Key Points:
- Microsoft has launched a Preview of Actions in Edge, an experimental feature that uses modern Computer-Using Agent (CUA) models to complete tasks for users in their browsers.
- The feature introduces new potential attack vectors, and Microsoft is working to develop and test new approaches to mitigate these risks with the help of the AI and security research community.
- Users of Actions in Edge are advised to carefully review the risks and warnings in Edge before enabling the feature and to be vigilant when browsing the web with it enabled.
Microsoft has announced the launch of Actions in Edge, a new experimental feature that allows users to complete tasks in their browsers using modern CUA models. This feature is available for testing and research purposes, and Microsoft is excited about the possibilities it brings. However, the company also acknowledges that this new technology introduces new potential attack vectors that need to be addressed.
The main concern is prompt injection attacks, which have been a problem for AI chatbots since their inception. These attacks can be used to steal users’ data or perform unintended transactions on their behalf. Microsoft’s security teams, as well as other researchers, have already published proof-of-concept exploits that demonstrate the risks associated with agentic browsers.
To protect users, Microsoft is implementing a defense-in-depth approach, which includes assuming that any input from an untrusted source may contain unsafe instructions, detecting deviations from the task, and limiting access to sensitive data or dangerous actions. The company has also implemented top-level site blocks to avoid known or risky sites and is using Microsoft Defender SmartScreen to detect and protect users from scams, phishing, or malware.
Additionally, Microsoft is testing new mitigations, such as Azure Prompt Shields, which analyze whether data is malicious, and Spotlighting, a technique that separates user instructions from grounding content to better ignore injected commands. The company is also working on real-time SmartScreen blocks and global blocklist updates to respond to novel attacks quickly.
Microsoft is also adding checks to detect hidden instructions, task drift, and suspicious context, and to ask for confirmation when risk is higher. The company is also integrating Task Tracker, a novel technique that monitors activation deltas to detect when the model drifts from the user’s original intent.
To mitigate the impact of any bypasses, Microsoft has limited the model’s access to sensitive data or dangerous actions. This includes disabling the ability for the model to use form fill data, including passwords, and restricting interactions with certain pages, external app launches, and downloads.
As Microsoft tests and evaluates the Actions in Edge feature, the company will work to close off additional avenues of potential risk and make the experience safer and more useful for users. The company is encouraging users to provide feedback and share their experiences with the feature to help improve its security and functionality.
Read the rest: Source Link
You might also like: Try AutoCAD 2026 for Windows, best free FTP Clients on Windows & browse the best Surface Laptops to buy.
Remember to like our facebook and our twitter @WindowsMode for a chance to win a free Surface every month.
Discover more from Windows Mode
Subscribe to get the latest posts sent to your email.
