web analytics
December 22, 2025

Learn AI With Kesse | Best Place For AI News

We make artificial intelligence easy and fun to read. Get Updated AI News.

OpenAI Warns AI Browsers Could Be Perpetually Susceptible to Prompt Injection Attacks

2 hours ago Emmanuel Kesse
OpenAI says AI browsers may always be vulnerable to prompt injection attacks

Image Credits:OpenAI

Navigating the Challenges of Prompt Injections in AI Browsers

As OpenAI continues to strengthen its Atlas AI browser against the growing threat of cyberattacks, the company acknowledges a significant risk posed by prompt injections. These attacks manipulate AI agents into executing harmful instructions often hidden in web pages or emails, raising important questions about the safety of AI operations on the open web.

Understanding Prompt Injections

In a recent blog post, OpenAI described prompt injection as a challenge akin to online scams and social engineering. The company emphasized that prompt injection attacks are unlikely to be completely eradicated. With the launch of ChatGPT Atlas, OpenAI admitted that the introduction of features such as “agent mode” has expanded the potential security vulnerabilities.

The Launch of ChatGPT Atlas and Immediate Threats

OpenAI’s ChatGPT Atlas browser debuted in October, quickly attracting attention from security researchers. Reports emerged showcasing how brief prompts in platforms like Google Docs could alter the underlying behavior of the browser. Likewise, Brave published an article highlighting the systemic issue of indirect prompt injections affecting AI browsers like Perplexity’s Comet.

The risk of prompt-based injections is recognized beyond OpenAI. The U.K.’s National Cyber Security Centre recently issued a warning that such attacks on generative AI applications may never be fully mitigated, putting organizations at risk of data breaches. The agency advised cybersecurity professionals to focus on reducing the risk and impact of these attacks rather than assuming they can be completely stopped.

Long-term Security Challenges

OpenAI views prompt injection as a continual AI security challenge, emphasizing the necessity for ongoing enhancements to their defense mechanisms. In addressing this significant issue, OpenAI has implemented a proactive, rapid-response cycle. This approach aims to identify novel attack strategies internally before they are exploited externally.

This strategy aligns with insights from competitors like Anthropic and Google, who also advocate for layered defenses that undergo continuous stress-testing. Google, for instance, emphasizes architectural and policy-level controls to enhance the security of agentic systems.

Innovative Defense: LLM-Based Automated Attackers

OpenAI has taken an innovative approach by employing what it calls a “LLM-based automated attacker.” This bot is trained through reinforcement learning to adopt the role of a hacker, identifying potential pathways for injecting malicious instructions into AI agents. By simulating attacks, the bot can analyze how the target AI might behave when encountering a prompt injection. This allows it to refine its methods, increasing the chances of discovering flaws more rapidly than a real-world attacker.

Such tactics are common in AI safety testing; developing agents to identify and rapidly test edge cases helps in creating more robust systems.

Real-World Demonstrations and Security Updates

In a demonstration, OpenAI illustrated how its automated attacker managed to insert a malicious email into a user’s inbox. When the AI agent scanned the inbox, it inadvertently followed the hidden commands, sending a resignation message instead of drafting an out-of-office reply. However, following security updates, the “agent mode” was able to detect the prompt injection attempt and alert the user.

Although OpenAI admits that completely securing against prompt injections is challenging, the company is emphasizing large-scale testing and faster patch cycles to fortify its systems proactively.

Collaboration and External Insights

Despite significant efforts, OpenAI has not disclosed whether the updates to Atlas have resulted in a measurable reduction in successful injections. The spokesperson mentioned that the company has been collaborating with third parties to fortify Atlas against these vulnerabilities since before its launch.

Rami McCarthy, principal security researcher at Wiz, reiterated that while reinforcement learning can help adapt to evolving attacker behaviors, it is just one part of a broader security framework. He pointed out that a useful way to assess risk in AI systems is through the lens of autonomy multiplied by access.

The Balancing Act of Autonomy and Access

Agentic browsers present a challenging risk profile as they possess moderate autonomy while granting high access to sensitive data. Many recommendations focus on this trade-off. Limiting logged-in access can reduce exposure, while confirming requests helps to constrain autonomy.

OpenAI recommends that users actively manage their risk by limiting the commands they provide to agents. Specifically, rather than granting generalized access, users should give explicit instructions to reduce the chances of hidden or malicious content influencing the AI.

The Path Forward: Assessing Risk and Security Value

While OpenAI emphasizes that protecting Atlas users against prompt injections is a top priority, McCarthy expresses skepticism over the return on investment for browsers with inherent risks. He argues that for most everyday uses, the potential value of agentic browsers doesn’t currently outweigh their risks, especially given their access to sensitive information like emails and payment data.

Conclusion

Navigating the challenges posed by prompt injections in AI browsers remains a complex endeavor. As threats evolve, ongoing improvements in security protocols are essential for companies like OpenAI. The balance between autonomy and access will be crucial in shaping the future landscape of AI browsers. While security measures can be enhanced, users must also play a role in managing the risks associated with these advanced tools. As this technology continues to develop, businesses and individual users alike will need to weigh the benefits against the potential vulnerabilities inherent in AI-driven systems.

Thanks for reading. Please let us know your thoughts and ideas in the comment section down below.

