ChatGPT Atlas is an AI-powered web browser that can book travel, order groceries or do research, all on your behalf. OpenAI says it's like having a personal agent built into your web browser. That's what has security experts concerned.
As remarkable as AI systems are, they're also imperfect. From hallucinations to sycophancy, AI can get things wrong, often. Handing the keys of a web browser to AI introduces a host of other potential issues, including prompt injection attacks, clipboard attacks and the simple inability to understand that some sites are spam.
"Atlas shows the same early-stage issues we have seen across other agent-style browsers," said Rob T. Lee, chief of research and chief AI officer at SANS Institute, a cooperative cybersecurity training and education organization. "There have been successful prompt injection and redirection tests. To their credit, OpenAI has moved quickly to address reports."
Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
The release of AI Atlas is an early salvo in an emerging browser war. Other entrants in this space include Perplexity's Comet, Google's inclusion of Gemini in Chrome and Copilot Mode in Microsoft Edge. For major players in Big Tech, gaining any sort of upper hand in the web browser space gives them critical user data, which they can use to either better optimize their products or sell targeted advertising against. That's especially important for OpenAI, which has committed billions of dollars to AI infrastructure development while showing limited ability to make revenue, much less a profit. The company is looking towards all avenues, including advertising, to push revenues up, along with allowing the generation of adult textual content.
(Disclosure: Ziff Davis, CNET's parent company, in April filed a lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.)
In the case of OpenAI, having an AI-powered web browser gain popularity means pulling people away from Chrome, currently the world's most popular web browser with 73% market share, according to GlobalStats. ChatGPT Atlas could further expand OpenAI's ecosystem. While ChatGPT has become the catch-all term for AI chatbots, for Atlas to achieve mass adoption in both the consumer and enterprise space, OpenAI will need to ensure its browser is as secure and trustworthy as Chrome.
Prompt injections, clipboard attacks and more
Prompt injection attacks are the vulnerability most associated with AI-powered web browsers. It's a type of exploit in which bad actors deliberately place malicious instructions on a website for an AI agent. The text is invisible, hidden from the user. But since the AI can analyze all content on the site, it sucks up the instructions and ignores safety guidelines. The bad instructions could lead to the AI leaking sensitive information, changing system settings or taking other harmful actions.
"There's also just this wider consumer concern here, as it pertains to just this sort of omnipresent computer vision component associated with every aspect of your web browsing," said Simon Poulton, executive vice president of innovation and growth at Tinuiti, a marketing agency. Poulton worries that consumers won't understand how their information is being stored and how persistent that information is within the AI.
... continue reading