No Result
View All Result
  • Login
Tuesday, July 7, 2026
FeeOnlyNews.com
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading
No Result
View All Result
FeeOnlyNews.com
No Result
View All Result
Home Business

OpenAI says AI browsers like ChatGPT Atlas may never be fully secure from hackers—and experts say the risks are ‘a feature not a bug’

by FeeOnlyNews.com
7 months ago
in Business
Reading Time: 3 mins read
A A
0
OpenAI says AI browsers like ChatGPT Atlas may never be fully secure from hackers—and experts say the risks are ‘a feature not a bug’
Share on FacebookShare on TwitterShare on LInkedIn



OpenAI has said that some attack methods against AI browsers like ChatGPT Atlas are likely here to stay, raising questions about whether AI agents can ever safely operate across the open web. The main issue is a type of attack called “prompt injection,” where hackers hide malicious instructions in websites, documents, or emails that can trick the AI agent into doing something harmful. For example, an attacker could embed hidden commands in a webpage—perhaps in text that is invisible to the human eye but looks legitimate to an AI—that override a user’s instructions and tell an agent to share a user’s emails, or drain someone’s bank account.Following the launch of OpenAI’s ChatGPT Atlas browser in October, security researchers were quick to demonstrate how a few words hidden in a Google Doc or clipboard link could manipulate the AI agent’s behavior. Cybersecurity firm Brave, also published findings showing that indirect prompt injection is a systematic challenge affecting multiple AI-powered browsers, including Perplexity’s Comet.

“Prompt injection, much like scams and social engineering on the web, is unlikely to ever be fully ‘solved,’” OpenAI wrote in a blog post Monday, adding that “agent mode” in ChatGPT Atlas “expands the security threat surface.”

“We’re optimistic that a proactive, highly responsive rapid response loop can continue to materially reduce real-world risk over time,” the company said.

Fighting AI with AI

OpenAI’s approach to the problem is to use an AI-powered attacker of its own—essentially a bot trained through reinforcement learning to act like a hacker seeking ways to sneak malicious instructions to AI agents. The bot can test attacks in simulation, observe how the target AI would respond, then refine its approach and try again repeatedly.

“Our [reinforcement learning]-trained attacker can steer an agent into executing sophisticated, long-horizon harmful workflows that unfold over tens (or even hundreds) of steps,” OpenAI wrote. “We also observed novel attack strategies that did not appear in our human red teaming campaign or external reports.”

However, some cybersecurity experts are skeptical that OpenAI’s approach can address the fundamental problem. 

“What concerns me is that we’re trying to retrofit one of the most security-sensitive pieces of consumer software with a technology that’s still probabilistic, opaque, and easy to steer in subtle ways,” Charlie Eriksen, a security researcher at Aikido Security, told Fortune.

“Red-teaming and AI-based vulnerability hunting can catch obvious failures, but they don’t change the underlying dynamic. Until we have much clearer boundaries around what these systems are allowed to do and whose instructions they should listen to, it’s reasonable to be skeptical that the tradeoff makes sense for everyday users right now,” he said. “I think prompt injection will remain a long-term problem … You could even argue that this is a feature, not a bug.”

A cat-and-mouse game

Security researchers also previously told Fortune that while a lot of cybersecurity risks were essentially a continuous cat-and-mouse game, the deep access that AI agents need—such as users’ passwords and permission to take actions on a user’s behalf—posed such a vulnerable threat opportunity it was unclear if their advantages were worth the risk. 

George Chalhoub, assistant professor at UCL Interaction Centre, said that the risk is severe because prompt injection “collapses the boundary between the data and the instructions,” potentially turning an AI agent “from a helpful tool to a potential attack vector against the user” that could extract emails, steal personal data, or access passwords.

“That’s what makes AI browsers fundamentally risky,” Eriksen said. “We’re delegating authority to a system that wasn’t designed with strong isolation or a clear permission model. Traditional browsers treat the web as untrusted by default. Agentic browsers blur that line by allowing content to shape behavior, not just be displayed.”

The U.K.’s National Cyber Security Centre has also warned that prompt injection attacks against generative AI systems are a long‑term issue that may never be fully eliminated. Instead of assuming these attacks can be completely stopped, the agency advises security teams to design systems so that the damage from a successful prompt injection is limited, and to focus on reducing both the likelihood and impact of data exposure or other harmful outcomes.

OpenAI recommends users give agents specific instructions rather than providing broad access with vague directions like “take whatever action is needed.” The company also said Atlas is trained to get user confirmation before sending messages or making payments.

“Wide latitude makes it easier for hidden or malicious content to influence the agent, even when safeguards are in place,” OpenAI said in the blogpost.

This story was originally featured on Fortune.com



Source link

Tags: AtlasbrowsersBugChatGPTExpertsFeatureFullyhackersandOpenAIRiskssecure
ShareTweetShare
Previous Post

SNC: Israeli tech cos raised $15.6b in 2025

Next Post

January Fed Rate Cut Odds Fall to New Lows After Strong U.S. Q3 GDP Report

Related Posts

Tower shareholders nix new compensation policy

Tower shareholders nix new compensation policy

by FeeOnlyNews.com
July 7, 2026
0

The shareholders of Tower Semiconductor (TASE: TSEM; Nasdaq: TSEM) opposed the compensation policy proposed by the company at their...

Schroders to sell Benchmark to Söderberg & Partners

Schroders to sell Benchmark to Söderberg & Partners

by FeeOnlyNews.com
July 7, 2026
0

Schroders has agreed to sell Benchmark, its UK integrated financial advice business, to Söderberg & Partners. The transaction marks another...

