Google Offers $20K Bounty for Chrome AI Security Breach

Google is offering serious money to prove their new defenses work.
The tech giant rolled out security layers for Chrome’s AI agents, complete with a bounty program offering up to $20,000 for anyone who can breach their new protections.
Chrome’s new AI agents can browse websites, make purchases, and access your most sensitive data — all while potentially being manipulated by hidden malicious instructions embedded in web pages.
These “indirect prompt injection” attacks could trick AI into unauthorized financial transactions or steal private information from logged-in accounts.
Google’s response? An unprecedented multi-layered defense system that reads like something from a cybersecurity thriller.
AI referee that never sleeps
Google’s ingenious solution sounds almost too clever to be real: they’ve created an AI watchdog to monitor their main AI. The “User Alignment Critic” operates as a completely separate Gemini model that scrutinizes every action the primary AI agent plans to take. This digital referee remains isolated from potentially dangerous web content, seeing only metadata about proposed actions rather than the actual web pages that might contain hidden threats.
The system works like having a security guard who never gets distracted. After Chrome’s AI agent decides what to do, the Alignment Critic steps in to ask the crucial question: does this action actually serve what the user wanted? If something seems off, the critic can veto the action entirely and force the planning model to reconsider. It’s essentially AI-powered paranoia – and that might be exactly what we need.
Beyond this digital oversight, Google has also implemented “Agent Origin Sets” that create rigid digital boundaries around what websites and data the AI can access. Think of it as a sophisticated bouncer system that categorizes websites into read-only and interactive zones, preventing a compromised agent from going on a digital rampage.
Human permission protocol
Perhaps the most reassuring aspect of Google’s new system is how it handles the scary stuff — your money and private data. The AI agents now pause and explicitly ask permission before attempting financial transactions, accessing banking sites, or using stored passwords. This isn’t just a courtesy check — it’s a hard stop that requires human approval.
The permission system extends beyond just payments. Chrome’s AI will now request user approval before navigating to sensitive sites, sending messages, or performing any “consequential actions.” Google emphasizes that the AI models never directly access password data — they must ask Chrome’s password manager to handle authentication, adding another layer of protection.
Even more sophisticated is the real-time threat detection running behind the scenes. Google deployed automated red-teaming systems that continuously generate test attacks to probe for weaknesses. A prompt-injection classifier runs parallel to the main AI, ready to block actions if it detects content designed to manipulate the system away from what users actually want.
Bounty reveals the real stakes
The fact that Google is offering substantial bounties for security breaches tells us everything about how seriously they’re taking this threat. This isn’t just about protecting Chrome — it’s about the entire future of AI agents in browsers. Research from Gartner warns enterprises to block agentic AI browsers entirely until risks like prompt injections are properly managed.
The U.S. National Cyber Security Centre has acknowledged that large language models may suffer from prompt injection vulnerabilities that can never be entirely resolved. That sobering reality makes Google’s layered defense approach not just smart, but essential for the technology’s survival in the marketplace.
Google’s new security architecture represents more than just protective measures — it’s a blueprint for how AI agents might safely operate in an increasingly dangerous digital landscape. With Chrome potentially competing against AI browsing tools like Perplexity Comet and ChatGPT Atlas, security becomes a major differentiator rather than just a feature. The company that gets AI agent security right first could dominate the next phase of web browsing entirely.
Google is gearing up to slip a new kind of superpower onto your face next year: AI-powered glasses built around its Gemini platform and Android XR.
The post Google Offers $20K Bounty for Chrome AI Security Breach appeared first on eWEEK.