Google outlines security protections in Chrome's agentic capabilities

[harlan4096]

Google has outlined the security protections that it has implemented for agentic features in Chrome. This is how Gemini will protect itself and you from threats.
In case you missed it, Google started rolling out AI features in Chrome a few months ago, for users in the U.S.

Google highlights that the main threat that agentic browsers are facing is indirect prompt injection. That's basically a hijacked prompt that tricks the AI. Such attacks can occur when a malicious site is visited, or distributed via third-party content in iframes. It could even spread due to fake reviews generated by users. These indirect prompts could result the AI agent to take unwanted actions, which may include financial transactions, or even leaking sensitive data.

In order to combat this, Google says it is preparing a layered defense with deterministic and probabilistic defenses. It says that this will make it harder for attackers to cause harm, and will also be costlier for threat actors.

The first layer is something called, "User Alignment Critic", which is a separate model that is isolated from Gemini's main model. Google describes it as follows, "the User Alignment Critic runs after the planning is complete, to double-check each proposed action". What that means is, the UAC analyzes whether the actions that the agent planned for the requested task, aligns with the user's goal. If the action is misaligned, the UAC will prevent it from executing.  Refer to the flow chart above, that shows the steps involved in the process.

Continue Reading...