OpenAI's new Atlas browser may have some extremely concerning security issues, experts warn - here's what we know

News
By published

AI browsers are presenting whole new security issues

ChatGPT Atlas
(Image credit: OpenAI)
  • All agentic AI browsers are susceptible to indirect prompt injections
  • Only use agentic browsing when you’re not handling sensitive info
  • We could need to rethink how browsers work, and how we use them

Just days after OpenAI released Atlas, its take on the web browser, the company is battling to maintain its reputation amid security concerns.

The Chromium-based browser which has a built-in AI agent for web navigation and automation, has been found vulnerable to indirect prompt injection, which means malicious commands can be hidden within web content to manipulate the agentic features.

As a result, cybercriminals could alter the behavior of the browser without having to directly address OpenAI’s technology, and users could be susceptible to data leaks.

OpenAI’s Atlas could be vulnerable to attacks

The warning comes from a new report from Brave - but it’s not just Atlas that could face these challenges, but rather any AI browser, including Perplexity’s Comet.

“AI-powered browsers that can take actions on your behalf are powerful yet extremely risky,” the researchers wrote.

Brave explained the core problem stems from the fact that AI browsers not only use trusted user input, but they must also use untrusted web content to form prompts. Even malicious comments on sites like Reddit could trigger actions with unintended consequences.

In the meantime, Brave recommends separating normal browsing from agentic browsing through browsers like Atlas, Comet and Fellou, using them only when it’s beneficial or necessary.

Sessions handling sensitive information, like banking and communications, are probably best kept to your regular browser.

Brave’s researchers also noted that, where possible, users should set up the AI to require explicit user confirmation before carrying out autonomous tasks.

Nevertheless, the problem seems to be a much broader one. “Indirect prompt injection is not an isolated issue, but a systemic challenge facing the entire category of AI-powered browsers,” the researchers wrote.

Brave promises to bring longer-term solutions for users to maintain maximum security going forward, but it’s clear a total overhaul to how browsers work and how we interact with them could be needed.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.