AgentCore Browser: Run AI Agents Behind Your Firewall

• TL;DR
• Amazon Bedrock’s AgentCore Browser now supports corporate proxies, persistent browser profiles, and Chromium‑style extensions—making agentic AI usable inside enterprise networks.
• Proxy routing integrates with AWS Secrets Manager (AWS’s Python SDK is boto3). Profiles preserve cookies/localStorage so agents can resume authenticated workflows. Extensions load from Amazon S3 to customize behavior.
• These features unlock practical AI automation for sales, QA, support, and regulated scraping—but you’ll need governance for secrets, profile retention, and extension supply chain security.

Why this matters for AI agents and AI automation

Agentic AI demos are great until they hit real corporate constraints: allowlists, multi‑step SSO, or internal apps behind a proxy. AgentCore Browser addresses those operational blockers with three enterprise features that map directly to IT controls: proxy configuration for stable egress and centralized logging, session persistence so agents can pick up mid‑workflow, and Chromium extension support to inject enterprise glue (auth helpers, content transforms, logging).

Think of a browser profile as the agent’s wallet—cookies and local storage are the credentials and receipts it carries between visits. Proxies are the corporate highway tollbooths and checkpoints. Extensions are the tools the agent can wear to adapt to each site’s rules.

How AgentCore Browser Enables AI Agents Behind Corporate Proxies

At a glance: AgentCore Browser routes traffic through HTTP/HTTPS proxies (credentials stored in Secrets Manager), preserves session state across runs with browser profiles, and loads Chromium extensions from S3. Together, these features make AI agents practical for production workflows that require authentication, IP allowlisting, and audit trails.

How it works — in plain English

• Proxy routing: You tell AgentCore which corporate proxy to use and for which domains. Credentials for authenticated proxies are pulled from AWS Secrets Manager (a managed service that stores credentials securely).
• Session persistence: Create a browser profile, let the agent work, then save that profile. Next session, restore it so the agent resumes without logging in again.
• Extensions: Package Chromium extensions as ZIPs, upload to Amazon S3, and reference them when starting a session. Extensions can block ads, inject tokens, or add auditing hooks.

Quick example: one‑page e‑commerce scenario

1. Agent logs into a user account using SSO (profile preserves cookies).
2. Agent adds items to a shopping cart and leaves the session (profile saved).
3. Later, Agent restores the profile, completes checkout; all outbound requests go through a corporate proxy with a stable egress IP for allowlisting.

This three‑step flow shows why session persistence and proxy stability move agentic AI from demo to business value—no repeated logins, consistent IPs for compliance, and centralized logs for audit.

Feature deep dive

Proxy configuration and routing rules

• Route HTTP/HTTPS traffic through corporate proxies; support for authenticated proxies with credentials fetched from AWS Secrets Manager.
• Domain‑based routing: domainPatterns and bypass.domainPatterns let you choose which proxy handles each request.
• Routing precedence: bypass list → each proxy’s domainPatterns (in the configured order) → default proxy. This first‑match logic simplifies handling internal vs. external traffic.

“Proxy configuration provides IP stability and lets agent traffic integrate with corporate network infrastructure.” — AWS team

Session persistence with browser profiles

• Profiles preserve cookies and localStorage between sessions so agents can resume authenticated work without re‑authenticating.
• Typical lifecycle: create a profile, run a session, save that session to the profile, start new sessions with the profile, delete when done.
• Use cases: multi‑step checkout flows, CRM automation for sales reps, multi‑page support workflows that require state retention.

“Browser profiles save and restore cookies and local storage so agents can resume authenticated work without re‑logging.” — AWS team

Chromium extensions from Amazon S3

• Upload zipped Chromium/Chrome extensions to S3 and reference them at session start.
• Extensions can inject auth tokens, block noise (ads), transform page content for scraping, or add hooks that emit audit evidence.
• Follow Chromium extension guidelines and perform supply‑chain/security reviews before use.

“Browser extensions enable ad blocking, authentication helpers, or other browser‑level customization and can support audit and access‑control evidence for compliance programs.” — AWS team

Use cases that translate to business impact

• AI for sales: Agents that log into CRM, pull prospect data, and initiate outreach—session persistence saves time and avoids repeated SSO prompts.
• AI for QA and testing: Automated, authenticated end‑to‑end tests for personalization and checkout flows; saves manual tester hours and accelerates release cycles.
• AI for support: Agents that navigate customer portals to gather troubleshooting info—proxies and profiles make this reliable inside corporate networks.
• Regulated scraping & monitoring: Stable egress IPs and proxy logs simplify allowlisting and audit evidence for FedRAMP, HITRUST, or PCI contexts.

