Google is introducing in the Chrome browser a new defense layer called 'User Alignment Critic' to protect upcoming agentic AI browsing features powered by Gemini.
Agentic browsing is an emerging mode in which an AI agent is configured to autonomously perform for the user multi-step tasks on the web, including navigating sites, reading their content, clicking buttons, filling forms, and carrying out a sequence of actions.
User Alignment Critic is a separate LLM model isolated from untrusted content that acts as a "high-trust system component."
Gemini is Google’s AI assistant, that can generate text, media, and code. It is used on Android and various Google services, and integrated into Chrome since September.
At the time, Google announced plans to add agentic browsing capabilities in Chrome via Gemini, and now the company is introducing a new security architecture to protect it.
The new architecture, announced by Google engineer Nathan Parker, mitigates the risk of indirect prompt injection, in which malicious page content manipulates AI agents into performing unsafe actions that expose user data or facilitate fraudulent transactions.
Parker explains that the new security system involves a layered defense approach combining deterministic rules, model-level protections, isolation boundaries, and user oversight.
The main pillars of the new architecture are:
User Alignment Critic – A second, isolated Gemini model that cannot be “poisoned” by malicious prompts will vet every action the primary AI agent wants to take by examining metadata and independently evaluating its safety. If the action is deemed risky or irrelevant to the user’s set goal, it orders a retry or hands control back to the user.
User Alignment Critic logic on Chrome
... continue reading