WebRun is a real-time browser automation infrastructure for AI agents. It enables AI systems to browse websites, extract data, fill forms, and complete tasks in seconds using real Chrome browsers on real desktop environments, with sub-100ms response times.

How fast is WebRun compared to other browser automation tools?

WebRun achieves 125x faster time-to-first-action (under 100ms vs 100+ seconds for traditional tools), 15x faster average task completion (45 seconds vs 2-5 minutes), and 4x more actions per minute (100+ actions vs 15-25 actions). Most tasks return results in a single synchronous request without polling or job queues.

Can WebRun bypass Cloudflare and other anti-bot systems?

Yes. WebRun runs real Chrome browsers on real desktop environments with authentic hardware signatures, native GPU rendering, and genuine WebGL and canvas fingerprints. This makes WebRun sessions indistinguishable from human browsing, passing detection systems like Cloudflare, PerimeterX, and DataDome.

What is the difference between headless and headful browser automation?

Headless browsers run without a visible interface and are easily detected by anti-bot systems due to missing GPU signatures and browser fingerprint anomalies. Headful browsers like those used by WebRun run in real desktop environments with full rendering capabilities, making them undetectable and compatible with sites that break in headless mode, including banking portals and e-commerce checkouts.

How does WebRun handle errors and page changes during automation?

WebRun uses a three-layer redundancy system: Vision Execution acts directly on what it sees without relying on CSS selectors, AI Verification detects and adapts to page changes and layout shifts in under 1 second, and CDP Fallback provides a safety net for edge cases. This achieves 95% task completion rates with sub-second error recovery.

What integrations does WebRun support?

WebRun integrates via REST API, WebSocket, OpenAI-compatible API, and MCP Server. It works with no-code platforms including n8n, Make, Zapier, and Clay. Results can be delivered via webhooks or direct API response.

How much does WebRun cost?

WebRun uses pay-as-you-go pricing with no monthly minimums or setup fees. Input tokens cost $0.60 per million, output tokens cost $1.80 per million, with an average cost of approximately $0.03 per task. Volume discounts are available.

What can I automate with WebRun?

WebRun can automate any browser-based workflow including lead enrichment, data extraction from dynamic websites, cross-platform orchestration across Gmail, Sheets, and CRMs, insurance verification, real-time price monitoring, form filling, and parallel research tasks across multiple browser sessions.

Does WebRun work with AI agents and LLMs?

Yes. WebRun is built specifically for AI agents. It accepts natural language task descriptions, provides structured data outputs, and integrates with AI frameworks via MCP Server and OpenAI-compatible API. AI agents can describe what they need and WebRun handles browser execution automatically.

Can I watch WebRun sessions in real-time?

Yes. WebRun provides live session viewing so you can watch automation tasks execute in real-time. Session recordings and detailed action logs are also saved for review and debugging.

Automation Policies

Every action. Checked in real time.

Automation Policies watch every click, keystroke, and navigation — blocking dangerous actions and pausing for human approval before they happen.

Start Free View Docs →

crm.salesforce.com/contacts

Contacts Search contacts...

Name	Company	Email
Sarah Chen	Acme Corp	[email protected]
James Okafor	Initech	[email protected]
Maria Gonzalez	Globex	[email protected]
David Park	Hooli	[email protected]

Policy Evaluation · CRM Safety pol_crm_01

Domain Rules

baddomain.com → Block

Action: Click → Keyword

contains “delete” → Guardrail

✓ MATCH — target element contains “delete”

Navigation Rule

*/admin/* → Block

Sensitive Data: SSN

\b\d{3}-\d{2}-\d{4}\b → Block

Watching session…

“Click” on element containing “Delete”
Rule: Action Rules → Click → Keyword “delete”
Policy: CRM Safety (pol_crm_01)

Why Policies

Agents are powerful. That’s the problem.

An agent with CRM access can export every record. An agent on your banking portal can initiate transfers. Most platforms handle this with prompt instructions the agent can ignore. WebRun enforces it at the infrastructure layer — before the action reaches the browser.

Without Policies

Agent

Browser

Uncontrolled

Direct access. No interception. No audit trail.

