David Wolf · Portfolio Use Case

AI SECURITY · PRODUCT SECURITY · AI PRODUCT SECURITY

Confidential AI Automation Platform

Browser-Native Agentic AI Security Control Plane

A product-security architecture for governing browser extensions, Tauri sidecars, MITM interception, local AI, schema normalization, agent authority, and audit-ready automation.

Designed a browser-native AI security control plane connecting Chrome extension automation, persistent offscreen workers, WebLLM, Transformers, Rust/WASM engines, Tauri sidecar processing, authorized MITM request/response capture, WebSocket streaming, schema normalization, agent permission boundaries, and audit-ready event trails into a governed product-security architecture.

Confidential AI Automation Platform — Browser-Native Agentic AI Security Control Plane

Client

Confidential / Internal AI Automation Platform

Engagement Type

Consulting / Internal Buildout

Period

2025–2026

Role

AI Product Security Architect / Browser-Native Automation Engineer / Rust-WASM Systems Architect

Focus Areas

AI Product Security, Browser-Native Automation, Agentic Authority Boundaries

The Context

Browser-native AI automation sits at a dangerous intersection: web pages, extension APIs, local models, native sidecars, credentials, application traffic, WebSocket streams, and agents that can act. A pile of capabilities is not a secure product architecture.

The Challenge

The challenge was defining authority. Content scripts should not own persistent workers. Agents should not inherit unlimited tool reach. MITM capture should not be invisible. Local model output should not become action without review. Every boundary needed a control.

What I Did

•Defined a control-plane architecture spanning browser extension surfaces, persistent workers, local model execution, native Tauri sidecar processing, MITM capture, and downstream agent workflows
•Separated content scripts from orchestration authority so page-level scripts could observe and request work without directly controlling persistent workers or privileged automation
•Used persistent offscreen workers to host longer-lived model and automation workloads while respecting Chrome extension lifecycle constraints
•Embedded local inference options such as WebLLM and Transformers where private, browser-local analysis was appropriate
•Used Rust/WASM engines for reusable scoring, extraction, normalization, and matching logic that could run across browser, edge, and native surfaces
•Designed the Tauri sidecar as a native authority boundary for local MITM processing, WebSocket stream handling, LLM chat interception, and schema-normalized event emission
•Implemented or designed typed event envelopes so raw browser, API, WebSocket, and sidecar events could become stable, inspectable records
•Built schema normalization patterns to prevent automation pipelines from depending on brittle scraper output or raw vendor payloads
•Scoped agent permissions around tools, data sources, files, browser APIs, network capture, local storage, and external service actions
•Treated request/response interception and LLM chat capture as sensitive product-security surfaces requiring authorization, locality, secrets handling, and explicit audit trails
•Designed work trails and evidence patterns so agentic actions could be reviewed, scored, traced, and tied back to accepted tasks
•Aligned the control plane with AI product-security themes: prompt injection, excessive agency, context authorization, tool permissions, sensitive data exposure, evaluation, monitoring, and governance evidence

The Outcome

The result was a reusable security architecture for high-authority AI systems operating across browser and native desktop surfaces. It shows how powerful agentic automation can be made inspectable, governable, and useful without pretending the risk disappears.

Concepts

Across Chrome extension runtime, persistent offscreen workers, WebLLM, Transformers, Rust/WASM engines, Tauri sidecar processing, MITM request/response capture, WebSocket listeners, and schema normalization

Around

Explicit authority boundaries between content scripts, workers, local AI, sidecar services, network capture, and downstream agents

For

Audit-ready event trails, typed records, normalized schemas, and reviewable agent actions

Directly

To product-security risks such as prompt injection, excessive agency, tool overreach, credential exposure, data leakage, and unreviewed automation