Source link
#OpenAI #browsers #vulnerable #prompt #injection #attacks

About The Author

Emmanuel Kesse

See author's posts

Tags:

More Stories

Google's New T5, Anthropic's New BLOOM, NVIDIA Nemotron 3 and More Intense AI News 11

Google’s T5 Update, Anthropic’s BLOOM, NVIDIA’s Nemotron 3, and Latest AI Developments

5 hours ago Emmanuel Kesse
Splat's app uses AI to turn your photos into coloring pages for kids

Splat’s App Transforms Your Photos into Fun Coloring Pages for Children

9 hours ago Emmanuel Kesse
Meta is developing a new image and video model for a 2026 release, report says

Meta plans to launch a new image and video model by 2026.

16 hours ago Emmanuel Kesse

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

OpenAI says AI browsers may always be vulnerable to prompt injection attacks

OpenAI Warns AI Browsers Could Be Perpetually Susceptible to Prompt Injection Attacks

2 hours ago Emmanuel Kesse
Google's New T5, Anthropic's New BLOOM, NVIDIA Nemotron 3 and More Intense AI News 11

Google’s T5 Update, Anthropic’s BLOOM, NVIDIA’s Nemotron 3, and Latest AI Developments

5 hours ago Emmanuel Kesse
Splat's app uses AI to turn your photos into coloring pages for kids

Splat’s App Transforms Your Photos into Fun Coloring Pages for Children

9 hours ago Emmanuel Kesse
AI Chess Robot with Robotic Arm Electronic Computer Chess Board– 25 AI Levels, 1200+ Exercises, Endgame Trainer, Classic Game Replay, Voice Coaching, Lichess Integration

AI Chess Robot with Robotic Arm and Smart Board – 25 Levels, 1200+ Drills, Coaching

13 hours ago Blog Group Department
We use cookies to personalize content and ads and to primarily analyze our geo traffic sources. We also may share information about your use of our site with our social media, advertising, and analytics partners to improve your user experience. We respect your privacy and will never abuse your information. [ Privacy Policy ] View more
Cookies settings
Accept
Decline
Privacy & Cookie Policy
Privacy & Cookies policy
Cookies list
Cookie name Active

The content on this page governs our Privacy Policy. It describes how your personal information is collected, used, and shared when you visit or make a purchase from learnaiwithkesse.com (the "Site").

Kesseswebsites and Advertising owns Learn AI With Kesse and the website learnaiwithkesse.wiki. For the purpose of this Terms and Agreements [ we, us, I, our ] represents the owner of Learning AI With Kesse which is Kesseswebsites and Advertising. [ You, your, student and buyer ] represents you as the user and visitor of this site. Terms of Conditions, Terms of Service, Terms and Agreement and Terms of use shall be considered the same here. This website or site refers to https://learnaiwithkesse.com. You agree that the content of this Terms and Agreement may include Privacy Policy and Refund Policy. Products refer to physical or digital products. This includes eBooks, PDFs, and text or video courses. If there is anything on this page you do not understand you agree to reach out to us via email [ emmanuel@learnaiwithkesse.com ] for explanation before using any part of this site.

1. Personal Information We Collect

When you visit this Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. The primary purpose of this activity is to provide you a better user experience the next time you visit our again and also the data collection is for analytics study. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as "Device Information."

We collect Device Information using the following technologies:

"Cookies" are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. To comply with European Union's GDPR (General Data Protection Regulation), we do display a disclaimer a consent text at the bottom of this website. This disclaimer alerts you the visitor or user of this website about why we use cookies, and we also give you the option to accept or decline. If you accept for us to use cookies on your site, the agreement between you and us will expire after 180 has passed.

"Log files" track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

"Web beacons," "tags," and "pixels" are electronic files used to record information about how you browse the Site.

Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as "Order Information."

When we talk about "Personal Information" in this Privacy Policy, we are talking both about Device Information and Order Information.

Payment Information

Please note that we use 3rd party payment processing companies like https://stripe.com and https://paypal.com to process your payment information. PayPal and Stripe protects your data according to their terms and agreement and may store your data to help make your subsequent transactions on this website easier. We never and [ DO NOT ] store your card information or payment login information on our website or server. By making payment on our site, you agree to abide by the Terms and Agreement of the 3rd Party payment processing companies we use. You can visit their websites to read their Terms of Use and learn more about them.

2. How Do We Use Your Personal Information?

We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this [a] Order Information to:

[b] Communicate with you;

[c] Screen our orders for potential risk or fraud; and

When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services. We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).

3. Sharing Your Personal Information

We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use System.io to power our online store--you can read more about how Systeme.io uses your Personal Information here: https://systeme.io/privacy-policy/ . We may also use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

4. Behavioral Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt-out of targeted advertising by:

COMMON LINKS INCLUDE:

FACEBOOK - https://www.facebook.com/settings/?tab=ads

GOOGLE - https://www.google.com/settings/ads/anonymous

BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]

Additionally, you can opt-out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

5. Data Retention

Besides your card payment and payment login information, when you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information. Example of such information include your first name, last name, email and phone number.

6. Changes

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

7. Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at emmanuel@learnaiwithkesse.com or by mail using the details provided below:

8. Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

Last Update | 18th August 2024

Save settings
Cookies settings