BrowseSafe addresses the vulnerabilities associated with prompt injection attacks targeting AI browser agents. These agents, integrated into web browsers, interact with online content in real time, which creates new security concerns. The authors conducted a systematic evaluation of detection mechanisms and introduced a benchmark, BrowseSafe-Bench, to help researchers strengthen the security of these systems. Unlike traditional benchmarks that rely on simple prompt injections, BrowseSafe-Bench models more complex and realistic attack scenarios that agents might face in everyday web use. The article breaks down attacks into three dimensions: the attack type, injection strategy, and linguistic style. Attack types range from simple overrides to more sophisticated schemes like social engineering. The injection strategy considers how attackers embed payloads into web content, whether through hidden HTML elements or user-generated comments. Linguistic style varies from explicit commands to stealthy language that mimics legitimate text. This structured approach allows for a better understanding of risk and the development of effective detection models. For training their detection model, the authors built a synthetic dataset that includes realistic HTML templates with injected malicious payloads. They emphasized the importance of including hard negatives—complex benign text that resembles attacks—to prevent models from overfitting on superficial keywords. Their fine-tuned model, based on an efficient Mixture-of-Experts architecture, achieved a high detection performance score (F1 ~0.91) while maintaining low latency, making it suitable for real-time use in browser agents. In contrast, existing models struggled with complexity or required reasoning steps that slowed down the detection process.