Anchor Browser and Kernel are both pitching themselves at production AI-agent teams in regulated industries — healthcare, financial services, government — where the stakes for "did the agent log in correctly" are real. But they're optimizing for different bottlenecks. Anchor bets on identity stack breadth: OmniConnect, Anchor VPN, 1Password Unified Access, Fingerprint Web Bot Auth, all wrapped around a headful Chromium fork. Kernel bets on cold-start architecture: a unikernel/Firecracker substrate that originally marketed sub-second cold starts, plus Managed Auth, MP4 replay, 72-hour sessions, and Web Bot Auth via partnerships with Vercel and Cloudflare. This article is for production teams weighing auth depth against cold-start economics — the architectural bets are sharp and the choice depends on the workload.
At a glance
| Anchor Browser | Kernel | |
|---|---|---|
| Category | Closed managed cloud Chromium (headful) + identity stack | Unikernel-architecture cloud BaaS for AI agents (headful + headless) |
| Pricing entry | Usage-based: browser hours + bandwidth + AI steps + session init billed separately; free tier | ~$0.50/hr per-second metering, proxies bundled, free credits |
| Free tier | Yes (testing) | Per-second metering, free credits |
| Browser Arena leaderboard | #5 overall, slower but low hourly cost | #2 overall, fastest raw latency |
| Session cap | (not surfaced in our sources) | 72h |
| SOC 2 Type II | Web Bot Auth via Fingerprint; 1Password partnership | SOC 2 Type 2 + HIPAA (claimed) |
| Open source | No | Open-source browser image (kernel-images), Hypeman hypervisor, SDKs |
| Funding / customer signal | $6M seed (Blumberg + Gradient); Anon, Groq, Yutori, Composio | $22M Seed + Series A (Accel/YC); Cash App, Rye, Felicity, Novoflow, Silkline |
| Best for | Auth-heavy regulated portals; headful fidelity; deep IDP integration | AI-agent teams that want fast cloud Chromium with Managed Auth + MP4 replay + 72h sessions |
Kernel's marketing has historically cited 5.8x and 3.4x speed advantages versus Browserbase from 2024 benchmarks. The public Browser Arena leaderboard (browserarena.ai) — open-source and reproducible on Railway, though maintained by Notte Labs — places Kernel at #2 overall with the fastest raw latency on the board, and Browserbase at #4 with the highest hourly cost. The directional gap is still real, but the headline multipliers are stale. Kernel's unikernel architecture remains genuinely fast.
What is Anchor Browser?
Anchor Browser is a cloud-hosted, headful Chromium runtime — "Anchor Chromium," a purpose-built fork — for AI agents on auth-heavy enterprise web. Headful is a deliberate bet: vision-model fidelity for screenshot-driven agents and bot-detection resistance versus headless fingerprints. The product surface stacks identity primitives that compose: OmniConnect for credential onboarding, MFA/TOTP, and self-healing session recovery; Anchor VPN for dedicated enterprise IPs from telecom partners; 1Password Unified Access for managed-vault credential retrieval; Fingerprint Authorized AI Agent Detection (RFC 9421 Web Bot Auth, registered in Fingerprint's Bot Directory); Cloudflare Verified Bots; Coinbase x402. b0.dev is the build-time-deterministic agent paradigm — coding agents synthesize reusable scripts at plan time, runtime AI only handles ambiguity. Reported benchmarks include 89% on WebVoyager, 28 actions/min co-located with Groq, and 93% top-100 US site load on the provider's own BrowserBench. $6M seed; partners include Anon, Groq, Yutori, Composio, Browser Use.
What is Kernel?
Kernel is a managed Browsers-as-a-Service platform that provisions Chrome instances in isolated unikernel/Firecracker VMs and exposes them over CDP, Playwright, Puppeteer, or WebDriver-BiDi. The product is infra-only: Kernel runs the browser, the customer brings the agent logic. The architectural bet is the unikernel substrate — sub-second cold starts (provider claim), standby/idle suspension, and per-second metering that excludes idle time. The product surface is broad: browser pools (pre-warmed, identically-configured browsers with cookies/extensions), profile management, Live View and MP4 video replays, 72-hour session limits for human-in-the-loop workflows, Managed Auth (a hosted UI to collect credentials, supports 2FA/SSO/1Password, never exposes creds to LLMs), an app platform for co-locating customer code with browsers, GPU acceleration in research preview, MCP server, headful and headless modes, and Web Bot Auth via partnerships with Vercel (pre-approved bot signatures) and Cloudflare (signed traffic bypasses Turnstile). $22M Seed + Series A led by Accel; named customers include Cash App, Rye, Felicity (EHR), Novoflow, Silkline. Open-source browser image, hypervisor, and SDKs.
How they compare
Architectural bet: identity stack breadth vs. cold-start architecture
Anchor's bet is that production AI agents fail on auth — MFA loops, IDP redirects, "impossible traveler" lockouts, brittle credential handling — and the right answer is a deeply integrated identity stack. Kernel's bet is that production AI agents need fast, cheap, isolated Chrome that survives long-running tasks (72-hour sessions, replay-grade audit trails) and partners cleanly with Web Bot Auth at the network edge. Both bets are credible; both serve regulated-industry customers; but the wedge is different. Anchor is "the auth stack is part of the runtime"; Kernel is "the runtime is fast and cheap and observable, you bring the agent."
