Google outlines Chrome's multi-layered security for agentic AI

• Google outlined a multilayered security system for Chrome's upcoming agentic features to manage risks and align automated actions with user intent.
• A User Alignment Critic, powered by Gemini, reviews proposed actions using metadata to ensure they match user goals, prompting revisions if needed.
• Agent Origin Sets strictly limit what the agent can read (read-only) and where it can act (read-write), preventing cross-origin data leakage.
• An observer model evaluates URLs to prevent navigation to harmful sites, and sensitive tasks like banking or purchases require explicit user permission.
• Chrome includes a prompt-injection classifier to block manipulation attempts and is actively tested against attack scenarios.

Why It Matters: Google details Chrome's AI security to protect users from automated task risks.