With Policies

Agent

Policy Engine

Browser

Enforced

Every action checked, blocked, or paused for approval.

How It Works

Every action. Checked before it runs.

1 Agent proposes

Summarize client emails

“Q3 Budget Review”

“Vendor Invoice #8491” ◊ prompt injection

navigate(“bank.com/transfer”)

2 Policy evaluates

domain *.bank.com → blocked

action navigation → allowed

keyword "transfer" → guardrail

Most restrictive outcome wins.

3 Enforcement

Result Blocked

Reason Domain rule matched *.bank.com

Action Halted — browser did not navigate

Domain Control

Control where your agent can go.

Domain Rules determine which websites your agent is allowed to visit. Set the mode, add your patterns, and every navigation attempt is checked before the browser moves.

Default

Allow All

The agent can visit any domain unless you explicitly block specific ones. Use this when your agent needs broad access but certain sites are off-limits.

Strict

Allowlist

The agent can only visit domains you explicitly list. Everything else is blocked. Use this for tightly scoped workflows — your CRM, your vendor portal, nothing else.

Flexible

Blocklist

The agent can visit everything except the domains you list. Use this when the universe of valid sites is large but certain categories are always forbidden.

Capabilities

Limit what your agent can access.

Restrict entire categories of agent capability. Set each one to allow, block, or require approval — enforced before the agent acts.

Capability Controls

Files Manager

Access the environment's files

Allow Block Guardrail

File Download

Data export from browser

Allow Block Guardrail

File Upload

Data transfer to sites

Allow Block Guardrail

Shell Command

OS-level execution

Allow Block Guardrail

Clipboard

Copy & paste ops

Allow Block Guardrail

Enforcement Log

14:32:01 download BLOCKED

invoice_q4.pdf → policy: CRM Safety

14:32:03 upload BLOCKED

contacts.csv → drive.google.com

14:32:07 screenshot GUARDRAIL

awaiting approval…

14:32:09 shell ALLOWED

python extract.py

14:32:14 clipboard GUARDRAIL

paste to external tab → held

Action Control

Control what your agent can do.

Action Rules govern the specific operations your agent performs. Each rule targets a category of behavior and can allow, block, or guardrail it based on keywords, regex patterns, or URL paths.

Action Categories

Navigation

Page navigations, back/forward, refresh

Allow Block Guardrail

Click

Single clicks, double clicks, mouse actions

Allow Block Guardrail

Type / Keyboard

Text entry, keypresses, copy operations

Allow Block Guardrail

File Download

File transfer events (downloads)

Allow Block Guardrail

File Upload

File transfer events (uploads)

Allow Block Guardrail

Shell Command

Terminal / shell execution

Allow Block Guardrail

Clipboard

Copy, paste, select-all operations

Allow Block Guardrail

Tab Management

Opening, switching, and closing tabs

Allow Block Guardrail

Action Rules · CRM Safety

Navigation Rule

*/admin/* → Block

Action: Click → Keyword

contains “delete” → Guardrail

✓ MATCH — target element contains “delete”

Action: Type → Regex

\b\d{3}-\d{2}-\d{4}\b → Block

Agent Behavior

Tell your agent what to be.

The LLM Role is a natural-language instruction injected into every agent session. No code. No config files. Just tell it what to be.

LLM Role

Data Extractor Extract invoices. No form interaction.

You are a data extraction agent. Navigate to the approved vendor portal. Extract invoice data into structured JSON. Do not interact with forms or buttons outside the export workflow.

168 / 2,000

Research Assistant Browse and summarize. Read-only.

You are a research assistant. Only browse educational and academic sites. Summarize findings in structured notes. Never fill out forms or click buttons that submit data.

159 / 2,000

Compliance Reviewer Audit regulatory sites. No downloads.

You are a compliance reviewer. Browse the listed regulatory sites and summarize recent policy updates. Do not download files, click external links, or interact with any login forms.

179 / 2,000

Agent Session

✓ Navigated to vendor.portal.com/invoices

✓ Extracted 23 invoice records to JSON

— Skipped “Edit Contact” button

— Ignored “Submit Feedback” form

Role-guided · 4 actions evaluated

Rules define boundaries. The LLM Role defines intent.

