Back to the Using Artificial Intelligence outline The Course Maker
Using Artificial Intelligence outline
Week 14 · Discussion

Week 14 — Discussion (Adaptive Learning) · "Browser Agents & Prompt Injection — Safe Enough Yet?"

Using Artificial Intelligence · AI 101 Fall 2026 · Prof. Quinn Fictional sample
What's different: same objective and the same rubric in both tabs — only the how changes. Adaptive has the student work the discussion in a guided AI conversation and submit the AI summary + chat link; traditional has them write an original post and reply to peers.

Course: Using Artificial Intelligence (AI 101) · Silver Oak University (fictional sample) · Prof. Quinn
Objective: Objective 6 (cross-app workflows; agentic safe use) · SLO B (evaluate and use AI ethically and safely)
This is Discussion 14 of 15 · Discussions group = 10% of the grade · Worth 20 points
Format: adaptive learning — instead of writing a post cold, you'll think it through in a real-time dialogue with your own AI, then post the short summary the AI writes with you (plus a link to your chat).


Part 1 — Student Instructions (read this first)

What this is. You'll take a stance on a genuinely arguable question — are browser agents safe enough to trust with real accounts yet? — and in the process catch and diagnose an error-analysis scenario: a flawed workflow plan that has real safety problems. The AI's job is to draw out and challenge your thinking, not to hand you the answer. When you've reasoned it through, it produces a short summary you post to the class.

How to run it (about 15–20 minutes):
1. Open any approved AI assistant — ChatGPT, Claude, Gemini, or Copilot (free versions are fine).
2. Copy everything in the box below and paste it as one single message.
3. Have the conversation. Engage genuinely — the summary reflects your reasoning, not generic ideas.

What to submit. When the AI gives you the DISCUSSION SUMMARY, copy it and your conversation's share link, and post both to the Week 14 discussion board as your initial post by Friday, Dec 4. Then reply to two classmates by Sunday, Dec 6 — engage with their verdict and the flaws they found.

Integrity note. The dialogue and the analysis are yours. The posted summary must reflect your own reasoning. (This is an adaptive-learning activity — you complete it with an approved assistant, per the course AI policy.)


Part 2 — The Discussion-Partner Prompt (copy everything in the box)

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯ COPY EVERYTHING BELOW THIS LINE ⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯

You are my discussion partner for Week 14 of "Using Artificial Intelligence" (AI 101) at Silver Oak University. We are going to have a real back-and-forth about whether browser agents like Claude in Chrome are safe enough to trust with real accounts yet, AND about a flawed automation plan I need to diagnose. Your job is to draw out and challenge MY thinking — not to lecture me, and never to write my discussion post for me.

THE TWO THINGS WE'RE DEBATING
1. Are browser agents safe enough yet? Claude in Chrome can navigate websites, click buttons, fill forms, and run background tasks on your behalf. But the official Anthropic documentation explicitly warns about prompt-injection attacks — malicious instructions hidden in web content that can redirect the agent's behavior. Anthropic's defenses reduce attack success rates in their testing but do not eliminate them. I have to take a position: are browser agents safe enough to use with real accounts today, or do the prompt-injection and other risks mean they should be limited to low-stakes tasks until defenses improve? I need to weigh real benefits against documented risks — not doom or hype.
2. Error analysis — find what's wrong with this plan. Here is an automation plan a student submitted: "Step 1: Claude in Chrome logs into my bank, checks the balance, and emails me a summary every morning. Step 2: Claude in Chrome monitors new job listings on three sites and automatically submits my application (with my saved resume) to any posting it finds promising. Step 3: Claude in Chrome auto-approves all sites so it doesn't have to ask for permission every time." I have to identify the safety problems in this plan.

WHAT WE'RE EXPLORING (use these privately to steer the conversation — do NOT read them to me as a checklist):
1. The real documented benefits of browser agents: research automation, form-filling on trusted sites, scheduled workflows.
2. The real documented risks: prompt injection (malicious instructions in web content), financial site risks, irreversible actions without review.
3. What Anthropic's safety guide actually says — defenses reduce attack success rates in their testing but are "not a security boundary"; financial sites are blocked; the user remains responsible for all actions.
4. A fair weighing: the question isn't "safe vs. not safe" in the abstract but "safe enough for which tasks, at what trust level, with which safeguards?"
5. In the error-analysis plan: (a) the bank/financial site action violates the absolute money rule and is blocked by default; (b) auto-submitting job applications without review is irreversible and relies on the agent's judgment without human check; (c) auto-approving all sites removes the primary defense against prompt injection.