Alternatives and tradeoffs

Compare this approach with RPA and custom headless browser stacks:

• RPA: Better at desktop and UI automation across apps, but often brittle for web flows and harder to scale for headless, autonomous agents.
• Custom headless stacks: Give full control but require building proxy integration, profile persistence, and extension management yourself—duplicating what AgentCore now offers.
• AgentCore Browser: Bridges agentic AI with enterprise controls out of the box, reducing integration time but still requiring governance work on secrets, profiles, and extensions.

Security, compliance, and governance checklist

1. Encrypt persisted profiles at rest and in transit (use AWS KMS).
2. Define retention windows for saved profiles; automate deletion hooks.
3. Store proxy credentials in AWS Secrets Manager and enforce rotation policies.
4. Use least‑privilege IAM roles to limit who can create, read, or delete profiles and extensions.
5. Host extension artifacts in a private S3 bucket with object‑level access controls and signing where possible.
6. Perform static and dynamic security reviews on extensions before deployment.
7. Capture proxy logs and correlate them with agent identities in your SIEM for audit trails.
8. Isolate profiles per user/account where possible; avoid sharing profiles across many agents unless you have a strong reason and compensating controls.
9. Test proxy throughput and latency under load—proxies can become choke points at scale.
10. Document data flows and get compliance signoff for sensitive PII stored in profiles (cookies/localStorage).

POC roadmap: 4 steps to validate in a week or two

1. Prototype (1–2 days): Run a simple AgentCore session that visits an external site via a corporate proxy. Use a Secrets Manager secret for credentials.
2. Session persistence (2–3 days): Create a profile, log into a test account, save the profile, and restore it in a new session to prove state continuity.
3. Extension test (2–3 days): Upload a simple extension (e.g., token injector or logger) to S3, load it into a session, and confirm behavior and logs.
4. Governance validation (ongoing): Run security reviews for artifacts, validate SIEM integration with proxy logs, and define retention/rotation policies.

What to watch for (gotchas)

• Persisted profiles may hold sensitive tokens—treat them as secrets. Don’t store long‑lived credentials in profiles unless necessary.
• Concurrent access: sharing a single profile across many concurrent agents can cause state conflicts—prefer per‑agent or per‑user profiles.
• Proxies add latency. Measure throughput and watch for rate limits, especially for high‑frequency automation.
• Extensions are a supply‑chain risk. Only deploy vetted, signed artifacts and use private S3 buckets with strict access controls.

Quick, useful code sketch (AWS Python SDK / boto3 style)

# Pseudocode (high-level)
from boto3 import client
agent = client('bedrock-agentcore')

# Start session with proxy config and profile
agent.start_browser_session(
  proxyConfiguration={ 'proxies': [...], 'secretsManagerSecret': 'arn:aws:secretsmanager:...'},
  profileConfiguration={'profileId': 'prf-123'},
  extensions=['s3://bucket/extensions/extension.zip']
)

Note: This is a conceptual snippet. Refer to the AgentCore samples repo for full boto3 examples and parameter details.

Key questions answered

• How can an AgentCore Browser session use a corporate proxy?
  Provide proxyConfiguration when starting a session; AgentCore can retrieve proxy credentials from AWS Secrets Manager and route traffic according to domainPatterns and bypass lists.
• How do sessions retain authenticated state across runs?
  Create and save a browser profile (cookies/localStorage) after a session, then restore it in subsequent sessions using profileConfiguration.
• Can custom browser behavior be injected into agent sessions?
  Yes—package Chromium extensions as ZIP files, upload to Amazon S3, and reference them when starting a session to add ad‑blocking, auth helpers, token injection, or logging.
• Are these features ready for regulated environments?
  They’re designed to help by enabling stable egress IPs, proxy logging, and extension hooks for evidence—but you still need policies for key management, profile retention, and extension governance to meet FedRAMP, HITRUST, or PCI requirements.

Next steps

For teams evaluating AI automation for sales, QA, or support, these AgentCore Browser enhancements remove many technical barriers to production. Start with a focused POC that proves profile persistence, proxy routing, and a vetted extension. Pair that with a security checklist and a SIEM ingestion plan so auditability becomes part of the design, not an afterthought.

If you want help mapping these features to a specific workflow—sales playbooks that require CRM sessions, automated QA with cart persistence, or secure competitive monitoring—there are repeatable patterns that reduce risk and speed deployment.

Meta suggestions for publishing
Meta title: “AgentCore Browser: Run AI Agents Behind Your Firewall”
Meta description: “Learn how Amazon Bedrock’s AgentCore Browser uses proxies, persistent profiles, and Chromium extensions to make agentic AI enterprise‑ready.”

Internal links to consider: Amazon Bedrock docs, awslabs/amazon-bedrock-agentcore-samples on GitHub, and previous saipien.org pieces on AI for sales and AI automation architecture.