As technology companies compete to include AI browsers in their products, warnings about new security risks are becoming increasingly worrying.
indirect reminders, where hackers hide malicious instructions on the website to control AI to take illegal actions, are seen as a rapidly emerging threat. In response, Google has announced a new step to protect Chrome users.
Recently, Google announced that they are upgrading Chrome with a special layer of security, notably a large independent language model called user Alignment Critic.
This model works completely separate from unreliable web content and is responsible for checking all actions suggested by the AI browser.
If any unusual signs are detected, the model will immediately rule out and request an adjustment. This is considered the first shield against the risk of AI being deceived by sophisticated input commands.
This move comes as Chrome is testing the integration of AI-enabled features, after Google added the Gemini chatbot to the US users' browser.
In addition to the monitoring AI layer, Google also deploys origin isolation capabilities (origin isolation), limiting the range of AI agents' interaction to pages directly related to tasks or on the list of users allowing them.
Google said the new defense layer follows a multi-layered strategy, including: manual confirmation requirements for users in sensitive operations, real-time threat detection systems, and simulated attack infrastructure to continuously test the browser's resilience.
In addition, Chrome will operate a prompt classifier to scan the entire open website to detect the risk of indirect attacks.
These updates come from recent studies that show the dangers of indirect command-line attacks.
Previously, Brave security experts discovered a vulnerability in Perplexity's Comet actor, allowing hackers to take over AI browsers and access sensitive data such as emails or bank information.
Even Antigravity, Google's new AI player development platform, was discovered to be vulnerable to this type of attack.
According to Google, Chrome's new defense layer includes three main components: user Alignment Critic, limited source gathering, and user monitoring and control system
These three mechanisms work with the goal of minimizing the likelihood of AI actors being controlled through iframe or websites containing malicious code that hides commands, causing illegal transactions or data theft.
To encourage the community to participate in strengthening the safety of the AI ecosystem, Google also announced a reward of up to 20,000 USD for findings of vulnerabilities related to Chrome's new layer of security.
The tech giant affirms that the security of AI agents is a top priority, as potential risks can create a completely new generation of cyber attacks.
