Latent Space AI Google Adds Learning-Based Security AI to Chrome
Dec 9, 2025
Discover how Chrome’s new AI system learns to counteract online threats autonomously. The demo showcases its ability to anticipate malicious behavior while maintaining user alignment through innovative models. Explore the browser's capabilities in breaking down complex tasks into manageable steps, alongside strong defenses against prompt injections. Learn about the advantages of preserving user privacy and security in web interactions, and the ongoing collaboration within the industry to enhance AI tools.
AI Snips
Chapters
Transcript
Episode notes
Critic Model Guards Against Prompt Injection
- Google adds a separate critic model (user alignment critique) that evaluates every agent action against the original user goal to prevent prompt injection.
- The critic sees only metadata, not page content, so it can't be tricked by malicious on-page prompts.
Planner + Critic Architecture
- Google pairs planner and critic models so the planner proposes actions and the critic validates alignment before execution.
- The critic only receives the user's goal and planned actions, not screen content, to avoid manipulation.
Origin Sets Limit Data Exposure
- Chrome restricts agent access with agent origin sets that classify readable and writable origins to limit data exposure.
- The browser can block sending data outside readable sets, bounding cross-origin data leak risk.