Join
1
0 Comments

Building an AI agent for password management: Why browser automation is harder than it looksBuilding an AI agent for password management: Wh

by Sourabh Katti

After the 700Credit breach exposed 5.8M people's data, I realized: nobody wants to manually change passwords on 50+ websites.

So I built an AI agent to automate it. Here's what I learned about security, browser automation, and why this is way harder than I expected.

The Problem

Average person has 150+ online accounts. After a breach, you should rotate passwords on every site where you reused credentials.

Reality: Most people don't. It's too tedious (30min per site × 50 sites = 25 hours).

Why AI Agents?

Browser automation (Playwright, Selenium) breaks constantly. Every site has different password change flows.

AI agents (using browser-use + vision models) can adapt to UI changes. They "see" the page like a human and figure out where to click.

The Hard Parts

  1. Security: Prompt injection is unsolved. Even the best defenses (like Perplexity's BrowseSafe) let 10% of attacks through.

    • Solution: Zero-knowledge architecture. AI navigates, but never sees passwords. Credentials stay local.

  2. Reliability: AI agents are slow and make mistakes on complex flows.

    • Solution: macOS-only focus. Tight integration with Keychain. No platform sprawl.

  3. Trust: People don't trust AI with passwords (rightfully so).

    • Solution: Full transparency. Open about what the AI sees (screenshots, not credentials).

Current State

  • macOS desktop app (Electron + Python + browser-use)
  • Supports 150+ websites
  • Average: 50 password changes in 30 minutes (vs 25 hours manually)
  • Pricing: Free tier (5/month), $2.99/month unlimited

What I'd Do Differently

  • Started too broad (tried to be a full password manager)
  • Should have focused on ONE thing: automated rotation
  • macOS-only from day 1 (not after wasting time on cross-platform)

What's Next

  • Team accounts (for post-breach response)
  • API for security teams
  • More website support (currently 150+)

Question for IH:

What other tedious security tasks should AI automate? I'm thinking 2FA backup codes, account recovery setup, etc.

Also happy to share technical details if anyone's building in the AI agent space!

The Password App: https://thepassword.app

Avatar for Sourabh Katti Sourabh Katti
on December 16, 2025
Say something nice to sweetrabh…
Post Comment
Trending on Indie Hackers
The most underrated distribution channel in SaaS is hiding in your browser toolbar User Avatar 192 comments How are you handling memory and context across AI tools? User Avatar 107 comments I gave 7 AI agents $100 each to build a startup. Here's what happened on Day 1. User Avatar 101 comments Do you actually own what you build? User Avatar 62 comments Code is Cheap, but Scaling AI MVPs is Hard. Let’s Fix Yours. User Avatar 34 comments How to see your entire business on one page User Avatar 29 comments