how humans see it.
We packaged Smooth in an easy API with instant browser spin-up, custom proxies, persistent sessions, and auto-CAPTCHA solvers. Our goal is to give you this infrastructure so that you can focus on what's important: building great apps for your users.
Before we built this, Antonio was at Amazon, Luca was finishing a PhD at Oxford, and we've been obsessed with reliable AI agents for years. Now we know: if you want agents to work reliably, focus on the context.
Try it for free at https://zero.circlemind.co/developer
Docs are here: https://docs.circlemind.co
Demo video: https://youtu.be/18v65oORixQ
We'd love feedback :)
Super impressive demo. Seems a lot faster than alternatives. How did you achieve that?
Thanks! It all boils down to (1) using small and efficient models, and (2) insisting on good context engineering. We describe the browser state in a way that's both compact and meaningful. This allows us to use tiny LLMs under the hood.
Do you support writing deterministic extractor scripts? I want to use an agent like this primarily as a way to help me write and refine deterministic extraction scripts, rather than involving the LLM for every iteration. If you don't yet, would you be up for talking about it? (And if so, should I email you or schedule an enterprise demo)?
We don't support this yet, but we'd love to talk about it. Feel free to book a demo!
Hi, thanks for sharing.
My main concern with these browser agents are how are they handling prompt injection. This blog post on Perplexity's Comet browser comes to mind: https://brave.com/blog/comet-prompt-injection/.
Also, today Anthropic announced Claude for Chrome (https://www.anthropic.com/news/claude-for-chrome) and from the discussion on that (https://news.ycombinator.com/item?id=45030760), folks quickly pointed out that the attack success rate was 11.2%, which still seems very high.
How do you plan to handle prompt injection?
This is a very valid concern. Here are some of our initial considerations:
1. Security of these agentic system is a hard and important problem to solve. We're indexing heavily on it, but it's definitely still early days and there is still a lot to figure out.
2. We have a critic LLM that assesses among other things whether the website content is leading a non-aligned initiative. This is still subject to the LLM intelligence, but it's a first step.
3. Our agents run in isolated browser sessions and, as per all software engineering, each session should be granted minimum access. Nothing more than strictly needed.
4. These attacks are starting to resemble social engineering attacks. There may be opportunities to shift some of the preventative approaches to the LLM world.
Thanks for asking this, we should probably share a write-up on this subject!
> 2. We have a critic LLM that assesses among other things whether the website content is leading a non-aligned initiative. This is still subject to the LLM intelligence, but it's a first step.
> [...]
> 4. These attacks are starting to resemble social engineering attacks. There may be opportunities to shift some of the preventative approaches to the LLM world.
With current tech, if you get to the point where these mitigations are the last line of defense, you've entered the zone of security theater. These browser agents simply cannot be trusted. The best assumption you can make is they will do a mixture of random actions and evil actions. Everything downstream of it must be hardened to withstand both random & evil actions, and I really think marketing material should be honest about this reality.
I agree, these mitigations alone can't be sufficient, but they are all necessary within a wider framework.
The only way to make this kind of agents safe is to work on every layer. Part of it is teaching the underlying model to see the dangers, part of it is building stronger critics, and part of it is hardening the systems they connect to. These aren’t alternatives, we need all of them.
I just wrote a complex prompt and it did a good job. How do you do evals or testing of your project?
Thanks for trying it out! We rely on a mix of internal benchmarks and academic benchmarks like WebVoyager.
Is there a way to sign up without Google SSO?
Not at the moment. Happy to run a task on your behalf if you'd like!
So you're shamelessly selling spambots? The marketing here is wild... "proxy rotation"... "auto-CAPTCHA solvers"
Looks really good!
Thanks!