BrowseSafe: Stopping Hidden Instructions That Trick AI Web Browsers

Kari Jaaskelainen

26 Nov 2025 — 1 min read

AI assistants are starting to browse the web for us—but webpages can hide sneaky instructions that make them misbehave. This paper maps that threat, called prompt injection, and shows how to defend against it in real-world browsing.

What the researchers did

Built a realistic benchmark of attacks embedded in HTML, with the same clutter and distractions real agents see.
Focused on injections that make agents take actions (not just say odd things), revealing practical risks.
Tested popular defenses across leading AI models to see what actually works.
Proposed a defense-in-depth playbook: architectural guardrails plus model-level checks to keep agents on task.

A practical blueprint for securing AI web agents through layered defenses.

Why it matters: As AI takes on tasks like filling forms, clicking buttons, and handling data, hidden prompts can push it to do harmful things. No single fix stops every attack, but layering defenses makes AI browsing safer today—and more resilient as attacks evolve.

Paper: https://arxiv.org/abs/2511.20597v1

Register: https://www.AiFeta.com

AI cybersecurity webagents security promptinjection browser safety machinelearning infosec

Beyond URLs: Metadata That Makes LLMs Train Faster

Smarter LLMs, Faster—thanks to metadata What if training a large language model didn't just rely on text, but on the context around it? This study shows that adding fine-grained metadata—not just URLs—can meaningfully speed up pretraining and improve quality. * Beyond URLs: detailed quality signals (e.

Escaping the Verifier: Learning to Reason via Demonstrations

LLMs can learn to reason—without task verifiers Many real-world problems don’t have automatic checkers to grade answers, even though we have lots of expert solutions. RARO (Relativistic Adversarial Reasoning Optimization) shows how to train reasoning skills from those examples alone. How it works: * A policy (the model) tries

VacuumVLA: A Two-in-One Robot Hand That Grips and Suctions

Robots guided by Vision-Language-Action (VLA) AI are getting better at everyday tasks—but most still use simple two-finger grippers. That limits them on smooth, flat, or handleless objects. VacuumVLA is a low-cost robot hand that merges a standard two-finger gripper with a vacuum suction cup. The robot can switch between

ChatDRex: No‑Code, Conversational AI for Drug Repurposing

Meet ChatDRex Finding new uses for approved drugs can save years and millions. But making those predictions usually takes teams of specialists and a tangle of tools. ChatDRex changes that. It’s a conversation-based, no‑code, multi‑agent system that lets clinicians and researchers ask complex bioinformatics questions in plain

What the researchers did

Read more

Beyond URLs: Metadata That Makes LLMs Train Faster

Escaping the Verifier: Learning to Reason via Demonstrations

VacuumVLA: A Two-in-One Robot Hand That Grips and Suctions

ChatDRex: No‑Code, Conversational AI for Drug Repurposing