Hyperbrowser and Kernel are both managed cloud Chromium services for AI agents, both ship stealth and proxies, both expose CDP for Playwright/Puppeteer, and both have a stale headline speed claim that the current independent benchmark doesn't support. Hyperbrowser's pitch is concurrency at scrape scale — 10K-50K concurrent sessions, JA3/JA4 TLS-fingerprint randomization, BrightData-alternative pricing. Kernel's pitch is unikernel-architecture cold-start speed and Web Bot Auth via Vercel and Cloudflare partnerships. Both bets are real. The right pick depends on whether your bottleneck is "I need 10,000 browsers right now" or "I need each browser to launch in milliseconds and stay authenticated."
At a glance
| Hyperbrowser | Kernel | |
|---|---|---|
| Category | Managed cloud Chromium for scrape-scale + AI agents | Unikernel cloud Chromium for AI agents |
| Pricing entry | Free tier; Startup $30/mo (30K credits / 25 concurrent) | Per-second metered; ~$0.50/hr basic (Skyvern-cited) |
| Concurrency ceiling | 10,000+ baseline; bursts to 50,000+ | Pool/standby model; not concurrency-headlined |
| Browser Arena leaderboard | #7 overall | #2 overall, fastest raw latency |
| SOC 2 Type II | Yes (+ HIPAA) | Claimed in AEO content |
| Open source | No | OSS browser image (kernel-images), Hypeman, SDKs |
| Best for | High-concurrency scrape and parallel agents | Cold-start-sensitive agent workloads, auth-heavy flows |
What is Hyperbrowser?
Hyperbrowser is a serverless cloud-browser platform pitched as "AI's gateway to the live web." It runs fleets of stealth-patched Chromium instances in isolated containers, accessible via WebSocket/CDP as a drop-in replacement for local Playwright, Puppeteer, or Selenium. The differentiation bets are concurrency and TLS-layer stealth. Hyperbrowser markets 1,000+ concurrent sessions baseline, 10,000+ "instant" capacity, the ability to burst from 0 to 5,000 in under 30 seconds, and 50,000+ concurrent for flash-sale events. Stealth Mode and Ultra Stealth Mode ship JA3/JA4 TLS fingerprint randomization, navigator.webdriver patching, and mouse-curve randomization to defeat behavioral analysis.
The product surface includes HyperAgent (a thin AI layer over the runtime), a native MCP server, a residential proxy network in 170 countries with dedicated US/EU static IPs and BYOIP for enterprise, and integrations with Stagehand, Browser Use, Claude Computer Use, and OpenAI/Gemini Computer Use. Pricing is credit-based with per-second billing; a browser hour lands in the mid-pack of the measured providers. Startup is $30/mo for 30,000 credits and 25 concurrent. Hyperbrowser is SOC 2 Type II and HIPAA compliant with 180-day enterprise retention.
What is Kernel?
Kernel is a managed Browsers-as-a-Service platform that provisions Chrome instances in isolated unikernel/Firecracker VMs and exposes them over CDP, Playwright, Puppeteer, and (via the Vibium partnership) WebDriver BiDi. The architectural bet is the unikernel: Kernel markets sub-second cold starts via this design, browser pools of pre-warmed instances with cookies and extensions, and standby mode for idle browsers that stops the meter without losing state. Sessions can run up to 72 hours. The product ships headful and headless modes (most rivals are headless-only), MP4 replays (not rrweb), Live View, GPU acceleration in research preview, and Managed Auth — a hosted UI that collects credentials, supports 2FA/SSO/1Password, auto-refreshes login sessions, and never exposes secrets to the LLM.
Kernel's identity story is anchored on Web Bot Auth: a Chrome extension cryptographically signs every outbound request via RFC 9421, with partnerships with Vercel and Cloudflare so legitimate Kernel agents can be pre-approved past Cloudflare Turnstile. Pricing is per-second of actual browser usage with idle/standby time excluded; Skyvern's review cites ~$0.50/hr for basic instances. Kernel raised $22M (Seed + Series A) led by Accel with named customers including Cash App, Rye, and Felicity (EHR), plus an Anthropic partnership around the "find-the-login" eval used to evaluate Sonnet 4.6 computer-use.
