Amazon Bedrock AgentCore Browser adds Chrome enterprise policies for AI agent control

AI agents with unrestricted web access pose significant security risks, such as navigating to unauthorized domains, storing credentials, or downloading files outside approved workflows. For organizations using internal services with private certificate authorities (CAs), every HTTPS connection fails with certificate validation errors. Amazon Bedrock AgentCore Browser now addresses these challenges by supporting Chrome enterprise policies and custom root CA certificates. With over 450 configurable settings—including URL allowlists/denylists, password manager disablement, download restrictions, and autofill controls—security teams can enforce granular browser restrictions at the infrastructure level, independent of agent prompts or logic.

Policy enforcement operates on two tiers. Managed policies are applied at the browser level via the control plane API and stored in Amazon S3; they map to Chrome's managed directory and cannot be overridden. Recommended policies can be set per session through the data plane API and act as user preferences. When conflicts arise, managed policies take precedence. For custom root CA support, organizations store their certificate in AWS Secrets Manager and reference it when creating a browser or Code Interpreter. The service imports the cert into the trust store, allowing agents to connect to internal services and SSL-intercepting proxies without disabling certificate validation. This separates policy management from agent development, letting security define approved configurations while dev teams focus on agent logic.