- All agentic AI browsers are sensitive to indirect prompt injections
- Only use agent navigation when you are not handling sensitive information
- We may need to rethink how browsers work and how we use them
Just days after OpenAI released Atlas, its version of the web browser, the company is struggling to maintain its reputation in the face of security concerns.
The Chromium-based browser, which has a built-in AI agent for web navigation and automation, was found to be vulnerable to indirect prompt injection, meaning malicious commands can be hidden in web content to manipulate the agent’s functionality.
As a result, cybercriminals could modify browser behavior without having to directly address OpenAI technology, and users could be vulnerable to data leaks.
OpenAI Atlas could be vulnerable to attacks
The warning comes from a new report from Brave – but it’s not just Atlas that could face these challenges, but rather any AI browser, including Perplexity’s Comet.
“AI-based browsers that can take actions on your behalf are powerful but extremely risky,” the researchers wrote.
Brave explained that the main problem comes from the fact that AI browsers not only use trusted user input, but also have to use untrusted web content to form prompts. Even malicious comments on sites like Reddit can trigger actions with unintended consequences.
In the meantime, Brave recommends separating normal browsing from agentic browsing through browsers like Atlas, Comet, and Fellou, using them only when beneficial or necessary.
It’s probably best to keep sessions dealing with sensitive information, like banking and communications, in your regular browser.
Brave researchers also noted that, where possible, users should configure AI to require explicit user confirmation before performing autonomous tasks.
However, the problem appears to be much larger. “Indirect prompt injection is not an isolated problem, but a systemic challenge facing the entire AI browser category,” the researchers wrote.
Brave promises to provide longer-term solutions for users to maintain maximum security in the future, but it’s clear that a complete overhaul of how browsers work and how we interact with them may be necessary.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
The best antivirus for every budget
