Even as OpenAI works to harden its Atlas AI browser against cyberattacks, the company admits that prompt injections, a type of attack that manipulates AI agents to follow malicious instructions often hidden in web pages or emails, is a risk that’s not going away anytime soon — raising questions about how safely AI agents can operate on the open web.
“Prompt injection, much like scams and social engineering on the web, is unlikely to ever be fully ‘solved,’” OpenAI wrote in a Monday blog post detailing how the firm is beefing up Atlas’ armor to combat the unceasing attacks. The company conceded that “agent mode” in ChatGPT Atlas “expands the security threat surface.”
OpenAI launched its ChatGPT Atlas browser in October, and security researchers rushed to publish their demos, showing it was possible to write a few words in Google Docs that were capable of changing the underlying browser’s behavior. That same day, Brave published a blog post explaining that indirect prompt injection is a systematic challenge for AI-powered browsers, including Perplexity’s Comet.
...read more at techcrunch.com
pull down to refresh
related posts
Also see: #1263165, #1267693, #1265298
And so on... lol
It never hurts to remind people about safety issues once in a while. People forget this stuff really fast. You’ve gotta remind them!
Agreed - it wasn't criticism to the post.
The big problem I have with the
browser-as-agentsolution is that there is something off with separation of concerns (which is also why I don't use Chrome, becausebrowser-as-data-harvest-toolis similarly bad.)LLMs that tool-call search engines are extremely useful as an assistant though, and worth further developing (or maybe developing the search engines further? not sure, but these suck too.)