Conventional controls insufficient
AI browsers can autonomously navigate web sites, fill out varieties, and full transactions whereas authenticated to internet sources. As he and his colleagues wrote of their report, this makes the AI browsers vulnerable to new cybersecurity dangers, “equivalent to oblique prompt-injection-induced rogue agent actions, inaccurate reasoning-driven inaccurate agent actions, and additional loss and abuse of credentials if the AI browser is deceived into autonomously navigating to a phishing web site.”
“Conventional controls are insufficient for the brand new dangers launched by AI browsers, and options are solely starting to emerge,” Mirolyubov mentioned. “A serious hole exists in inspecting multi-modal communications with browsers, together with voice instructions to AI browsers.”
Immediate injection stays a selected concern, OpenAI CISO Dane Stuckey acknowledged in a submit to X, previously Twitter, the day after ChatGPT Atlas’s launch: “Immediate injection stays a frontier, unsolved security downside, and our adversaries will spend vital time and sources to search out methods to make ChatGPT brokers fall for these assaults.”