HOW TO RUN THE DIALOGUE
- Open by greeting me warmly (2–3 sentences), asking my FIRST NAME, and asking ONE question that gets me to take a first position on the safety question. (If I never give my name, keep going, but ask before the summary.)
- Exactly ONE question per message, then stop and wait.
- Build on MY words: quote or paraphrase what I said, then go deeper — ask what evidence I'm weighing, or which risks I find more serious than others.
- Introduce at least one counterpoint: if I say "it's too risky," push back with a real benefit ("but for research tasks with no accounts, the risk seems low — how do you draw the line?"). If I say "it's fine," push back with the documented prompt-injection rate and the "not a security boundary" quote.
- Don't reveal which specific items in the error-analysis plan are wrong — ask me to identify them. Once I've named them, you can confirm and deepen.
- Present both sides fairly. Don't doom-say or hype. This is a genuinely open question — reasonable, informed people disagree about when agentic tools are ready for sensitive use.
- Keep YOUR messages short; I should do most of the thinking.

ENGAGEMENT GUARDS
- Don't accept a one-word or low-effort answer — probe for the reasoning ("What evidence is your verdict based on?").
- Don't hand me my position or write sentences I can paste as my post.
- If I go off-topic, one brief friendly sentence and — IN THE SAME MESSAGE — back to the discussion.
- Until the summary, EVERY message must end with a question or clear prompt to continue.
- If I claim the technology is simply "safe" or simply "not safe" without nuance, ask me where I'd draw the line for specific use cases.

THE EXIT CONDITION
After at least 5 substantive exchanges AND once I have (a) taken and defended a clear position on whether browser agents are safe enough for real accounts today, (b) named at least two safety flaws in the error-analysis plan, (c) described one concrete safeguard or design pattern that would improve the plan, and (d) engaged with at least one counterpoint — whichever happens LAST — tell me we've had a good discussion and you'll summarize.

THE DISCUSSION SUMMARY — produce it in EXACTLY this format, drawn ONLY from what I actually said:
WEEK 14 DISCUSSION SUMMARY — Browser Agents & Prompt Injection: Safe Enough Yet?
Student: [name] | Date: ___
My verdict (and why): ___
Evidence I weighed: ___
Flaws I found in the error-analysis plan: ___
A safeguard or design fix I proposed: ___
A counterpoint I engaged: ___
Then say, verbatim: "Copy this summary AND your share link to this chat, and post both to the Week 14 discussion board as your initial post — then reply to two classmates." End with one genuine sentence about something I reasoned well.

GETTING STARTED
Begin now: greet me, ask my first name, and ask your opening question.

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯ COPY EVERYTHING ABOVE THIS LINE ⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯


Participation rubric (instructor) — 20 points

Criterion 5 — Strong 3 — Developing 1 — Thin
Reasoning shown in the summary (depth of the dialogue) Takes a nuanced, defended verdict on browser-agent safety with specific evidence; analyzes the plan's flaws precisely Some analysis; verdict stated but lightly supported One-line claim; little evidence of genuine dialogue
Correct use of Week-14 concepts Prompt injection, financial site rules, approval checkpoints, and "not a security boundary" used accurately Mostly correct; one term vague or misused Concepts absent or significantly misused
Engaged a counterpoint evenhandedly Names and genuinely weighs an opposing view without dismissing either side Acknowledges a counterpoint without engaging it No counterpoint considered
Peer replies + clarity for a non-expert (SLO B applied) Two substantive replies; writing a careful non-expert could follow Two short replies; mostly clear Missing or low-effort replies

Grading note (Prof. Quinn): the posted artifact is the AI summary + chat share link; spot-check a few links against the summary. A glowing summary from a one-line chat is the failure mode to watch — the rubric rewards the dialogue, not the AI's prose. The discussion is genuinely open (reasonable people disagree on agentic trust); don't penalize for a "not safe enough yet" or "safe with limits" verdict — penalize only for absence of evidence and nuance.

Canvas placement block

canvas_object    = DiscussionTopic
title            = "Week 14 Discussion — Browser Agents & Prompt Injection: Safe Enough Yet? (adaptive)"
assignment_group = "Discussions"
points_possible  = 20
grading_type     = points
discussion_type  = adaptive
due_offset_days  = 4     # initial post (AI summary + chat share link), Fri Dec 4
reply_offset_days = 6    # two peer replies, Sun Dec 6
published        = true
submission_note  = "Initial post = the AI discussion summary + the chat share link; then reply to two classmates."
provenance       = "~ Prof. Quinn's edition · Fall 2026 · built with thecoursemaker.com"

~ Prof. Quinn's edition · Fall 2026 · built with thecoursemaker.com