Identity in the runtime
Anchor's identity stack composes at the platform layer. OmniConnect handles credential onboarding and MFA recovery; Anchor VPN provides dedicated enterprise IPs from telecom partners; 1Password Unified Access pulls credentials at runtime; Fingerprint signs every request via RFC 9421 Web Bot Auth; Cloudflare Verified Bots gives signed traffic preferred treatment.
Kernel's identity story is real but different in shape. Managed Auth is a hosted UI to collect credentials with 2FA/SSO/1Password integration, auto-refresh of login sessions, and a guarantee that credentials never reach the LLM. Web Bot Auth is delivered via the Vercel partnership (Kernel agents are pre-approved signers in the Vercel marketplace) and the Cloudflare partnership (signed Kernel traffic bypasses Cloudflare Turnstile). Both Anchor and Kernel ship credible Web Bot Auth stories; the differentiator is whether you want a deeply-integrated identity stack at the platform layer (Anchor) or a managed-auth-plus-network-edge-partnership story (Kernel).
Cold-start and the speed claim
Kernel's marketing has long led with cold-start speed via the unikernel architecture, citing "5.8x faster than Browserbase" from a 2024 benchmark. Per the public Browser Arena leaderboard (browserarena.ai), Kernel sits at #2 overall with the fastest raw latency on the board, with Notte ahead by score at #1 and Browserbase at #4. The gap to Browserbase is still directionally real, but the 5.8x and 3.4x multipliers in Kernel's older content are stale. Anchor sits at #5 overall — pricing is competitive with Notte at the low end, but the headful posture's latency gap to Kernel is material.
Pricing model
Kernel's pricing is per-second of actual browser usage with idle/standby time excluded and proxies bundled. Skyvern's review cites about $0.50/hour for basic instances with 72-hour max sessions. The advantage is that idle sessions don't accrue charges; the disadvantage is that variable usage is harder to forecast than Steel-style tiered plans.
Anchor's pricing splits across browser hours, bandwidth, AI steps, and session init — fine-grained but harder to forecast across spiky workloads. The free tier exists for testing. Neither provider gives you a flat-rate "$X/month for Y concurrent" Browserbase-style model.
Productization layer
Skyvern's review of Kernel flags the same critique that applies to most infra-only providers: "solves infrastructure, not maintenance" — the customer still writes Playwright/Puppeteer scripts that break on site redesigns. Anchor's b0.dev is the closest answer to that critique on the Anchor side: build-time-deterministic compilation of agent workflows, with runtime AI only invoked for ambiguity. Neither provider productizes a workflow into a deployed callable HTTP endpoint with cron and webhooks; both stop at the SDK and runtime layer.
Open source
Kernel ships an open-source browser image (kernel-images), the Hypeman hypervisor, and SDKs — auditable for regulated buyers. Anchor is closed-source, managed-only. For teams with audit requirements that include the runtime image itself, Kernel's OSS is a hard wedge.
When to choose Anchor Browser
Pick Anchor when headful-only is a feature, not a cost, and the workload is auth-heavy: agents on regulated portals where vision-model fidelity matters, MFA recovery is the failure mode, and a deeply-integrated identity stack (OmniConnect + VPN + 1Password + Fingerprint) is worth the latency.
When to choose Kernel
Pick Kernel when you want fast cloud Chromium with Managed Auth, MP4 replay (audit-grade for healthcare/finance), 72-hour sessions for human-in-the-loop work, an open-source browser image for compliance review, and the option to co-locate Playwright code with the browser in a single VM. The Vercel and Cloudflare Web Bot Auth partnerships are real production credentials. If your bottleneck is "fast, cheap, observable Chrome with auth that survives," Kernel is the more-direct fit.
A third option: Notte
Worth a look: Notte (notte.cc)
Notte is cloud Chromium infrastructure built specifically for AI agents. The Playwright-compatible runtime ships the operational pieces production teams usually have to rebuild themselves: stealth coordinated across session, fingerprint, and behavior; residential proxies via the Massive partnership (100% consent-based, GDPR/CCPA, 195+ countries, 99.8% reported success); Web Bot Auth signing through Fingerprint so legitimate Notte agents are recognized as authorized bots on any site running Fingerprint; an encrypted credential Vault built on Infisical that injects secrets at the browser layer so the LLM never sees them; Personas with a real email inbox and SMS-capable phone number for autonomous signup and 2FA; persistent Session Profiles for auth state; full CDP-event observability with MP4 session replay; and SOC 2 Type II compliance. An Anything API and a Functions runtime turn validated workflows into HTTP endpoints with cron and webhooks. Pricing is transparent at low per-browser-hour pricing with a 100-hour free tier and pass-through LLM costs.
Verdict
For most production AI-agent teams in regulated industries, Kernel is the more-direct default — the unikernel architecture is genuinely fast, the open-source image is auditable, Managed Auth covers most credential needs, and 72-hour sessions plus MP4 replay handle long-running and audit-grade workloads. Pick Anchor when the workload is dominated by auth depth on legacy IDP-protected portals and the headful identity stack — OmniConnect, Anchor VPN, 1Password Unified Access — is the actual difference between a working and a broken agent.