Paper Detail

The Cognitive Firewall:Securing Browser Based AI Agents Against Indirect Prompt Injection Via Hybrid Edge Cloud Defense

Qianlong Lan, Anuj Kaul

Browse

Workflow Queues

arxiv Score 12.8

Published 2026-03-24 · First seen 2026-03-27

Research Track B · General AI

Open paper source

Abstract

Deploying large language models (LLMs) as autonomous browser agents exposes a significant attack surface in the form of Indirect Prompt Injection (IPI). Cloud-based defenses can provide strong semantic analysis, but they introduce latency and raise privacy concerns. We present the Cognitive Firewall, a three-stage split-compute architecture that distributes security checks across the client and the cloud. The system consists of a local visual Sentinel, a cloud-based Deep Planner, and a deterministic Guard that enforces execution-time policies. Across 1,000 adversarial samples, edge-only defenses fail to detect 86.9% of semantic attacks. In contrast, the full hybrid architecture reduces the overall attack success rate (ASR) to below 1% (0.88% under static evaluation and 0.67% under adaptive evaluation), while maintaining deterministic constraints on side-effecting actions. By filtering presentation-layer attacks locally, the system avoids unnecessary cloud inference and achieves an approximately 17,000x latency advantage over cloud-only baselines. These results indicate that deterministic enforcement at the execution boundary can complement probabilistic language models, and that split-compute provides a practical foundation for securing interactive LLM agents.

Workflow Status

Review status
pending
Role
unreviewed
Read priority
now
Vote
Not set.
Saved
no
Collections
Not filed yet.
Next action
Not filled yet.

Reading Brief

No structured notes yet. Add `summary_sections`, `why_relevant`, `claim_impact`, or `next_action` in `papers.jsonl` to enrich this view.

Why It Surfaced

No ranking explanation is available yet.

Tags

No tags.

Similar Papers

AI Planning Framework for LLM-Based Web Agents 2026-03-13 · Score 21.5 Research Track B · General AI IntentWeave: A Progressive Entry Ladder for Multi-Surface Browser Agents in Cloud Portals 2026-03-24 · Score 12.0 Research Track B · General AI Privacy Practices of Browser Agents 2025-12-08 · Score 10.8 Research Track B · General AI In-Browser Agents for Search Assistance 2026-01-14 · Score 11.0 Research Track B · General AI ContractSkill: Repairable Contract-Based Skills for Multimodal Web Agents 2026-03-20 · Score 29.4 Research Track B · General AI

BibTeX

@article{lan2026cognitive,
  title = {The Cognitive Firewall:Securing Browser Based AI Agents Against Indirect Prompt Injection Via Hybrid Edge Cloud Defense},
  author = {Qianlong Lan and Anuj Kaul},
  year = {2026},
  abstract = {Deploying large language models (LLMs) as autonomous browser agents exposes a significant attack surface in the form of Indirect Prompt Injection (IPI). Cloud-based defenses can provide strong semantic analysis, but they introduce latency and raise privacy concerns. We present the Cognitive Firewall, a three-stage split-compute architecture that distributes security checks across the client and the cloud. The system consists of a local visual Sentinel, a cloud-based Deep Planner, and a determini},
  url = {https://arxiv.org/abs/2603.23791},
  keywords = {cs.CR, cs.AI},
  eprint = {2603.23791},
  archiveprefix = {arXiv},
}

Metadata

{}