Key Deliverables

•Browser-native agentic AI control-plane architecture
•Chrome extension authority-boundary model
•Persistent offscreen worker execution model
•Local WebLLM and Transformers execution integration pattern
•Rust/WASM shared engine strategy
•Tauri sidecar authority and MITM-processing model
•Request/response capture governance model
•WebSocket stream processing and event-listener model
•Schema normalization and typed event-envelope strategy
•Agent permission and tool-scope model
•Audit trail and work-evidence model
•Prompt-injection and excessive-agency control framing
•Context authorization and sensitive-data handling model
•Public-safe portfolio case-study JSON

Collaboration

The work bridged browser-extension engineering, Rust/Tauri native architecture, local model integration, MITM processing, schema engineering, agentic workflow design, and AI product-security control thinking. It was designed to make powerful automation reviewable, scoped, and governable.

At a Glance

Company: Confidential / Internal AI Automation Platform
Industry: AI Product Security / Browser Automation / Local AI / Desktop Automation / Data Infrastructure
Engagement Type: Consulting / Internal Buildout
Role: AI Product Security Architect / Browser-Native Automation Engineer / Rust-WASM Systems Architect
Period: 2025–2026
Location: Remote / local-first browser and desktop architecture
Asset Type: Recent consulting and platform security architecture use case
Primary Achievement: Designed a browser-native agentic AI control plane spanning Chrome extension automation, local AI, Rust/WASM engines, Tauri MITM sidecar processing, WSS streams, schema normalization, agent permissions, and audit-ready event trails
Primary Purpose: Show advanced AI product security, agentic authority design, browser/native automation boundaries, schema-normalized telemetry, local AI architecture, and governed automation
Public Handling: Public-safe and generalized

Focus Areas

•AI Product Security
•Browser-Native Automation
•Agentic Authority Boundaries
•Chrome Extension Security
•Tauri Sidecar Security
•Local AI Execution
•Rust/WASM Engines
•MITM Governance
•Request/Response Capture
•WebSocket Streaming
•Schema Normalization
•Typed Event Envelopes
•Agent Permissions
•Prompt Injection Controls
•Excessive Agency Controls
•Context Authorization
•Audit Trails
•Work Evidence

Tools & Technologies

•Chrome Extensions
•Manifest V3
•Offscreen Documents
•Service Workers
•Content Scripts
•Web Workers
•WebLLM
•Transformers.js
•Rust
•WebAssembly
•Tauri
•MITM Proxy
•WebSockets
•WSS
•Request Interception
•Response Interception
•LLM Chat Interception
•Schema Normalization
•Typed Event Envelopes
•IndexedDB
•SQLite
•Git
•Agentic Workflows
•AI Product Security
•Prompt Injection Controls
•Tool Permission Scoping
•Audit Trails

Evidence & Artifacts

•User-provided Chrome extension project context
•User-provided Tauri sidecar project context
•Existing Chrome extension runtime JSON source
•Existing Tauri MITM sidecar JSON source
•Browser-native control-plane narrative
•Agent authority and audit trail narrative
•Public-safe portfolio summary

Public-Safe Caveat

This case study describes confidential consulting and internal platform work in public-safe terms. Client name, repository paths, credentials, private schemas, intercepted service details, raw traffic, internal prompts, and sensitive implementation logic are omitted.

David Wolf · Portfolio Use CaseAI SECURITY · PRODUCT SECURITY · AI PRODUCT SECURITY

Confidential AI Automation Platform

Browser-Native Agentic AI Security Control Plane

A product-security architecture for governing browser extensions, Tauri sidecars, MITM interception, local AI, schema normalization, agent authority, and audit-ready automation.

