Google says Chrome's new AI creates risks only more AI can fix (www.theregister.com)

Google has announced that it will add a second Gemini-based AI model to Chrome to address security risks associated with the initial Gemini integration, which allows the AI to perform agentic actions like interacting with browser controls. Nathan Parker, a Chrome security engineer, highlighted the emerging threat of "indirect prompt injection," where AI could ingest malicious content that prompts it to ignore safety protocols, potentially leading to actions like unauthorized transactions or data breaches. This concern prompted Gartner to advise blocking all AI browsers, but Google aims to enhance user trust in AI by introducing a "User Alignment Critic," designed to review and veto actions that misalign with user intent. This oversight mechanism is part of a broader effort to strengthen Chrome's security, employing techniques like origin isolation to keep agent interactions secure. The User Alignment Critic ensures that AI actions are aligned with user goals and is designed to be resistant to manipulation by malicious content. Google is also enhancing transparency in AI-driven interactions, requiring user confirmations for sensitive tasks. To encourage security research, Google has increased rewards for identifying vulnerabilities in this system, underscoring its commitment to making AI in Chrome both useful and safe while addressing the challenges posed by its capabilities.