- Google strengthens Chrome against indirect, rapid injection attacks with new defenses
- Features: User Alignment Critic & Agent Origin Sets for safer agent actions
- Agents now log activity and seek authorization before accessing sensitive websites
Google is adding new defenses to the Chrome browser to ensure that its agent properties cannot be abused through indirect prompt injection.
Indirect prompt injection is a type of attack where the AI agent reads third-party content (eg an incoming email) and executes it.
An example would be a prompt to perform a crypto transaction from a browser wallet plugin written into an email. The text is in white color and font size 0, so the victim can’t see it, but if they run the email through the AI for some reason, the agent can respond to the prompt.
User tuning critic and agent origin set
To ensure this doesn’t happen, Google has now introduced additional layers of security, including User Alignment Critic and Agent Origin Sets. User Alignment Critic is a feature that monitors agent actions in an environment isolated from untrusted content.
“The customization critic runs after planning is complete to double-check each suggested action,” Google explained.
“The primary focus is task alignment: determining whether the proposed action serves the user’s stated goals. If the action is misaligned, the alignment critic will veto it. This component is designed to see only metadata about the proposed action and not any unfiltered untrusted web content, ensuring that it can’t be poisoned directly from the web, but it also has less context or a simple app. an action.”
Agent Origin Sets, on the other hand, ensure that the agent can only access data from origins that are related to the task it is currently working on or data that the user has chosen to share with the agent. “This prevents a compromised agent from acting arbitrarily on unrelated origins,” Google added. “For each task on the web, a reliable gating function determines which origins suggested by the scheduler are relevant to the task. The design is to separate these into two sets that are tracked for each session.”
Finally, agents are now also allowed to create a worklog for user observability and will request explicit authorization before navigating to sensitive sites such as banking or healthcare portals.
Via The Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
