Google has recently announced the implementation of a comprehensive security protection framework for its upcoming "agent-based" features in the Chrome browser, which are powered by the Gemini model. These features, slated for a phased rollout to users over the coming months, will incorporate multiple technical safeguards to mitigate data and financial risks in scenarios such as automated ticket booking and online shopping.

The core security mechanisms of this framework include:

1. User Intent Alignment Monitoring: A "User Alignment Auditor" will be introduced to continuously verify whether agent actions align with user intentions. In cases where operations deviate from the set goal, the model will be required to recalibrate its strategy. The audit process will rely solely on operational metadata, ensuring privacy by avoiding the collection of complete webpage content.
2. Source Partitioning via Agent Origin Sets: The "Agent Origin Sets" mechanism will strictly regulate the website sources accessible by agents. For instance, agents will be permitted to read only product listings on e-commerce platforms, excluding advertising content. Additionally, agent operations will be confined to specific iframe regions to minimize cross-origin data leakage risks.
3. Navigation Behavior Monitoring: Observation models will be employed to track agent page navigation patterns and block URLs that pose potential risks.
4. User Authorization for Sensitive Sites: When accessing sensitive websites, such as banking or medical services, Chrome will display a pop-up window to confirm user authorization. The agent model will not directly handle password data, ensuring an additional layer of security.
5. Explicit User Confirmation for High-Risk Actions: Highly sensitive operations, such as payments and information submissions, will require explicit user confirmation. Agents will not have the authority to execute these actions autonomously.
6. Malicious Instruction Detection: Prompt injection classifiers will be deployed to identify and block malicious instructions. The security of agent features will also undergo continuous testing through attack samples to ensure robustness.