Overview
- Google introduces a User Alignment Critic, an isolated Gemini model that reviews each proposed agent action via metadata and can trigger retries or return control to the user.
- Agent Origin Sets confine what sites an agent can read or write to, while Chrome withholds unrelated iframes and limits clicks or typing to specific elements to reduce cross-site data leakage.
- Chrome will pause on sensitive destinations such as banking or medical portals and request user approval for Password Manager access, purchases, or messages.
- A prompt-injection classifier scans pages for indirect manipulation attempts, with automated red‑team tests running continuously and fixes delivered through Chrome’s auto-update channel.
- Google is offering bounties up to $20,000 for successful attacks on the system and says agentic features previewed in September are slated to roll out in the coming months.