Client

Confidential / Internal AI Automation Platform

Engagement Type

Consulting / Internal Buildout

Period

2025–2026

Role

AI Product Security Architect / Browser-Native Automation Engineer / Rust-WASM Systems Architect

Focus Areas

AI Product Security, Browser-Native Automation, Agentic Authority Boundaries

The Context

The Challenge

What I Did

•Defined a control-plane architecture spanning browser extension surfaces, persistent workers, local model execution, native Tauri sidecar processing, MITM capture, and downstream agent workflows

•Separated content scripts from orchestration authority so page-level scripts could observe and request work without directly controlling persistent workers or privileged automation

•Used persistent offscreen workers to host longer-lived model and automation workloads while respecting Chrome extension lifecycle constraints

•Embedded local inference options such as WebLLM and Transformers where private, browser-local analysis was appropriate

•Used Rust/WASM engines for reusable scoring, extraction, normalization, and matching logic that could run across browser, edge, and native surfaces

•Designed the Tauri sidecar as a native authority boundary for local MITM processing, WebSocket stream handling, LLM chat interception, and schema-normalized event emission

•Implemented or designed typed event envelopes so raw browser, API, WebSocket, and sidecar events could become stable, inspectable records

•Built schema normalization patterns to prevent automation pipelines from depending on brittle scraper output or raw vendor payloads

•Scoped agent permissions around tools, data sources, files, browser APIs, network capture, local storage, and external service actions

•Treated request/response interception and LLM chat capture as sensitive product-security surfaces requiring authorization, locality, secrets handling, and explicit audit trails

•Designed work trails and evidence patterns so agentic actions could be reviewed, scored, traced, and tied back to accepted tasks

•Aligned the control plane with AI product-security themes: prompt injection, excessive agency, context authorization, tool permissions, sensitive data exposure, evaluation, monitoring, and governance evidence

The Outcome

Concepts

Around

Explicit authority boundaries between content scripts, workers, local AI, sidecar services, network capture, and downstream agents

For

Audit-ready event trails, typed records, normalized schemas, and reviewable agent actions

Directly

To product-security risks such as prompt injection, excessive agency, tool overreach, credential exposure, data leakage, and unreviewed automation

Key Deliverables

•Browser-native agentic AI control-plane architecture

•Chrome extension authority-boundary model

•Persistent offscreen worker execution model

•Local WebLLM and Transformers execution integration pattern

•Rust/WASM shared engine strategy

•Tauri sidecar authority and MITM-processing model

•Request/response capture governance model

•WebSocket stream processing and event-listener model

•Schema normalization and typed event-envelope strategy

•Agent permission and tool-scope model

•Audit trail and work-evidence model

•Prompt-injection and excessive-agency control framing

•Context authorization and sensitive-data handling model

•Public-safe portfolio case-study JSON

Collaboration

At a Glance

CompanyConfidential / Internal AI Automation PlatformIndustryAI Product Security / Browser Automation / Local AI / Desktop Automation / Data InfrastructureEngagement TypeConsulting / Internal BuildoutRoleAI Product Security Architect / Browser-Native Automation Engineer / Rust-WASM Systems ArchitectPeriod2025–2026LocationRemote / local-first browser and desktop architectureAsset TypeRecent consulting and platform security architecture use casePrimary AchievementDesigned a browser-native agentic AI control plane spanning Chrome extension automation, local AI, Rust/WASM engines, Tauri MITM sidecar processing, WSS streams, schema normalization, agent permissions, and audit-ready event trailsPrimary PurposeShow advanced AI product security, agentic authority design, browser/native automation boundaries, schema-normalized telemetry, local AI architecture, and governed automationPublic HandlingPublic-safe and generalized

