AI Subroutines runs automation scripts inside your browser tab

April 18, 2026
aisecurityprivacyhardware
High-tech industrial automation system with control panels indoors.
Photo by Ludovic Delot on Pexels

The pitch

It has been reported that rtrvr.ai is pitching a different answer to flaky web automation: don’t run agents out-of-process — run them inside the page. Most LLM-based web agents can do a thing once, but a thousand times? Tokens, latency, randomness — the costs and error modes multiply fast. Frustrating, yes. Dangerous for CRM and outreach where "the agent clicked the wrong button this time" is a business failure, not a cute bug.

How it works

The trick, allegedly, is to record and replay from the browser’s own execution context. An extension patches fetch/XHR in the main world (with Chrome’s webRequest API as a fallback) to capture the tab’s real requests — FormData, Blobs, raw bytes and all — then replays those requests from the page later so the browser attaches the same cookies, runs the same JS to compute signed headers, and uses the same TLS session. No Puppeteer, no separate headless worker, no out-of-band session rebuild. Auth, CSRF tokens, request signing and fingerprint-bound parameters, it is claimed, “propagate for free.” Neat, right? Also a little bit of handing the agent the same keys the user has. Yikes? Also genius.

Cutting the noise

There’s a second engineering problem: a minute of browsing spawns hundreds of requests. Which three are the real API calls? rtrvr scores and prunes the capture before any LLM sees it — first-party vs third-party (+20/−15), known telemetry hosts (−80), tight temporal correlation to the DOM event (+28 within 800ms, +16 within 2.5s), mutating methods and payload shape (+35 for POST/PUT/PATCH/DELETE, +8 for bodies), response quality (+12 for 2xx, −25 for 4xx+), and volatile operation identifiers (−18). The result is a much smaller, higher-signal set for the generator to act on. Is this the end of brittle scraping? Maybe. It promises deterministic, low-latency automation — but it also raises obvious security and permission questions around extensions and in-tab execution. Time will tell whether running agents where the user already runs is the practical pivot the industry needed.

Sources: rtrvr.ai, Hacker News