Google first unveiled agentic features in the Chrome browser in September.
Google Chrome’s agentic feature lets it make appointments and order products online
Photo Credit: Unsplash/@firmbee
Google, on Monday, shared the safety measures it is implementing to protect users and their data from bad actors while they use the agentic features in Google Chrome. These agentic features were added to the browser recently, and has not been widely rolled out yet. However, in recent times, several experts have raised concerns over the vulnerabilities in the operation of artificial intelligence (AI) agents in online environments. The Mountain View-based tech giant has now shared its multi-layer security architecture that will help mitigate any prompt injection or other forms of cyberattacks.
In a blog post, the tech giant introduced several new safety measures for Google Chrome, such as user alignment critic, improved origin-isolation capabilities, user confirmations, and real-time detection of threats. These separate layers are mainly to safeguar the AI agents from indirect prompt injections, where malicious content in websites or third-party iframes could trick the AI agent into unwanted actions.
One of the core component is the user alignment critic, a separate AI model isolated from untrusted content. This critic reviews every planned agent action and checks if it matches the user's original intent before allowing it to proceed. Only metadata about the proposed action is exposed to the critic, not the full untrusted web content, helping prevent content-based prompt hijacking.
Another measure is enhanced origin isolation. The agent's interactions are constrained to specific web origins relevant to the user's task. This limits the scope in which a compromised or malicious site can influence agentic operations, ensuring that the end user's data on the device is protected from any origin-based attacks.
For critical steps, such as filling out forms, submitting payments or handling sensitive data, the system automatically triggers user confirmation prompts. This layer was added so that even if an agent suggests a high-impact action, the final approval rests with the user. Additionally, real-time threat detection and red-teaming exercises (using ethical hackers to identify vulnerabilities in the system) are also implemented by Google to continuously test and refine the safety guardrails.
The company says these safety layers build on prior security and privacy work in Chrome and are meant to adapt the browser for a new “agentic web” era, where AI agents are first-class participants rather than passive assistants.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.