Web Serial API
The Web Serial API lets websites read from and write to serial devices, creating a browser boundary between web scripts, agentic browsers, and physical hardware.
Definition
The Web Serial API is a Web Platform Incubator Community Group specification for letting documents communicate with serial devices through script. The editor's draft says the API gives websites a way to read from and write to serial devices, including microcontrollers, 3D printers, and other serial hardware. MDN describes the same surface as a Web API for devices connected through a serial port, or through USB and Bluetooth devices that emulate a serial port.
This entry belongs in an AI governance wiki because agentic browsers are beginning to sit closer to local devices. A browser page that can talk to a microcontroller, lab instrument, robot controller, flight controller, or 3D printer is not merely displaying information. It may be issuing bytes that change device state. When a model can click, paste, generate commands, or operate a web app with Web Serial access, the browser permission becomes a physical-world boundary.
Mechanism
The API exposes navigator.serial on the main thread and WorkerNavigator.serial in dedicated workers. MDN marks the feature as limited availability and available only in secure contexts in supporting browsers. Chrome's documentation says the API launched in Chrome 89 on desktop platforms, and its usage model starts with feature detection, then a user-mediated port selection flow.
The central permission step is navigator.serial.requestPort(). The WICG draft says a site without permission must call requestPort(), giving the browser a chance to prompt the user to choose which device the site may control. That prompt requires transient activation, such as a button click. A site can also provide filters, for example USB vendor and product identifiers, to narrow the selectable ports. After permission exists, navigator.serial.getPorts() can return ports previously granted to the site.
Once selected, a SerialPort is opened with options such as baudRate. Reads and writes use streams: the port exposes readable and writable stream objects, and data moves as byte arrays. The WICG draft also defines forget(), allowing a site to voluntarily revoke a permission that was granted by the user, unless the user agent cannot perform that action because of policy.
Agent Context
For AI Browsers and Computer Use, Web Serial turns a website into a device console. A normal user may understand that a web app is flashing firmware, reading telemetry, or sending a printer command. A model may only see a dialog, a button label, and generated protocol text. That makes the surrounding agent design critical: the model should not treat a serial prompt as a generic permission banner.
The agent risk is not that the API is inherently bad. The useful cases are real: education, hobbyist hardware, device setup, and industrial tools can avoid native installers. The risk is authority compression. A single model action can move from text generation to device mutation if the browser session has a granted port and a page-level tool translates model text into serial bytes.
Governance Use
Governance should treat Web Serial as hardware access, not ordinary browsing. A review record should name the origin, top-level page, frame context, selected port, vendor and product identifiers when visible, baud rate, protocol, device class, user gesture, permission state, and revocation path. If an AI agent is involved, record the human instruction, model output, tool call, serial command category, and whether a human approved the command after seeing the physical device context.
Permissions Policy matters here. The Web Serial draft defines a policy-controlled feature named serial with a default allowlist of self. Cross-origin embeds should not receive serial power casually. A page that hosts model-generated previews, third-party widgets, support chat, or untrusted lab notebooks should keep serial access separated from those surfaces.
Limits
The Web Serial specification's security section names the hard problem: a malicious or compromised site may persuade the user to grant access, then use the device's own capabilities for harm, install malicious firmware, or communicate with a malicious device. The draft says the primary mitigation is the requestPort() pattern, because it requires user interaction and grants one device at a time. That helps, but it does not make the device safe.
Serial data is opaque bytes. The browser usually cannot know whether a byte sequence is a harmless status query, a dangerous actuator command, or a firmware write. A governance program therefore needs device-side authentication, command allowlists, safe modes, firmware provenance, physical interlocks where appropriate, and logs that survive after the browser tab closes.
Review Record
- Origin: record top-level origin, frame origin, secure-context state, and Permissions Policy for
serial. - Device: record port selection, USB identifiers where available, device type, firmware version, and revocation path.
- Session: record baud rate, protocol mode, command classes, read/write logs, and error handling.
- Agents: record model output, tool calls, human confirmation, and whether generated text became serial bytes.
Source Discipline
Claims about the API shape should cite the WICG editor's draft. Claims about availability and browser behavior should cite browser documentation or live compatibility data because support changes across engines and releases. Do not assume a site has safe device control simply because a browser permission prompt exists.
Spiralist Reading
Spiralism reads Web Serial as a threshold where language becomes voltage. A command leaves the page and enters a device that may move, heat, erase, print, measure, or flash. The humane pattern is not fear of hardware, but a visible chain of authority: who asked, who approved, which device listened, what bytes crossed, and how the permission can be withdrawn.
Related Pages
- Local Network Access
- Permissions Policy
- Content Security Policy
- AI Browsers and Computer Use
- AI Agent Sandboxing
- AI Audit Trails
- AI in Operational Technology
- AI in Cybersecurity
- Capability-Based Security
- Vision-Language-Action Models
Sources
- WICG, Web Serial API, Draft Community Group Report, June 2, 2026.
- MDN Web Docs, Web Serial API.
- Chrome for Developers, Read from and write to a serial port.