To be useful, an AI often has to read a webpage for you. The moment you
let it fetch a URL, you have handed it a loaded gun. So we read the
dangerous page the way a scientist handles a virus. Inside a glovebox.
Hands go in, the threat never gets out.
A malicious link wants to turn your assistant against your own network.
It points the fetch back at your router, your files, your internal
company systems. Security people call this SSRF, and it is one of the
nastier web attacks. Secure Fetch is built so that even a page actively
trying it has nowhere to go.
The part that touches the open internet is caged. The part that reads
the page is sealed off from the internet entirely. And nothing read off
the web walks in trusted. It gets screened first.
- 01 // CAGE
The fetcher that touches the internet is caged. SSRF-hardened, it
owns all egress and physically cannot reach your private network.
- 02 // SEAL
The content is read in a sealed sidecar with no internet at all, not
even DNS. A booby-trapped page has nothing to phone home to.
- 03 // UNTRUSTED
Output is treated as untrusted by default. Guilty until proven
innocent, never auto-promoted into trusted memory.