Manus

Chat

Butterfly Effect

Product overview

Name of Agent: Manus

Short description of agent: "Manus is the action engine that goes beyond answers to execute tasks, automate workflows, and extend your human reach." source HTML description (link, archived)

Date of release: 06/03/2025 (link, archived)

Advertised use: Market research (analyzed 100 sneaker models with pricing, features, reviews, and positioning), Academic research (researched 250 AI researchers from NeurIPS 2024 with publications and citations), Event management (generated 100 personalized invitation posters and landing pages), Competitive intelligence (comprehensive company profiles with founders, funding, and growth metrics), Creative production (generated 20 unique high-quality images with consistent concept), Data processing (extracted 2,000 company profiles from foreign language directory). Summarised (link, archived)

Monetisation/Usage price: 20, agent mode, wide research (link, archived) (40, , archived) 200, higher rate limits (link, archived)

Who is using it?: end users, team plan

Website: (https://manus.im/, archived)

Category: Chat

Company & accountability

Developer: Butterfly Effect

Name of legal entity: Butterfly Effect Pte. Ltd. (link, archived)

Place of legal incorporation: Cayman Islands (link, archived)

For profit company?: Yes

Parent company?: Meta (link, archived)

Governance documents analysis: ToU (link, archived), Safety and Content Policy (link, archived)

AI safety/trust framework: Transparency Hub (link, archived)

Compliance with existing standards: SOC 2 Type II SOC 2 Type I GDPR ISO 27701 ISO 27001 (link, archived)

Technical capabilities & system architecture

Model specifications: This blog (link, archived) would suggest they depend on external models from providers such as OpenAI, Anthropic, and Google.

Documention: (https://manus.im/docs/introduction/welcome, archived)

Observation space: User input (including files), and an extensive system of tools, including internet access (more details (here, archived).) Manus operates in a full VM and thus can execute code and observe the results.

Action space: Has access to sandboxed full VM, and a large array of tools

Memory architecture: A file system and other complex methods to manage context (link, archived).

User interface and interaction design: Chatbot, similar to a standard deep research chatbot

User roles: Operator, Executor, Examiner

Component accessibility: Closed source

Autonomy & control

Autonomy level and planning depth: L3: consults user preferences at certain points in the workflow before continuing (see screenshot in Annotation Resources)

User approval requirements for different decision types: User can offer text-based feedback in response to agent's questions

Execution monitoring, traces, and transparency: Visible CoT and plan, along with clickable actions pills to further learn about what the agent did/viewed. Plan cannot be edited

Emergency stop and shut down mechanisms and user control: User can pause/stop the agent at any time

Usage monitoring and statistics and patterns: Usage tab has information about credits etc.

Ecosystem interaction

Identify to humans?: Manus AI may "contain a "Made with Manus" watermark or other forms of identification, but without watermark on all paid plans (link, archived)

Identifies technically?: None found for cloud browser. For local browser operator: "Manus runs directly within your browser context. Since the operation originates from your trusted local environment and IP", the user’s local IP and browser context appears as its network identity. (link, archived)

Interoperability standards and integrations: Manus AI supports the Model Context Protocol (MCP) via “MCP connectors,” allowing Manus to connect to MCP servers for structured data access and (when supported) actions in connected tools (link, archived)

Web conduct: None found, but security testing by hCaptcha suggests that Manus exploits information in robots.txt (link, archived)

Safety, evaluation & impact

Technical guardrails and safety measures: None found

Sandboxing and containment approaches: None found

What types of risks were evaluated?: None found

(Internal) safety evaluations and results: None found

Third-party testing, audits, and red-teaming: None found

Benchmark performance and demonstrated capabilities: None found

Bug bounty programmes and vulnerability disclosure: None found (though there is an official Reddit thread (link))

Any known incidents?: None found

← Back to 2025 Index