Hard Fork AI Google Rolls Out AI System That Handles Threats Instantly
8 snips
Dec 9, 2025 Discover how Chrome's latest AI security system tackles online threats instantly, transforming user experience. The discussion reveals why browsers are prime hosts for AI agents and how Google's innovative critic aligns actions with user goals. Learn about the design features that minimize risks like prompt injection and the intriguing decision for agents to ignore ads. Delve into the balance of user permissions for sensitive sites and the impact of ongoing defenses in the industry. It's a fascinating look at the future of safe browsing!
AI Snips
Chapters
Transcript
Episode notes
Metadata Critic Guards Agent Actions
- Google uses a separate critique model (Gemini) to verify each agent action against the user's original goal.
- The critic sees only metadata, not page content, to avoid prompt-injection attacks and enforce alignment.
Planner‑Critic Loop Enforces Alignment
- The critic model checks planned steps against the original goal and requests replanning if misaligned.
- This loop reduces the chance an agent follows malicious or irrelevant instructions during execution.
Origin Sets Limit Data Exposure
- Chrome restricts which origins an agent can read from or write to using agent origin sets to limit cross-origin data leaks.
- The browser can withhold model access to data outside the readable set and block interactions with disallowed frames.