Vision model
Reads each screenshot and identifies buttons, fields, menus, and current state. Multimodal models fuse image and text in one pass.
Automation — — by Mahmoud Zalt
How AI computer control works under the hood: the perception-action loop, grounding models, sandboxing, and where it beats API automation.
Most automation you ship goes through an API: a documented endpoint, a stable contract, an auth token. That is the path you want whenever it exists, because it is deterministic and cheap to test. AI computer control is what you reach for when no such contract is available: a vendor portal with no public API, an internal tool nobody owns, a desktop accounting package, or a legacy system that predates the idea of integration.
Instead of calling a function, the model operates the interface the way a person would. It reads the rendered screen, decides the next step, moves the cursor, types into a field, and confirms the outcome. Sistava packages this as a hireable AI employee: the control loop, the permission model, and the audit trail are already built, so you describe the workflow instead of wiring up your own driver.
Under the hood, a computer-use agent is a closed control loop. It captures the current screen state, a multimodal model interprets the UI elements, a grounding step turns the chosen intent into precise coordinates, an executor emits the input event, and the loop repeats against the new screenshot. The interesting engineering is not the click. It is the verification between steps and the recovery when the screen does not look like the model expected.
Reads each screenshot and identifies buttons, fields, menus, and current state. Multimodal models fuse image and text in one pass.
Translates an intent like 'click Export' into exact pixel coordinates. This is where most failures happen on dense or shifting UIs.
Emits real mouse moves, clicks, keystrokes, and window focus changes. The layer that actually touches the operating system.
Holds context across steps, tracks the goal, and recovers when a screen does not match the plan, instead of blindly retrying.
Treat each of these as a place reliability can leak. Vision misreads a modal it has not seen. Grounding lands a click two pixels off a small icon. The executor fires before a page finishes loading. Planning loses the thread on a long session and the context window fills with stale screenshots. Production-grade computer control is mostly the discipline of catching these between every action rather than at the end.
Engineers often frame this as a binary, but there are three tools, not two. APIs are deterministic and cheap when the endpoint exists. Classic RPA records a fixed script across a GUI and replays it fast, but it shatters the moment the interface moves. AI computer control reads the screen visually and adapts to layout changes, at the cost of latency and non-determinism. The skill is matching each segment of a workflow to the right one.
| Dimension | Traditional | With Sista |
|---|---|---|
| How it targets UI | Hard-coded selectors and recorded coordinates | Visual reasoning over the rendered screen |
| When the UI changes | Breaks, needs reprogramming | Adapts and re-grounds against the new layout |
| Determinism | High, same path every run | Path chosen at runtime, needs verification |
| Cost per run | Lightweight compute | Model inference per step, higher latency |
| Best fit | Stable, high-volume, structured paths | Variable screens and apps with no API |
Because the execution path is decided at runtime, two identical prompts can take two different routes. That is the core reliability tradeoff, and you engineer around it rather than wish it away. Verify state between actions, constrain the agent to a known set of safe operations, and require human approval before anything destructive: file overwrites, form submissions, payments, or outbound messages.
Isolation is the other half. Computer-use agents should run against a controlled surface, not your production machine with full credentials. Scope permissions per app, capture every screenshot and action to a log, and keep the blast radius small. With Sistava, the desktop companion gives the AI employee a windowed, permissioned view of the machine, so it operates the apps you allow and nothing else, and every step lands in a reviewable activity feed.
That ramp is the same one we walk every technical account through. Start narrow, keep approvals on, verify between steps, expand only after the boring proof. Skip it and the agent does something embarrassing inside a vendor portal at the worst possible time. Follow it and the workflow runs hundreds of times a month with a clean audit trail behind every action.
Computer control on its own is half the architecture. The companion app is the other half: a small local daemon that gives your AI employee a controlled window into the machine, with screen capture, input handling, and per-app permission scopes. Most setup questions are not about which workflow to automate, they are about getting the companion installed, signed in, and trusted by the operating system without handing over the whole device.
Once the companion is trusted, the AI employee can drive desktop apps and browser windows the same way you would, but with a permission boundary and a log around every step. You describe the workflow in plain language, the employee handles the perception-action loop, and you keep the approval switch. That separation, capability behind a permission gate, is what makes computer control safe enough to run unattended on real systems.
A vision model reads the screenshot to identify UI elements, then a grounding step maps the chosen target to pixel coordinates the executor can click. Dense or shifting interfaces are where grounding errors show up, which is why state verification between actions matters.
No. Classic RPA replays a fixed script against the GUI and breaks when the layout changes. Computer control reads the screen visually and adapts, at the cost of latency and non-determinism. Many real workflows use both, plus APIs where they exist.
Always, when a maintained API exposes the exact action you need. APIs are deterministic, fast, and easy to test. Reserve computer control for apps with no API, screens that change often, or work that spans several disconnected tools.
Run it against an isolated, permissioned surface rather than a production machine, scope access per app, verify state between actions, and require human approval before any destructive write or send. Log every screenshot and action for review.
Reliability has climbed fast on public benchmarks but is still below a human on complex novel tasks. The practical path is to pick narrow, repeatable workflows, keep approvals on early, and widen only after a workflow is proven and boring.
With Sistava you do not. You hire an AI employee that already includes the perception-action loop, the desktop companion, per-app permissions, and the action log. You describe the workflow rather than implementing a screen driver.
Computer control is the bridge between the clean API world and the messy reality of how work actually runs. Treat it as one tool in the box, used for the screens nothing else can reach and ignored for everything that already has a stable integration. Pick a narrow workflow, leave approvals on for the first weeks, watch the action log, and you will know quickly whether the unlock is worth the setup. For most teams the answer arrives the first time they watch an employee rename and upload a year of vendor invoices without anyone touching the keyboard.