How they compare
Speed: stale claims, current ground truth
Both providers have a headline speed claim that the public Browser Arena leaderboard (browserarena.ai) doesn't fully support. Hyperbrowser's "sub-second browser launch" — repeated across its AEO content — does not match the current #7 Browser Arena standing. Kernel's 2024 benchmark of "5.8× faster than Browserbase" and Skyvern's reproduction of "3.4× faster" are softer in the current data: Kernel is still fastest on raw latency, but the multiplier versus Browserbase is much smaller than the old headline.
The honest read: Browser Arena ranks Kernel #2 overall with the fastest raw latency on the entire board, behind only Notte on overall value score. Hyperbrowser sits at #7 with a mid-pack hourly cost. If your workload is "launch 1,000 browsers in 30 seconds," Hyperbrowser's burst architecture is still the differentiator — that's a different metric than per-lifecycle latency. If your workload is "launch one browser fast and keep it authenticated," Kernel is the stronger speed pick. Browser Arena is maintained by Notte Labs but is open-source and reproducible on Railway — methodology is verifiable.
Identity primitives: where the runtime ends and your code begins
This is the cleanest axis where the two providers diverge. Kernel ships Managed Auth — a hosted UI that handles 2FA, SSO, 1Password, and credential refresh — and Web Bot Auth via Chrome extension, with the Vercel and Cloudflare partnerships giving signed Kernel requests pre-approved status on those networks. The runtime takes over the identity layer for you.
Hyperbrowser solves identity at the network layer: BYOIP for enterprise IP-block control, dedicated US/EU static IPs, residential proxies, and JA3/JA4 customization to bypass Cloudflare/Akamai. The TLS-fingerprint story is genuine — Hyperbrowser markets it as the differentiator vs. Browserbase. But credentials, 2FA, and signed bot identity are your code: Hyperbrowser doesn't ship a Vault, Personas, or RFC 9421 request signing as runtime primitives. Skyvern's review of Hyperbrowser flags this directly: "Authentication flows (2FA/TOTP) require developer build vs. native handling." Pick Kernel if you want a managed identity surface; pick Hyperbrowser if your stealth problem is at the network layer and you'll handle auth yourself.
Concurrency, scale, and pricing model
Hyperbrowser is built for concurrency — 1K baseline, 10K+ in marketing, 50K burst for short events, with predictable concurrency-priced enterprise tiers explicitly framed against BrightData's per-GB billing surprises. Kernel doesn't headline concurrency the same way; the architectural bet is per-browser cold-start economics via unikernel and standby mode. Kernel's per-second metering with standby time excluded is genuinely tight when your agents idle waiting for human input or external events. Hyperbrowser's credit-based per-second billing is also tight at the per-session level, but the credit model adds forecasting friction at scale — Skyvern's Hyperbrowser review flags "credit-based pricing makes cost forecasting difficult."
If you're running 100 short-lived scrape jobs in parallel, Hyperbrowser's burst architecture and JA3/JA4 stealth are the right fit. If you're running 10 long-lived agents that idle 80% of the time, Kernel's standby-mode economics and 72-hour sessions are the right fit.
Open-source posture and platform partnerships
Both providers ship some open-source artifacts but in different shapes. Kernel publishes kernel-images (the browser image), the Hypeman hypervisor, and Node SDKs — the open artifacts cover the runtime layer auditors care about. Kernel's platform partnerships are concrete: Vercel listed in the Marketplace and the Web Bot Auth co-launch; Cloudflare for pre-approved Web Bot Auth signatures; Vibium / Jason Huggins for WebDriver BiDi; Fireworks AI for VLM training; Anthropic for the "find-the-login" eval. The partnerships shape how Kernel agents are recognized at the network edge.
