Read more at:
Traditional controls inadequate
AI browsers can autonomously navigate websites, fill out forms, and complete transactions while authenticated to web resources. As he and his colleagues wrote in their report, this makes the AI browsers susceptible to new cybersecurity risks, “such as indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and abuse of credentials if the AI browser is deceived into autonomously navigating to a phishing website.”
“Traditional controls are inadequate for the new risks introduced by AI browsers, and solutions are only beginning to emerge,” Mirolyubov said. “A major gap exists in inspecting multi-modal communications with browsers, including voice commands to AI browsers.”
Prompt injection remains a particular concern, OpenAI CISO Dane Stuckey acknowledged in a post to X, formerly Twitter, the day after ChatGPT Atlas’s launch: “Prompt injection remains a frontier, unsolved security problem, and our adversaries will spend significant time and resources to find ways to make ChatGPT agents fall for these attacks.”
