agent-browser-shield June 3 update: 14 new rules and the Chrome Web Store listing

2026-06-03T00:00:00-04:00

Two days after the alpha announcement, agent-browser-shield has a Chrome Web Store listing and 14 new protection rules.

Install from the Chrome Web Store

The extension is live at chromewebstore.google.com/detail/agent-browser-shield. One click instead of unpacked-from-source. The prebuilt ZIP and source-build paths stay for Browserbase and other runtimes that need an unpacked extension.

New rules: handling prompt injection and context pollution in invisible surfaces

A browser-use agent reads surfaces a sighted user never looks at. The new rules close them:

<noscript> blocks (never rendered with JS on, but agents walk them)
Poisoned <meta> description and <title> (the compact "what is this page" answer many agents pull first)
JSON-LD <script> blocks (cited as the "trusted summary" of a page)
aria-label, alt, title, placeholder, and SVG <title> / <desc> / <text> (a11y-tree carriers)
Unicode tag characters, bidi overrides, and zero-width payloads
Long base64 / hex / percent-encoded blobs (the "decode this and follow it" pattern)

New rules: trust laundering

link-spoof-annotate flags Cyrillic homoglyphs and anchors whose visible text doesn't match the href apex. disguised-ad-flag collapses native advertorials (Sponsored / Paid Post) that share DOM shape with editorial. trust-badge-annotate and schema-trust-sanitize ship off by default while we assess their false-positive rates.

The daily-driver surprise

I've started running it on my own daily-driver browser, not just agent runs. There have been some funny quirks (e.g., flagging GitHub issue links with ".md" in the link text as suspicious and hiding the GitHub issue template modal). However, overall it's been a positive on my browsing experience. So, we'll be experimenting with making more annotations visible to humans and multi-modal LLMs.

⭐ https://github.com/pixiebrix/agent-browser-shield

Introducing agent-browser-shield (alpha): keeping AI agents safe in the browser

2026-06-01T00:00:00-04:00

There are 6 billion internet users. With AI agents, we're quickly heading to 60 to 600 billion "users" of the web.

How do we keep all those agents safe when they touch the browser?

At PixieBrix, we've spent years protecting BPO contact centers from insider risk, fraud, and social engineering in the browser.

Today, we're applying that defense to AI agents and making a free, source-available, browser extension available (on GitHub and ClawHub).

Your AI agent that lands on a fresh page is one prompt injection away from leaking credentials, one dark pattern away from buying the wrong thing, and one fake review away from a bad recommendation.

Agent Browser Shield sits between the browser and the agent. It blocks:

Prompt injection: visible or hidden instructions in page content
Dark patterns: manipulative UI designed to trick/coerce
Context pollution: low-value context that impairs instruction following

A useful side effect: stripping irrelevant content also cuts token burn.

Come join us on our mission. File issues, send PRs, or just tell me what you hate/love!

The threat surface for agentic browsing is evolving fast. Let's defend our AI assistants together!