Show HN: AI agent that rotates your passwords (browser-use and zero-knowledge) (thepassword.app)

A new AI agent for automated password rotation pairs a cloud LLM navigator with a local execution engine to change passwords in your browser while keeping credentials off the server. The system sends only DOM structure and screenshots to the cloud model (Gemini 2.5 Flash), which returns step-by-step navigation instructions; any credentials are stripped locally before leaving the device. The local component injects passwords directly into the page via the Chrome DevTools Protocol, supports CSV import of accounts, keeps passwords in RAM only for the duration of each rotation, garbage-collects them afterward, and offers a “visible” browser mode with a kill switch so users can watch and immediately stop any action. For the AI/ML community this illustrates a pragmatic zero-knowledge design for LLM-driven automation: use an LLM for UI reasoning while confining secret handling to a local trusted path. Key technical points include the split-architecture (cloud navigator + local injector), reliance on CDP for credential entry, ephemeral in-memory secrets, and the risk-reduction from not maintaining a cloud vault. Important implications: developers must secure the local agent and browser extension, consider leakage via screenshots/DOM context, and validate LLM actions robustly to avoid harmful UI interactions—trade-offs that point toward hybrid on-device/cloud patterns for privacy-sensitive AI tooling.