Templates

Start secure in one click.

Pre-built policy templates give you a production-ready starting point for common compliance scenarios. Select a template, then customize the rules to fit your specific requirements.

Research Only

Read-only browsing. Blocks typing, file uploads, and shell commands. Guardrails form submissions. Regex matching for sensitive data patterns.

Financial Compliance

Guardrails on banking and payment domains. Blocks keywords like “transfer funds” and “wire transfer”. Regex matching for sensitive financial data.

Healthcare / HIPAA

Allowlist mode for approved medical portals only. Blocks SSN patterns and medical record numbers. Guardrails on patient pages. Blocks file uploads.

Strict Lockdown

Allowlist with explicit domains only. Guardrails on all typed text. Blocks shell commands and file uploads. Regex matching for all sensitive data patterns.

Compliance

Every decision. Logged and exportable.

Every enforcement decision is recorded in an immutable audit trail with full context. Export the full trail for compliance reporting, incident investigation, or regulatory review.

All Blocked Guardrail Allowed

Search events...

14:23:07 Navigate Domain: vendor.example.com Domain Rules → Allowlist Allowed

14:23:12 Click Target: “Export CSV” No matching rules Allowed

14:23:18 Type Value: ***-**-**** Sensitive Data → SSN regex Blocked

Session ID ses_8f2k9x

Policy ID pol_crm_01

Matched Pattern \b\d{3}-\d{2}-\d{4}\b

14:23:25 Click Target: “Delete Selected” Action → Click keyword Guardrail

14:23:41 Navigate URL: */admin/settings Navigation → URL pattern Blocked

Integration

One parameter. Any session.

Attaching a policy to a session takes one field: policyId. Add it when starting a session — via REST API, MCP, or the Playground.

REST API

curl -X POST https://connect.webrun.ai/start/start-session \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
    "environmentId": "env_abc123",
    "policyId": "pol_xyz789",
    "initialTask": {
      "taskDetails": "Extract invoices from vendor portal",
      "startingPoint": "https://vendor.example.com"
    }
  }'

REST API MCP Playground

A session can have a policy, an environment, both, or neither. Policies are reusable — create once, attach to any number of sessions.

Why WebRun

Governance that ships with the platform.

Most browser automation tools leave governance to you. WebRun builds it in.

Capability	WebRun Automation Policies	Typical agent platforms
Domain restrictions	Allowlist, blocklist, wildcard patterns — enforced at the navigation layer	Prompt-level instructions (agent can ignore them)
Per-action control	Block or guardrail 12 action categories independently	Not available — actions are all-or-nothing
Sensitive data detection	Regex matching on SSN, CC#, API keys — at the enforcement layer	No built-in DLP
Human-in-the-loop	Guardrails pause the session with Approve / Reject / Take Over	Manual monitoring or no mechanism
Audit trail	Immutable log of every enforcement decision with full context	Agent logs only (no structured audit)
Compliance templates	HIPAA, Financial, Research-Only, Strict Lockdown	None
Policy enforcement model	Out-of-process — agent never sees the rules	In-process — agent enforces its own permissions
Infrastructure	Managed cloud — zero self-hosting burden	Self-hosted, self-secured, self-maintained
One-line integration	`"policyId": "pol_xyz789"`	Weeks of custom governance tooling

Give your agents rules. Keep your data safe.

Start with a compliance template. Customize from there. Attach to any session with one parameter.

Start Free Book a Demo View Docs →

Free trial · No credit card · 2-minute setup

Every action. Checked in real time.

Agents are powerful. That’s the problem.

Without Policies

With Policies

Every action. Checked before it runs.

Control where your agent can go.

Allow All

Allowlist

Blocklist

Limit what your agent can access.

Environment Isolation

Control what your agent can do.

Tell your agent what to be.

Start secure in one click.

Research Only

Financial Compliance

Healthcare / HIPAA

Strict Lockdown

Every decision. Logged and exportable.

One parameter. Any session.

Governance that ships with the platform.

Give your agents rules. Keep your data safe.