OpenAI’s new Atlas browser may have some extremely concerning security issues, experts warn – here’s what we know
- All agentic AI browsers are susceptible to indirect prompt injections
- Only use agentic browsing when you’re not handling sensitive info
- We could need to rethink how browsers work, and how we use them
Just days after OpenAI released Atlas, its take on the web browser, the company is battling to maintain its reputation amid security concerns.
The Chromium-based browser which has a built-in AI agent for web navigation and automation, has been found vulnerable to indirect prompt injection, which means malicious commands can be hidden within web content to manipulate the agentic features.
As a result, cybercriminals could alter the behavior of the browser without having to directly address OpenAI’s technology, and users could be susceptible to data leaks.
OpenAI’s Atlas could be vulnerable to attacks
The warning comes from a new report from Brave – but it’s not just Atlas that could face these challenges, but rather any AI browser, including Perplexity’s Comet.
“AI-powered browsers that can take actions on your behalf are powerful yet extremely risky,” the researchers wrote.
Brave explained the core problem stems from the fact that AI browsers not only use trusted user input, but they must also use untrusted web content to form prompts. Even malicious comments on sites like Reddit could trigger actions with unintended consequences.
In the meantime, Brave recommends separating normal browsing from agentic browsing through browsers like Atlas, Comet and Fellou, using them only when it’s beneficial or necessary.
Sessions handling sensitive information, like banking and communications, are probably best kept to your regular browser.
Brave’s researchers also noted that, where possible, users should set up the AI to require explicit user confirmation before carrying out autonomous tasks.
Nevertheless, the problem seems to be a much broader one. “Indirect prompt injection is not an isolated issue, but a systemic challenge facing the entire category of AI-powered browsers,” the researchers wrote.
Brave promises to bring longer-term solutions for users to maintain maximum security going forward, but it’s clear a total overhaul to how browsers work and how we interact with them could be needed.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
The best antivirus for all budgets
All agentic AI browsers are susceptible to indirect prompt injections Only use agentic browsing when you’re not handling sensitive info We could need to rethink how browsers work, and how we use them Just days after OpenAI released Atlas, its take on the web browser, the company is battling to…
