Acira
Reference

Agent Security Glossary

A practical glossary for teams securing browser-using agents and evaluating browser agent security tools.

Use this page as a crawlable reference for the terms Acira uses across docs, comparisons, and category pages.

Direct answers

Core terms

Browser agent security: policy control for AI agents that act through a browser. Action mediation: intercepting a proposed browser action before execution. CDP policy enforcement: applying security decisions at the Chrome DevTools Protocol layer.

  • Secret substitution: injecting a credential at use time without revealing it to the model
  • Prompt injection: untrusted content that attempts to change the agent's instructions
  • Human-in-the-loop approval: pausing a sensitive action until a person approves it
  • Tamper-evident audit log: an action record designed to show whether entries changed later

Threat terms

Common risks include credential exfiltration, unsafe purchases, destructive admin actions, cross-domain data movement, download abuse, upload leakage, and script execution outside policy.

Control terms

Common controls include allow, block, redact, substitute, scope, require approval, and log. Acira combines these controls around browser actions.

FAQ

What is action mediation?

Action mediation is the process of intercepting and evaluating a requested agent action before it executes.

What is CDP policy enforcement?

CDP policy enforcement applies decisions at the Chrome DevTools Protocol layer, where browser automation commands are issued.