Be Cautious with Agentic Web Browsers
New AI-powered browsers from OpenAI, Perplexity, and others promise to automate Web tasks but are vulnerable to prompt injection attacks.
These attacks could manipulate the browser or steal private information through hidden instructions.
Researchers have uncovered vulnerabilities in Atlas allowing attackers to take advantage of ChatGPT’s “memory” to inject malicious code, grant themselves access privileges, or deploy malware.
- Flaws discovered in Comet could allow attackers to hijack the browser’s AI with hidden instructions.
- Perplexity and OpenAI’s chief information security officer, Dane Stuckey, acknowledged prompt injections as a big threat.
Author's summary: AI-powered browsers pose security risks.