Work Item: AI in the Browser Threat Model

[simoneonofri]

Following the CfC, thanks to @TomCJones we have a Threat Model for AI in the Browser.

We have AI in different scenarios:

• Web API (i.e., Writing Assistance API)
• Browser Level (i.e., Extension)
• Using Agent (i.e., Operator)
• Agentic Web (i.e., via protocols)

The first scenario was already detailed by Tom here.

[TomCJones]

i spent some time reviewing the Chrome Gemini Nano - as a result i decided to rework the model.
I will try to post a new model ASAP - the difference is where the AI engine runs -
Note that copilot from Microsoft can run either inside the browser, or outside.
So both modes need to be addressed. The question is whether that belongs in a single Threat model, or several different one.
The context will be extremely difficult for the user to understand, let alone control.
Here is a revised threat model => AI in a Scripted User Agent2
https://github.com/TomCJones/threat-modeling/tree/main/models

[simoneonofri]

FYI, referenced here https://w3c-cg.github.io/ai-agent-protocol/#security-considerations

[simoneonofri]

Started writing something also an Agentic AI Web Agents Threat Model (presentation, markdown)