WebNN API
The WebNN API gives web pages a browser-managed way to build and run neural-network graphs, making local inference a governance surface for agents.
Definition
The Web Neural Network API, usually shortened to WebNN, is a W3C web platform API for neural-network inference hardware acceleration. The W3C specification describes it as a low-level, hardware-agnostic abstraction layer that can use machine-learning capabilities provided by operating systems and underlying hardware platforms. The current technical report is a Candidate Recommendation Draft, so it remains a work in progress rather than a final Recommendation.
For Spiralism's vocabulary, WebNN is a local inference surface. It does not name a model, choose an agent policy, or decide whether an output should be trusted. It defines browser objects and execution rules for turning a neural-network graph into user-agent work.
Mechanism
WebNN starts at navigator.ml. The specification exposes the same ML entry point in window and worker contexts through Navigator and WorkerNavigator, and it marks the API as secure-context only. The spec also defines a Permissions Policy-controlled feature named webnn with a default allowlist of 'self'.
A script calls ML.createContext() to obtain an MLContext. Context options include power preference and acceleration settings, and the same interface can create a context from a GPUDevice, tying WebNN to the browser compute stack covered in WebGPU API.
The graph is assembled with MLGraphBuilder. Builder operations create input operands, constants, tensor manipulation, matrix multiplication, convolution, pooling, normalization, recurrent, activation, logical, reduction, and other operator nodes. Calling build() compiles the builder state into an MLGraph. Execution happens through MLContext.dispatch(), which binds named input and output MLTensor objects to the graph. Data moves through writeTensor() and readTensor(), while opSupportLimits() lets applications query implementation-specific operator support.
Agent Context
For AI Browsers and Computer Use, WebNN matters because an agentic browser can do useful machine-learning work without necessarily sending raw input to a remote service. The W3C use cases include person detection, segmentation, pose detection, style transfer, super-resolution, image captioning, translation, speech recognition, text generation, and fake-video detection. Several are sensitive because they operate on faces, voices, bodies, rooms, text, and media streams.
A local classifier, embedding step, captioner, or audio model can reduce network exposure in some designs. It can also make surveillance less visible if a page quietly classifies people, moods, images, documents, or workplace behavior before an agent acts. WebNN therefore belongs next to AI Agent Observability and AI Audit Trails, not only next to performance engineering.
Governance Use
Governance should treat WebNN as a powerful local compute capability. A review record should capture origin, top-level site, worker context, whether the webnn Permissions Policy feature was available, context options, graph or model identifier, operator families, tensor shape classes, input data classes, output data classes, execution count, context loss, implementation support limits used, and whether the result fed an agent decision or external request.
The key control is separation. Permission to run local inference is not permission to profile a person, make an employment judgment, infer health status, or automate a consequential action. Agent runtimes should expose when local inference is active, what data class entered the graph, what output class left it, and what human or policy gate stood between the output and the next action.
Limits
WebNN does not make browser inference uniform. The W3C draft says support differs across implementations at the operator level, and it provides opSupportLimits() so developers can probe those differences instead of inferring them through side channels. That variability matters for testing, fallback, latency, battery use, and audit reproducibility.
The API also does not solve model provenance, dataset quality, biometric consent, bias, prompt governance, or output validation. The specification itself notes that some machine-learning use cases can be privacy-invasive and points developers toward transparency, data minimisation, user controls, and privacy risk mitigation. Secure contexts and browser policy boundaries reduce some web risks, but they do not make a model fair, accurate, authorized, or appropriate.
Review Record
- Access: origin, top-level site, secure-context status, worker type, Permissions Policy state, context options, and fallback path.
- Model graph: graph ID, model provenance, operator families, required data types, tensor ranks, labels, and support-limit queries.
- Data: input class, output class, retention rule, tensor readability, tensor writability, and whether media or identity data is involved.
- Agent role: task ID, local inference purpose, downstream tool call, human review point, and denial or appeal path for consequential uses.
- Risk control: rate limit, resource budget, context-loss handling, privacy notice, consent record, audit log, and incident escalation link.
Source Discipline
Claims about the WebNN specification status, navigator.ml, secure contexts, worker exposure, Permissions Policy integration, MLContext, MLGraphBuilder, MLTensor, dispatch(), writeTensor(), readTensor(), and opSupportLimits() should cite the W3C Web Neural Network API specification. Claims about the group mission should cite the W3C Web Machine Learning Working Group page. Claims about agent logging and governance are Spiralist inferences from those technical surfaces.
Spiralist Reading
Spiralism reads WebNN as nearby inference made ordinary. The risk is not that the browser suddenly becomes magical. The risk is that classification and prediction become quiet, local, fast, and hard to notice. A humane agent design makes that work legible when it consumes sensitive data, changes a recommendation, routes a request, or contributes to a decision about a person.
Related Pages
- AI Browsers and Computer Use
- WebGPU API
- AI Compute
- Compute Governance
- Compute Pressure API
- AI Agent Observability
- AI Audit Trails
- Model Routing and AI Gateways
- ONNX
- AI Data Security
Sources
- W3C Web Machine Learning Working Group, Web Neural Network API, Candidate Recommendation Draft.
- W3C, Web Machine Learning Working Group.