OpenAI’s ChatGPT Atlas, a new AI-powered web browser, promises smarter, faster browsing. It can remember searches, suggest actions, and complete tasks for users. But cybersecurity experts are warning about potential privacy and security risks in AI-driven browsing.
How ChatGPT Atlas Works?
Unveiled on October 21, ChatGPT Atlas integrates directly with ChatGPT. Users can open a sidebar to ask questions about webpages or deploy an AI agent to handle tasks like booking appointments or planning events.
Less than a day after its launch, experts raised concerns about prompt injection attacks — a new vulnerability unique to AI-powered browsers.
What Makes AI Browsers Risky?
AI browsers access more user data than traditional ones. They remember searches, past actions, and often require access to logged-in sessions. This personalization improves convenience but could expose sensitive information.
Experts warn that AI agents can be tricked into leaking private data. Similar vulnerabilities were spotted earlier in Perplexity’s Comet browser.
How AI Browser Agents Can Be Hijacked?
Security researchers at Brave explained that attackers can hide malicious instructions in webpage content. This could include:
Hidden Commands
Hackers embed invisible instructions using white text, HTML comments, or hidden elements. These can appear in Reddit posts or Facebook comments.
User Asks AI to Summarise Page
When a user asks the AI to summarise, the agent crawls the entire content.
AI Follows Malicious Instructions
The agent cannot distinguish between legitimate content and hidden commands, executing both.
Sensitive Data Gets Exposed
The AI may visit banking websites, steal stored passwords, or capture 2FA codes.
“The root problem is that AI browser agents do not distinguish between the content it should summarise and the instructions it should not follow,” researchers noted.
Who Is Affected?
Both ChatGPT Atlas and Perplexity Comet admitted potential vulnerability. Brave discovered the flaw in Comet. No real-world attacks have been reported yet. Perplexity has made fixes to separate user instructions from webpage content.
Ensuring Safety in the Age of AI Browsers
AI browsers mark a shift in how people explore the web. Instead of typing queries, users now rely on AI agents to summarise and act on information.
While convenient, this introduces new security challenges. As AI browsers evolve, transparency, privacy, and safeguards will be crucial to protect users.
AI is redefining browsing — but innovation must never compromise security and privacy.