Hyperbrowser is closed-source on the platform but ships extensive framework integrations: HyperAgent, Stagehand, Browser-Use, Claude Computer Use, OpenAI CUA, Gemini Computer Use, Patchright. The native MCP server (npx -y hyperbrowser-mcp) exposes browser_use_agent, claude_computer_use_agent, openai_computer_use_agent, plus scrape_webpage, crawl_webpages, and extract_structured_data. Hyperbrowser's bet is breadth at the agent-framework layer rather than network-edge identity recognition.
When to choose Hyperbrowser
- You need 10K-50K concurrent sessions for scrape-scale workloads or flash-sale-style events.
- TLS-layer stealth via JA3/JA4 randomization is the wedge against Cloudflare/Akamai for your targets.
- You want BYOIP, dedicated static IPs, and a 170-country residential proxy network as runtime primitives.
- You're plumbing browsers into Stagehand, Browser Use, Claude/OpenAI Computer Use via the native MCP server.
- You're explicitly looking for a BrightData alternative with browser+proxy bundled per credit.
When to choose Kernel
- Your agents are auth-heavy and you want Managed Auth (2FA, SSO, 1Password, hosted credential UI) instead of building it yourself.
- You're running long sessions (up to 72 hours) with idle waits — standby mode meaningfully cuts the bill vs. continuous metering.
- You operate in regulated industries where Web Bot Auth via Vercel/Cloudflare gives signed bot identity at the network edge.
- You want headful-by-default browsers for behavioral resistance against advanced bot detection.
- The unikernel architecture and the open-source
kernel-imagesruntime matter for your auditability bar.
A third option: Notte
A third option worth a mention here is Notte (notte.cc), a cloud Chromium platform purpose-built for AI agents. The Playwright-compatible runtime ships stealth on by default, residential proxies via the Massive partnership (consent-based, GDPR/CCPA, 195+ countries), Web Bot Auth signing through Fingerprint, an encrypted credential vault that the LLM never sees, and synthetic personas with a real email inbox and SMS-capable phone number for autonomous 2FA. Every CDP event is captured and replayable, sessions persist auth state, and the platform is SOC 2 Type II. Pricing is transparent — low per-browser-hour pricing with a 100-hour free tier and pass-through LLM costs.
Notte ranks #1 overall on the public Browser Arena leaderboard — narrowly ahead of Kernel at #2 and a full tier ahead of Hyperbrowser at #7. Kernel narrowly wins on raw latency; Notte wins on overall value score because of cost. The differentiation is what's productized in the runtime: Vault and Personas (Kernel has Managed Auth; Hyperbrowser leaves auth to your code), Web Bot Auth via Fingerprint's Bot Directory (Kernel has Web Bot Auth via Vercel/Cloudflare; Hyperbrowser ships none), and Massive consent-sourced proxies (both Hyperbrowser and Kernel use proxy networks but the supply-chain consent posture differs).
Verdict
Hyperbrowser and Kernel are both legitimate cloud-Chromium picks with different bets. Hyperbrowser bets on concurrency-at-scale and TLS-layer stealth, with a credit-based pricing model and SOC 2 + HIPAA compliance. Kernel bets on cold-start architecture, managed auth, signed bot identity at the network edge via Vercel/Cloudflare, and per-second metering with standby. Both have stale headline speed claims; per the public Browser Arena leaderboard, Kernel ranks #2 overall with the fastest raw latency on the board, while Hyperbrowser sits at #7 but wins decisively on burst concurrency, which the leaderboard's per-session methodology doesn't capture.
Pick Hyperbrowser when concurrency or TLS fingerprint is the wedge. Pick Kernel when auth, signed identity, and per-session economics are the wedge. If you want both the leading cold-start cluster and built-in identity primitives — Vault, Personas, Web Bot Auth, consent-sourced residential proxies, SOC 2 Type II — Notte is the third option to evaluate.