Perplexity launches BrowseSafe benchmark for safer AI browsing
Perplexity releases BrowseSafe detection model and benchmark to protect AI agents from malicious web content.
Perplexity has released BrowseSafe, an open research benchmark and content detection model designed to identify malicious instructions in web pages and protect AI agents and users as they navigate the browser, the company said in a statement.
The launch targets security risks arising as AI assistants move from traditional search interfaces into browsers that execute tasks on users’ behalf.
BrowseSafe is a fine-tuned detection model that answers a single question: whether a page’s HTML contains malicious instructions aimed at the agent, allowing full-page scanning in real time without slowing the browser, according to the statement.
Perplexity is also releasing BrowseSafe‑Bench, an evaluation suite with 14,719 examples that resemble production pages, mixing complex HTML, noisy content, and both malicious and benign samples across 11 attack types, nine injection strategies and three linguistic styles.
In Perplexity’s threat model, the assistant runs in a trusted environment while all web content is treated as untrusted, so tools that return pages, emails or files are flagged and their raw outputs are always scanned by BrowseSafe before the agent can use them.
“BrowseSafe is one layer in a broader defence approach,” with raw content scanning, default-limited tool permissions and user confirmation for sensitive actions forming a defence-in-depth strategy on top of existing browser security features, the company said.
Perplexity said BrowseSafe and BrowseSafe‑Bench are fully open source, with an open-weight model that runs locally and can scan every page without slowing users, and a benchmark of more than 14,000 real-world attack scenarios that developers can use to stress-test their own systems against prompt injection and other browser-based threats.
The recap
- Perplexity releases BrowseSafe detection model for browser-based AI agents.
- BrowseSafe‑Bench benchmark includes 14,719 examples and 11 attack types.
- Tools returning untrusted content are scanned before agents can use them.
