- All agentic AI browsers are susceptible to indirect prompt injections
- Only use agent browsing when you are not handling sensitive information
- We might have to rethink how browsers work and how we use them
Just days after OpenAI released Atlas, its take on the web browser, the company is struggling to maintain its reputation due to security concerns.
The Chromium-based browser, which has a built-in AI agent for web navigation and automation, has been found vulnerable to indirect prompt injection, which means malicious commands can be hidden in web content to manipulate the agent’s functions.
As a result, cybercriminals could change browser behavior without directly addressing OpenAI’s technology, and users could be susceptible to data leaks.
OpenAI’s Atlas may be vulnerable to attack
The warning comes from a new report from Brave – but it’s not just Atlas that could face these challenges, but rather any AI browser, including Perplexity’s Comet.
“AI-powered browsers that can take actions on your behalf are powerful, yet extremely risky,” the researchers wrote.
Brave explained that the core problem stems from the fact that AI browsers not only use reliable user input, but also have to use untrusted web content to form prompts. Even malicious comments on sites like Reddit can trigger actions with unintended consequences.
In the meantime, Brave recommends separating normal browsing from agent browsing through browsers like Atlas, Comet, and Fellou, and only using them when beneficial or necessary.
Sessions that handle sensitive information, such as banking and communications, are probably best kept in your regular browser.
Brave’s researchers also noted that, where possible, users should configure AI to require explicit user confirmation before performing autonomous tasks.
Nevertheless, the problem appears to be a much broader one. “Indirect rapid injection is not an isolated problem, but a systemic challenge facing the entire category of AI-powered browsers,” the researchers wrote.
Brave promises to bring more long-term solutions to users to maintain maximum security going forward, but it’s clear that a total overhaul of how browsers work and how we interact with them could be necessary.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
The best antivirus for all budgets
