The future web is no longer just a collection of websites. Browsers are evolving into operating systems, AI agents are becoming active participants in online interactions, and digital identities increasingly extend beyond human users. These transformations are creating new security challenges that traditional web security models were never designed to address.
At the Next-Generation Web Security Lab, we explore how to secure this evolving web ecosystem. Our research focuses on three interconnected areas: Browser-as-OS Security, AI Agent Security, and Digital Identity & Trust. Together, these directions aim to build a secure foundation for the next generation of web-centric computing and digital interactions.
Browser-as-OS Security
How can we secure the next generation of web platforms?
Modern web browsers are rapidly evolving into full-fledged operating systems. Emerging web technologies such as WebAssembly, WebXR, and WebNN enable browsers to directly access hardware resources and execute increasingly complex applications. While these capabilities unlock powerful new experiences, they also introduce novel attack surfaces that blur the traditional boundary between web applications and operating systems.
Our research investigates the security implications of these emerging browser capabilities and develops practical defenses against web-based threats. We aim to build secure foundations for the future web, where browsers serve as a universal platform for computing, communication, and AI-powered applications.



AI Agent Security
How can we build trustworthy AI agents in an adversarial world?
AI systems are rapidly evolving from passive assistants into autonomous agents capable of interacting with websites, software systems, and humans. As these agents increasingly perform tasks on behalf of users, they introduce new security challenges, including adversarial manipulation, information leakage, and AI-enabled cyber threats.
Our research focuses on understanding and securing AI agents and AI-powered ecosystems. We investigate both how AI can enable new forms of cyberattacks and how AI systems themselves can be manipulated, exploited, or deceived, with the goal of building trustworthy AI agents that operate safely in real-world environments.

Source: NISTDigital Identity & Trust
How can we verify human presence and identity in an AI-mediated world?
Digital systems have traditionally assumed that users are human and that digital identities faithfully represent real individuals. As AI-generated content, autonomous agents, and synthetic identities become increasingly prevalent, these assumptions can no longer be taken for granted. Establishing trust now requires verifying not only who is acting, but also whether an action genuinely originates from a real human.
Our research investigates the foundations of human presence, identity, and authenticity in modern digital environments. We develop techniques for human-origin verification, identity protection, and trust establishment, with the goal of building secure systems that can distinguish legitimate human activity from synthetic or manipulated identities.