Focus Areas

•AI Product Security

•Browser-Native Automation

•Agentic Authority Boundaries

•Chrome Extension Security

•Tauri Sidecar Security

•Local AI Execution

•Rust/WASM Engines

•MITM Governance

•Request/Response Capture

•WebSocket Streaming

•Schema Normalization

•Typed Event Envelopes

•Agent Permissions

•Prompt Injection Controls

•Excessive Agency Controls

•Context Authorization

•Audit Trails

•Work Evidence

Tools & Technologies

•Chrome Extensions

•Manifest V3

•Offscreen Documents

•Service Workers

•Content Scripts

•Web Workers

•WebLLM

•Transformers.js

•Rust

•WebAssembly

•Tauri

•MITM Proxy

•WebSockets

•WSS

•Request Interception

•Response Interception

•LLM Chat Interception

•Schema Normalization

•Typed Event Envelopes

•IndexedDB

•SQLite

•Git

•Agentic Workflows

•AI Product Security

•Prompt Injection Controls

•Tool Permission Scoping

•Audit Trails

Evidence & Artifacts

•User-provided Chrome extension project context

•User-provided Tauri sidecar project context

•Existing Chrome extension runtime JSON source

•Existing Tauri MITM sidecar JSON source

•Browser-native control-plane narrative

•Agent authority and audit trail narrative

•Public-safe portfolio summary

Public-Safe Caveat

David Wolf

AI Security · Product Security · Security Leadership

davidwolf.com/resumelinkedin.com/in/davidrwolfdavid@aisecurity.llc

Based on analyzed public signals, not proof of any individual's or company's internal state.

Browser-Native Agentic AI Security Control Plane

A product-security architecture for governing browser extensions, Tauri sidecars, MITM interception, local AI, schema normalization, agent authority, and audit-ready automation.

The Context

The Challenge

What I Did

•Defined a control-plane architecture spanning browser extension surfaces, persistent workers, local model execution, native Tauri sidecar processing, MITM capture, and downstream agent workflows
•Separated content scripts from orchestration authority so page-level scripts could observe and request work without directly controlling persistent workers or privileged automation
•Used persistent offscreen workers to host longer-lived model and automation workloads while respecting Chrome extension lifecycle constraints
•Embedded local inference options such as WebLLM and Transformers where private, browser-local analysis was appropriate
•Used Rust/WASM engines for reusable scoring, extraction, normalization, and matching logic that could run across browser, edge, and native surfaces
•Designed the Tauri sidecar as a native authority boundary for local MITM processing, WebSocket stream handling, LLM chat interception, and schema-normalized event emission
•Implemented or designed typed event envelopes so raw browser, API, WebSocket, and sidecar events could become stable, inspectable records
•Built schema normalization patterns to prevent automation pipelines from depending on brittle scraper output or raw vendor payloads
•Scoped agent permissions around tools, data sources, files, browser APIs, network capture, local storage, and external service actions
•Treated request/response interception and LLM chat capture as sensitive product-security surfaces requiring authorization, locality, secrets handling, and explicit audit trails
•Designed work trails and evidence patterns so agentic actions could be reviewed, scored, traced, and tied back to accepted tasks
•Aligned the control plane with AI product-security themes: prompt injection, excessive agency, context authorization, tool permissions, sensitive data exposure, evaluation, monitoring, and governance evidence

The Outcome

Concepts

Around

Explicit authority boundaries between content scripts, workers, local AI, sidecar services, network capture, and downstream agents

For

Audit-ready event trails, typed records, normalized schemas, and reviewable agent actions

Directly

To product-security risks such as prompt injection, excessive agency, tool overreach, credential exposure, data leakage, and unreviewed automation

Key Deliverables

•Browser-native agentic AI control-plane architecture
•Chrome extension authority-boundary model
•Persistent offscreen worker execution model
•Local WebLLM and Transformers execution integration pattern
•Rust/WASM shared engine strategy
•Tauri sidecar authority and MITM-processing model
•Request/response capture governance model
•WebSocket stream processing and event-listener model
•Schema normalization and typed event-envelope strategy
•Agent permission and tool-scope model
•Audit trail and work-evidence model
•Prompt-injection and excessive-agency control framing
•Context authorization and sensitive-data handling model
•Public-safe portfolio case-study JSON

Collaboration

Browser-Native Agentic AI Security Control Plane

A product-security architecture for governing browser extensions, Tauri sidecars, MITM interception, local AI, schema normalization, agent authority, and audit-ready automation.