Experts have ‘hacking’ warning on OpenAI’s ChatGPT Atlas browser: What the company has to say

OpenAI’s new AI-powered browser, ChatGPT-powered Atlas, is facing immediate security scrutiny. Cybersecurity experts have warned that the tool’s ability to execute tasks across the internet could turn AI assistants into powerful “attack vectors”, and hackers can steal sensitive user data like passwords and bank account information.According to Fortune, the capabilities of Atlas like planning trips, booking accommodations, and managing web browsing on a user’s behalf make it highly susceptible to a novel type of attack known as “prompt injection.”A Prompt injection is a vulnerability where malicious, hidden instructions are fed to an AI system, causing it to bypass its safety controls and perform unintended actions, such as revealing sensitive data or executing harmful commands.

How Atlas can be ‘hacked’

Citing cybersecurity experts, the report said that the core danger lies in the AI browser’s inability to reliably distinguish between commands given by the trusted user and hidden instructions embedded on an untrusted webpage. A hacker can set up a webpage containing commands that the visiting AI model will read and execute.This may lead to stolen personal data from work or personal emails, hacking social media accounts, such as Facebook, to steal messages and even extracting passwords or sensitive financial information.

What OpenAI has to say

Dane Stuckey, OpenAI’s chief information security officer, has said that the company is working to mitigate the risks around prompt injections.“Our long-term goal is that you should be able to trust ChatGPT agent to use your browser, the same way you’d trust your most competent, trustworthy, and security-aware colleague or friend,” he wrote in a post on X.“For this launch, we’ve performed extensive red-teaming, implemented novel model training techniques to reward the model for ignoring malicious instructions, implemented overlapping guardrails and safety measures, and added new systems to detect and block such attacks. However, prompt injection remains a frontier, unsolved security problem, and our adversaries will spend significant time and resources to find ways to make ChatGPT agent fall for these attacks,” he added.Stuckey said the company had implemented several measures to mitigate risks and protect users.