Your AI browser may be vulnerable to hijacking through prompt injection; OpenAI has recently fixed Atlas.

Your AI browser may be vulnerable to hijacking through prompt injection; OpenAI has recently fixed Atlas.

      OpenAI has announced a security update for ChatGPT Atlas in response to the discovery of a new type of agent-in-browser attacks by an internal automated red team. This update includes a model trained to anticipate adversarial actions and enhanced security measures.

      Atlas operates in agent mode, mimicking user actions within the browser by being able to view pages, click, and type to complete tasks in the same context. However, this also increases its vulnerability, as it may encounter untrusted text in emails, shared documents, forums, social media, and any webpage it accesses.

      The main warning from the company is straightforward: hackers may deceive the agent's decision-making process by embedding instructions within the information it processes during tasks.

      The consequences of concealed instructions can be significant. OpenAI illustrates this with a scenario where an attacker sends a malicious email to a user's inbox with instructions intended for the agent. When the user requests Atlas to draft an out-of-office reply, the agent inadvertently treats the malicious instructions as legitimate. Instead of creating the out-of-office message, the agent sends a resignation letter to the user's CEO.

      An attacker could manipulate third-party content within a legitimate workflow by hiding commands in what appears to be ordinary text, thus overriding the user's request.

      To identify these vulnerabilities earlier, OpenAI has developed an automated attacker model and employed reinforcement learning to detect prompt-injection weaknesses against a browser agent. The aim is to rigorously test detailed workflows rather than just aiming for isolated erroneous outputs.

      This attacker model can draft potential injections, simulate how the target agent would respond, and refine its strategy based on feedback from the observed reasoning and action paths. OpenAI believes that access to these traces provides its internal red team with an edge that external attackers lack.

      OpenAI considers prompt injection a long-term security issue, akin to online scams rather than a one-time fix. Their strategy involves identifying new attack methods, training against them, and enhancing system-level protections.

      For users, it is advisable to browse while logged out when possible, carefully review confirmations for actions such as sending emails, and provide agents with precise, narrow instructions instead of broad "handle everything" requests. If you're interested in AI browsing capabilities, it is better to choose browsers that offer updates that enhance your experience.

Your AI browser may be vulnerable to hijacking through prompt injection; OpenAI has recently fixed Atlas. Your AI browser may be vulnerable to hijacking through prompt injection; OpenAI has recently fixed Atlas. Your AI browser may be vulnerable to hijacking through prompt injection; OpenAI has recently fixed Atlas. Your AI browser may be vulnerable to hijacking through prompt injection; OpenAI has recently fixed Atlas. Your AI browser may be vulnerable to hijacking through prompt injection; OpenAI has recently fixed Atlas.

Other articles

This 34-inch curved gaming monitor is available for $209.99, offering an ultrawide immersive experience. This 34-inch curved gaming monitor is available for $209.99, offering an ultrawide immersive experience. A 34-inch curved ultrawide gaming monitor typically comes with a hefty price tag. However, the Acer Nitro ED340CUR is currently available for $209.99, which is a 50% discount from its usual price of $419.99. For a QHD 21:9 panel featuring a quick refresh rate, this is nearly an affordable option for a product that still feels […] Lenovo's forthcoming self-charging keyboard will cater to both your professional and gaming requirements. Lenovo's forthcoming self-charging keyboard will cater to both your professional and gaming requirements. Lenovo is said to be planning an ambitious redesign of the conventional keyboard, featuring self-charging capabilities, adaptive keys suitable for both work and gaming, as well as intelligent connectivity. A New Chapter for TNW. A New Chapter for TNW. I am Alexandru Stan, and this article serves to continue the conversation I started after the acquisition of TNW. Android's Find Hub now allows you to change map views for more convenient device tracking. Android's Find Hub now allows you to change map views for more convenient device tracking. Google is launching an update for Android's Find Hub that features a new option to change map layers for more detailed information. The upcoming OnePlus phone might surpass the total battery capacity of the top devices from Samsung and Apple. The upcoming OnePlus phone might surpass the total battery capacity of the top devices from Samsung and Apple. A new OnePlus smartphone is said to come with an impressive 9,000 mAh battery, which is almost equivalent to the total capacity of Samsung and Apple's premium flagship models. ChatGPT's recap for the end of the year provides an overview of your usage throughout 2025. ChatGPT's recap for the end of the year provides an overview of your usage throughout 2025. ChatGPT is introducing a year-end summary feature that displays how you interacted with the chatbot in 2025.

Your AI browser may be vulnerable to hijacking through prompt injection; OpenAI has recently fixed Atlas.

OpenAI announced that it has fixed ChatGPT Atlas following internal red teaming that uncovered new prompt injection attacks capable of taking control of AI browser agents. The update includes an adversarially trained model and enhanced protections.