- OpenAI says that rapid injection attacks cannot be completely eliminated, only mitigated
- Malicious messages hidden on websites can trick AI browsers into exfiltrating data or installing malware
- OpenAI’s rapid response loop uses adversarial training and automated discovery to harden defenses
OpenAI has argued that while AI browsers may never be fully protected against rapid injection attacks, that doesn’t mean the industry should simply give up on the idea or admit defeat to the fraudsters — there are ways to harden the products.
The company published a new blog post discussing cybersecurity risks in its AI-powered browser, Atlas, in which it shared the somewhat bleak outlook.
“Prompt injection, like online fraud and social engineering, is unlikely to ever be fully ‘solved,'” the blog says. “However, we are optimistic that a proactive, highly responsive rapid response loop can continue to significantly reduce real-world risk over time. By combining automated attack detection with adversarial training and system-level security measures, we can identify new attack patterns earlier, close gaps faster, and continuously increase the cost of exploitation.”
Fast response loop
So what exactly is a rapid injection and what is this “rapid response loop” approach?
Quick injection is a type of attack where a malicious prompt is “injected” into the victim’s AI agent without their knowledge or consent.
For example, an AI browser might be allowed to read all the content on a website. If the site is malicious (or hijacked) and contains a hidden prompt (white letters on a white background, for example), the AI can act on it without the user ever noticing.
This prompt can be various things, from exfiltrating sensitive files to downloading and running malicious browser add-ons.
OpenAI wants to fight fire with fire, it seems. It created a bot, trained through reinforcement learning, and let it be the hacker looking for ways in. It pits that bot against an AI defender, who then go back and forth trying to outwit each other. The end result is the AI defender capable of spotting most attacking techniques.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
