""We're introducing a user alignment critic where the agent's actions are vetted by a separate model that is isolated from untrusted content," the company said in a blog post about the addition. If the critic determines an action doesn't match what the user asked for, it blocks the action, Google said. "The primary new threat facing all agentic browsers is indirect prompt injection," Chrome security engineer Nathan Parker wrote in the post, describing a situation where an agent is prompted to process information that then seeks to modify the initial prompt."
"The Gemini-powered browsing agent, launched in September and currently in preview, can navigate websites, click buttons, and fill forms while users are logged into email, banking, and corporate systems. Malicious instructions hidden in web pages, iframes, or user-generated content could "cause the agent to take unwanted actions such as initiating financial transactions or exfiltrating sensitive data," Parker wrote. That's where the user alignment critic comes in: The second model reviews each proposed action before Chrome executes it, acting as what Parker called "a powerful, extra layer of defense against both goal-hijacking and data exfiltration.""
Google deployed a separate user alignment critic model isolated from untrusted content to review and block proposed actions by the Gemini-powered Chrome browsing agent when actions do not match user intent. The browsing agent can navigate sites, click buttons, and fill forms while users are logged into email, banking, and corporate systems, creating risk that malicious web content could cause unwanted actions or exfiltrate sensitive data. Prompt injection has emerged as a top AI vulnerability, appearing in a large share of deployments, and authorities warn such attacks may never be fully mitigated. The critic aims to provide an extra defense against goal-hijacking and data exfiltration.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]