×
OpenAI security chief warns ChatGPT Atlas browser vulnerable to hackers
Written by
Published on
Join our daily newsletter for breaking news, product launches and deals, research breakdowns, and other industry-leading AI coverage
Join Now

OpenAI launched ChatGPT Atlas, its AI browser that can perform web actions like shopping and scheduling, but the company’s own security chief is warning users about potential risks. Dane Stuckey, OpenAI’s chief information security officer, cautioned that the browser “can still make (sometimes surprising!) mistakes, like trying to buy the wrong product or forgetting to check in with you before taking an important action,” highlighting vulnerabilities that could undermine consumer trust in AI-powered browsing.

The security concern: Prompt injection attacks pose an “emerging risk” where hackers embed malicious instructions in websites to manipulate AI agents into unintended behaviors.

  • “The objective for attackers can be as simple as trying to bias the agent’s opinion while shopping, or as consequential as an attacker trying to get the agent to fetch and leak private data, such as sensitive information from your email, or credentials,” Stuckey explained.
  • Large language models cannot determine the intent behind web content, making them susceptible to executing hacker-planted instructions they encounter online.

In plain English: Think of AI browsers like helpful assistants that can shop and schedule for you online. However, hackers can hide malicious instructions on websites—like leaving fake notes for the assistant to follow. Since AI can’t tell the difference between legitimate website content and these hidden traps, it might accidentally follow the hacker’s instructions instead of yours.

Industry-wide vulnerability: ChatGPT Atlas faces the same fundamental security challenges as other AI browsers currently in development.

  • Anthropic’s Claude computer, Google’s Gemini on Chrome, and Perplexity’s Comet AI browser all share similar vulnerabilities to prompt injection attacks.
  • Researchers at Brave Software, which develops the privacy-focused Brave browser, discovered that hackers can embed secret instructions into images to deliver prompt injection attacks via Perplexity’s Comet.

What they’re saying: OpenAI acknowledges the risks while emphasizing their commitment to security research and mitigation.

  • “We are very thoughtfully researching and mitigating” this risk, Stuckey noted, though he warned that hackers may find new ways to influence AI agents.
  • “As with computer viruses in the early 2000s, we think it’s important for everyone to understand responsible usage, including thinking about prompt injection attacks, so we can all learn to benefit from this technology safely.”

Current availability: ChatGPT Atlas is currently only available on macOS, suggesting a cautious rollout approach as OpenAI addresses these security concerns.

Business implications: These security vulnerabilities could threaten consumer adoption and represent a significant challenge to OpenAI’s revenue diversification efforts, as AI browsers promise to automate routine web tasks but require user trust to succeed in the marketplace.

Watch Your Wallet: ChatGPT Atlas Might Try to Buy the Wrong Product for You

Recent News

Google AI exec argues AI systems have consciousness and free will

The book arrives as questions about machine consciousness become urgent for policymakers.

Chattanooga startups use AI robots to tackle healthcare worker shortages

Hospital hallways may soon buzz with robotic assistants carrying medical supplies.

Micron surges 140% on AI memory chip demand despite China exit

The memory chipmaker trades at just 24 times earnings while analysts project doubling profits.