[2512.12594] ceLLMate: Sandboxing Browser AI Agents

Computer Science > Cryptography and Security arXiv:2512.12594 (cs) [Submitted on 14 Dec 2025 (v1), last revised 4 Mar 2026 (this version, v2)] Title:ceLLMate: Sandboxing Browser AI Agents Authors:Luoxi Meng, Henry Feng, Ilia Shumailov, Earlence Fernandes View a PDF of the paper titled ceLLMate: Sandboxing Browser AI Agents, by Luoxi Meng and 3 other authors View PDF HTML (experimental) Abstract:Browser-using agents (BUAs) are an emerging class of AI agents that interact with web browsers in human-like ways, including clicking, scrolling, filling forms, and navigating across pages. While these agents help automate repetitive online tasks, they are vulnerable to prompt injection attacks that trick an agent into performing undesired actions, such as leaking private information or issuing unintended state-changing requests. We propose ceLLMate, a browser-level sandboxing framework that restricts the agent's ambient authority and reduces the blast radius of prompt injections. We address the semantic gap challenge that is fundamental to BUAs -- writing and enforcing security policies for low-level UI tools like clicks and keystrokes is brittle and error-prone. Our core insight is to perform sandboxing at the HTTP layer because all side-effecting UI operations will result in network communication to the website's backend. We implement ceLLMate as an agent-agnostic browser extension and demonstrate how it enables sandboxing policies that block prompt injection attacks in the WASP ...