Firefox Adds Centralized Controls and a Kill Switch for Built-in GenAI Features
Mozilla is adding new desktop-browser controls in Firefox 148 that let users manage or fully disable built-in generative AI features, including a single “Block AI enhancements” toggle designed to turn off current and future AI capabilities in one action. When enabled, the toggle is intended to suppress AI-related prompts and notifications and prevent exposure of AI features in the UI, addressing privacy and security concerns from users and organizations that want to reduce potential attack surface introduced by AI-driven functionality.
The per-feature controls allow users to independently enable/disable specific AI functions, including page translation, automatic alt-text generation for images in PDFs, AI-assisted tab grouping, and link previews that summarize destination pages before navigation. Firefox also includes an AI chatbot sidebar that can integrate with multiple third-party models/services (e.g., Anthropic Claude, ChatGPT, Microsoft Copilot, Google Gemini, and others), with the centralized kill switch providing an organization-friendly way to opt out of these capabilities entirely.
Sources
Related Stories
AI Feature Rollouts and Data-Handling Risks in Consumer and Developer Tools
Mozilla said an upcoming *Firefox* release will add centralized controls to disable generative-AI capabilities, including a single **“Block AI enhancements”** toggle intended to prevent current and future AI features (and related prompts) from being enabled in the desktop browser. The controls are expected to allow per-feature management of AI functions such as translations, PDF image alt-text generation, AI-assisted tab grouping, link previews, and sidebar chatbot access. Separately, OpenAI announced product changes around its developer and ChatGPT ecosystems, including a Mac-only *Codex* app positioned as a multi-agent “command center” with sandboxing intended to limit file writes and network access, and plans to retire **GPT-4o** and several other ChatGPT models as usage shifts to **GPT-5.2**. In parallel, a security warning highlighted a report alleging two widely used AI coding assistants were **exfiltrating all ingested code to China**, underscoring the need for enterprise controls over AI developer tools, data residency, and code/IP handling.
1 months ago
Browser Privacy Controls and the Effectiveness of Ad Blocking Under Chrome Manifest v3
Mozilla is preparing to ship new **AI privacy controls** in *Firefox 148*, including a dedicated settings section and a **global “kill switch”** (`Block AI enhancements`) intended to disable all current and future browser AI features at once. The change is positioned as a way to reduce unwanted AI prompts and to prevent AI-related data sharing via external processing/API calls; the controls are being tested in *Firefox Nightly* with feedback solicited via Mozilla’s community channels. Separately, academic researchers reported that Google Chrome’s **Manifest v3 (MV3)** extension architecture does not materially degrade ad-blocking and anti-tracking effectiveness compared with **Manifest v2 (MV2)**, based on a study published in *Proceedings on Privacy Enhancing Technologies (PoPETs)*. The work evaluates the practical impact of MV3’s shift away from the blocking (synchronous) `chrome.webRequest` API toward the more constrained `chrome.declarativeNetRequest` model, concluding there was **no statistically significant reduction** in blocking performance and, in some cases, slight improvements in tracker blocking.
1 months ago
OpenAI Adds ChatGPT Lockdown Mode and Elevated Risk Labels to Reduce Prompt-Injection Exfiltration
OpenAI introduced **Lockdown Mode** and **Elevated Risk** labels in *ChatGPT* to reduce exposure to **prompt injection** and related data-exfiltration risks when AI features interact with external systems. Lockdown Mode is positioned as an optional, advanced setting for higher-risk users and environments (notably *ChatGPT Enterprise*, *Edu*, *for Healthcare*, and *for Teachers*) that restricts tool access and limits how ChatGPT can reach outside systems; reported controls include disabling or constraining capabilities attackers could abuse via conversations or connected apps, and limiting browsing so that no live network requests leave OpenAI-controlled infrastructure (with browsing constrained to cached content). Admins can enable the setting via workspace controls and apply additional restrictions through dedicated roles, while Elevated Risk labels provide in-product warnings and guidance for features that increase risk when connecting to apps or the web, including across *ChatGPT*, *ChatGPT Atlas*, and *Codex*. Separate research highlighted how AI assistants with web-browsing/URL-fetching features can be abused as stealthy **command-and-control (C2) relays**, demonstrating a technique against **Microsoft Copilot** and **xAI Grok** that tunnels operator commands and victim data through legitimate AI web interfaces and can work without an API key or registered account. In parallel, the **European Parliament** reportedly disabled built-in AI tools on lawmakers’ work devices due to cybersecurity and privacy concerns about uploading sensitive correspondence to third-party cloud AI providers and uncertainty about what data is shared and retained. Other referenced material focused on general productivity customization of ChatGPT via “Custom Instructions,” rather than a specific security event or disclosure.
3 weeks ago