TCS, Infosys and other Indian IT stocks rise up to 4% after AI worries trigger Kospi selloff

TCS, Infosys and other Indian IT stocks rise up to 4% after AI worries trigger Kospi selloff

by FeeOnlyNews.com
July 7, 2026
0

Indian IT stocks gained on Tuesday, with Infosys, TCS, Tech Mahindra and Mphasis rising up to 4%, even as Asian...

Microsoft Xbox layoffs: 20% of staff to go. We “didn’t focus on the core business,” CEO says.

Microsoft Xbox layoffs: 20% of staff to go. We “didn’t focus on the core business,” CEO says.

by FeeOnlyNews.com
July 7, 2026
0

Asha Sharma, CEO of Xbox, unveiled the largest restructuring in its history in what she described as a fundamental reset...

Graham Platner on the Ropes as Serious Allegation Surfaces

Graham Platner on the Ropes as Serious Allegation Surfaces

by FeeOnlyNews.com
July 7, 2026
0

Is Graham Platner finished? It looks that way. No sooner had the Senate candidate from Maine categorically denied a new...

Illegal Immigrants Caused Major Spike in Housing Prices: Fed Economists

Illegal Immigrants Caused Major Spike in Housing Prices: Fed Economists

by FeeOnlyNews.com
July 7, 2026
0

To the surprise of absolutely no one, the record-breaking number of illegal immigrants who poured into the US on President...

Next Post
January Fed Rate Cut Odds Fall to New Lows After Strong U.S. Q3 GDP Report

January Fed Rate Cut Odds Fall to New Lows After Strong U.S. Q3 GDP Report

8 social habits that quietly lower your status in other people’s eyes

8 social habits that quietly lower your status in other people's eyes

  • Trending
  • Comments
  • Latest
Entry-Level Rentals Are Disappearing—Here’s How Landlords Can Fill the Gap

Entry-Level Rentals Are Disappearing—Here’s How Landlords Can Fill the Gap

June 18, 2026
Trump reportedly pressed FDA chief to authorize mango and blueberry vapes after years of rejection

Trump reportedly pressed FDA chief to authorize mango and blueberry vapes after years of rejection

May 7, 2026
Iran war cost U.S. households ,000 each, top economist says

Iran war cost U.S. households $1,000 each, top economist says

July 1, 2026
House backs an emergency brake on elder fraud

House backs an emergency brake on elder fraud

June 26, 2026
Trump claims Iran deal is ‘unconditional surrender’: Axios

Trump claims Iran deal is ‘unconditional surrender’: Axios

June 18, 2026
Strait Outta Hormuz: Getting the Iran Oil Story Straight

Strait Outta Hormuz: Getting the Iran Oil Story Straight

June 12, 2026
Should Americans get an equity stake in AI?

Should Americans get an equity stake in AI?

0
A Mutual Sympathy of Sentiments

A Mutual Sympathy of Sentiments

0
bitFlyer USA expands to West Virginia, nears full US coverage

bitFlyer USA expands to West Virginia, nears full US coverage

0
What Canadian investors need to know about ETF closures

What Canadian investors need to know about ETF closures

0
ServiceNow (NOW): Nach dem 50%-Absturz formiert sich ein neues Signal!

ServiceNow (NOW): Nach dem 50%-Absturz formiert sich ein neues Signal!

0
Illegal Immigrants Caused Major Spike in Housing Prices: Fed Economists

Illegal Immigrants Caused Major Spike in Housing Prices: Fed Economists

0
Tower shareholders nix new compensation policy

Tower shareholders nix new compensation policy

July 7, 2026
ServiceNow (NOW): Nach dem 50%-Absturz formiert sich ein neues Signal!

ServiceNow (NOW): Nach dem 50%-Absturz formiert sich ein neues Signal!

July 7, 2026
Growing From Solo To Silo’ed Partnership To A .3B Enterprise Ensemble (Without Taking Outside Capital): #FASuccess Ep 497 With Shane Morrow

Growing From Solo To Silo’ed Partnership To A $3.3B Enterprise Ensemble (Without Taking Outside Capital): #FASuccess Ep 497 With Shane Morrow

July 7, 2026
Commercial Real Estate Is Quietly Setting Up for a Decade-Long Bull Run

Commercial Real Estate Is Quietly Setting Up for a Decade-Long Bull Run

July 7, 2026
Schroders to sell Benchmark to Söderberg & Partners

Schroders to sell Benchmark to Söderberg & Partners

July 7, 2026
10 Ways To Make  A Day Consistently

10 Ways To Make $50 A Day Consistently

July 7, 2026
FeeOnlyNews.com

Get the latest news and follow the coverage of Business & Financial News, Stock Market Updates, Analysis, and more from the trusted sources.

CATEGORIES

  • Business
  • Cryptocurrency
  • Economy
  • Financial Planning
  • Investing
  • Market Analysis
  • Markets
  • Money
  • Personal Finance
  • Startups
  • Stock Market
  • Trading

LATEST UPDATES

  • Tower shareholders nix new compensation policy
  • ServiceNow (NOW): Nach dem 50%-Absturz formiert sich ein neues Signal!
  • Growing From Solo To Silo’ed Partnership To A $3.3B Enterprise Ensemble (Without Taking Outside Capital): #FASuccess Ep 497 With Shane Morrow
  • Our Great Privacy Policy
  • Terms of Use, Legal Notices & Disclaimers
  • About Us
  • Contact Us

Copyright © 2022-2024 All Rights Reserved
See articles for original source and related links to external sites.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading

Copyright © 2022-2024 All Rights Reserved
See articles for original source and related links to external sites.