Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ChatGPT Atlas It’s an AI-powered web browser that can book travel, order groceries, or do research, all on your behalf. OpenAI says it’s like having a personal agent built into your web browser. This is what worries security experts.
As great as AI systems are, they’re also imperfect. from Hallucinations to flatterAI can often get things wrong. Handing over web browser keys to AI creates a host of other potential problems, including injection attacks, clipboard attacks, and a simple inability to understand that some sites are spam.
“Atlas is showing the same early-stage issues we’ve seen across other proxy-style browsers,” said Rob T. Lee, head of research and chief artificial intelligence officer at the SANS Institute, a collaborative cybersecurity training and education organization. “There have been successful rapid injection and redirection tests. To their credit, OpenAI moved quickly to address the reports.”
Don’t miss any of our unbiased technical content and lab reviews. Add CNET As Google’s preferred source.
The release of AI Atlas is an early shot in the emerging browser war. Other participants in this space include Perplexity CometGoogle’s inclusion Gemini in Chrome and Copilot mode in Microsoft Edge. For the major players at big tech companies, gaining any kind of upper hand in the web browser space gives them critical user data, which they can use to either better improve their products or sell targeted ads for. This is especially important for OpenAI, which has allocated billions of dollars to developing AI infrastructure while showing limited ability to generate revenue, let alone profit. The company is looking forward to all ways, Including advertisingto raise revenues, in addition to allowing Generating textual content for adults.
(Disclosure: Ziff Davis, CNET’s parent company, in April filed a lawsuit against OpenAI, alleging that it infringed Ziff Davis’s copyrights in training and operating its AI systems.)
In the case of OpenAI, the AI-powered web browser gaining popularity means turning people away from Chrome, which is currently the most popular web browser in the world with a 73% market share, according to Global statistics. ChatGPT Atlas can expand the OpenAI ecosystem. While ChatGPT has become the umbrella term for AI-powered chatbots, for Atlas to achieve mass adoption in both the consumer and enterprise space, OpenAI will need to ensure its browser is as secure and trustworthy as Chrome.
Instant injections, clipboard attacks, and more
Instantaneous injection attacks It is the vulnerability most commonly associated with AI-powered web browsers. It is a type of exploit where bad actors intentionally place malicious instructions on an AI agent’s website. The text is invisible, hidden from the user. But since AI can analyze all the content on the site, it absorbs instructions and ignores safety guidelines. Bad instructions can lead the AI to leak sensitive information, change system settings, or take other malicious actions.
“There’s also this broader consumer interest here, where it’s about these kind of ubiquitous computer vision components that are connected to every aspect of your web browsing,” said Simon Bolton, executive vice president of innovation and growth at marketing agency Tinuiti. Bolton worries that consumers won’t understand how their information is stored and how persistent that information is within AI.
This leads to another concern for Bolton: effective compliance. As users become more accustomed to AI systems, they begin to let go of doubts and give the AI more control. He equates it to riding in a Waymo self-driving car for the first time. At first, the customer may watch closely and make sure the car is behaving normally. But after ten minutes, they’ll switch to browsing on their phones.
The problem is that AI systems are not perfect. When testing Perplexity’s Comet, Bolton saw that the browser began entering his password into the email address field when logging into a site. He managed to spot it, but it shows how AI systems can mishandle sensitive information.
A lesser-known vulnerability is the copy-to-clipboard attack. This happens when a bad actor instructs the AI to copy a malicious link to a person’s clipboard. If a person is not paying attention, they may accidentally paste the link into their web browser and direct themselves to a bad website. It is these instances of inattention that can lead to major weaknesses.
“One of the biggest risks of using LLMs as interfaces to the Internet is how people may not understand their limitations and thus use them inappropriately,” said Serena Booth, a professor of computer science at Brown University.
Booth notes that LLM holders are more likely to be used as therapists, even though these systems are not set up for this type of help. “I’m sure this browser will have hallucinations as well, which could hurt people who don’t manage this effectively,” Booth said. “OpenAI should feel a great responsibility to educate users on how to use their software appropriately.”
When asked for comment, OpenAI pointed to the recent publication Blog post Regarding instant injection attacks.
“Defending against instantaneous injections is a challenge across the AI industry and a primary focus at OpenAI,” according to the blog post. “While we expect adversaries to continue to develop such attacks, we are building defenses designed to carry out the user’s intended task even when someone is trying to mislead them.”
OpenAI says it is training AI models to call Instruction hierarchy It aims to distinguish between reliable and unreliable instructions. It has also developed several AI-powered “monitors” that can identify and prevent flash injection attacks. Atlas hands over control to the user when they are on sensitive sites, such as online shopping services. OpenAI said it also uses red teaming (when security teams simulate real-world attacks, pitting hackers against defenders) with internal and external teams and offers… reward For people who find errors. Average pay is $784.
Be careful with AI browsers at work
Despite the risks, there is pressure on employees to adopt AI systems. With the release of ChatGPT Atlas, 27.7% of organizations have at least one person downloading an AI-powered web browserAccording to data security company Cyberhaven. IT professionals will likely download the browser to test it, but the risk of employees using proxy browsers at work is still high.
“Proxy browsers can streamline and automate the worst possible attacks to steal highly sensitive data about customers, individuals, patients, sensitive product designs and highly structured data with national security implications,” said Nishant Doshi, CEO of Cyberhaven.
This risk is not limited to ChatGPT Atlas, and since AI browsers can act on an employee’s behalf, using their credentials to navigate company tools, there need to be guardrails, Doshi said.
Existing AI and IT security tools are often unable to determine whether data is sensitive or its source. “Without this important context, they cannot accurately determine whether a particular piece of data is sensitive or not,” Doshi said. “Combining this major weakness with the great power of proxy browsers to automate work, you have an incident waiting to happen.”
Should I use ChatGPT Atlas or not?
For individuals, it should be okay to use ChatGPT Atlas, as long as you’re aware of its limitations, according to Lee of the SANS Institute. He recommends avoiding syncing Atlas with these systems or sharing it directly with “financial, medical, or sensitive information” and disabling unnecessary permissions.
However, at work, it is best to proceed with caution. ChatGPT Atlas should be used in testing environments with limited network access, experts said. It’s also important to track all activities and integrate them into a company’s AI governance framework early, Lee said.
The bigger question is whether you need ChatGPT Atlas. Although the capabilities are great, if you have to constantly monitor it to make sure it’s doing things right, is it really worth it? You’re probably familiar enough with the Internet to do things yourself, even if it requires you to use a few extra synapses in your brain.
“It’s very difficult to explain why anyone would use this now,” said Bolton, who believes he can click through to sites faster. “It’s a novelty factor. But where does the ease of the actual consumer experience come from? It doesn’t change. It doesn’t create any value for me.”
TL;DR
Consumers can use ChatGPT Atlas, just proceed with caution. Do not use it on business computers without IT department approval as there may be some vulnerabilities. When using it, monitor how it uses sensitive information, such as passwords, to navigate sites and accomplish tasks. To be safe, maybe avoid banking or other sensitive sites.