Brave Browser is testing agentic AI browsing in its nightly version

[harlan4096]

Brave Browser is the latest to test an agentic AI. The feature is currently in an experimental phase.

Brave says that it is approaching AI browsing cautiously, considering the security risks. The company admits security measures have not been perfected, and warns about indirect prompt injections, i.e. these are malicious instructions that are hidden on web pages, which could trick the AI to transmit sensitive data to the website. Google had recently said that these were the biggest challenges faced by AI-powered browsers, and outlined various safety mechanisms that are in-place for agentic AI in Chrome. The other issue is that AI models need to be restricted from taking actions that the user did not intend.

Brave's agentic AI works in an isolated profile. This uses a separate storage to ensure cookies, caches, logins, etc., from your regular browsing data are protected. When you enable the agentic AI feature, the browser creates a separate profile that is exclusively used for the AI agent.

Brave is using a second model to check the main AI agent's model. It receives the system prompt, the user prompt, and the task model’s response, and then checks if the task model’s instructions match the user’s intention. This guardrail is similar to the method that Google uses for Chrome's agentic AI. The "alignment checker" does not have access to the website and its content, to prevent prompt injections from affecting it. Brave's AI also uses security-aware system instructions: a structured prompt made by the company to encodes policy-based rules that will be updated. Claude's Sonnet hybrid reasoning model for agents is also used in Brave to mitigate prompt injections.

Continue Reading...