Subscribe

0

DATA & AI

Atlas AI browser: Are you safe, can AI browsers breach data?

Are you safe, can AI browsers breach your data? The traditional browser protection is based on the assumption that the browser displays content and the user takes action. Here are a few Risks you need to know about the Atlas AI browser.

author-image
Preeti Anand
New Update
Atlas-AI-browser1
Listen to this article
0.75x1x1.5x
00:00/ 00:00

Browsers were merely meant to be used in viewing websites and searching tabs. Things have changed with the launch of the ChatGPT Atlas browser created by OpenAI. Atlas is the first browser that has an AI assistant right at the heart of its experience not only will the browser navigate sites on its own, but it will also be able to work on your behalf. It implies that the attack surface varies as well. The traditional problems with browsers evolve into serious ones much more. This emerging wave of AI-based browser requires particular attention. 

The idea of openAI defines Atlas as a browser with ChatGPT integrated into it, where your assistant will keep track of your workflows on the web. The AI agent operates within context, histories and browser memory such that it can operate across tabs and across sessions. That design is ambitious, though it puts forth new vulnerabilities. The traditional browser protection is based on the assumption that the browser displays content and the user takes action. In Atlas the AI agent can represent you.

Risks you need to know about the Atlas AI browser

Here are a few risks you should be aware of.

Prompt injection and hidden commands

Prompt-injection vulnerabilities were found by security researchers practically right after the release of the browser. As an example, a custom-created string that looks as a URL can hold some concealed instructions which the AI agent will consider as a credible user intent. One of the tabs may appear harmless yet it could have some hidden code instructing the AI to access data via another tab, submit a form, or change into a logged-in session without your knowledge. This is not mere smart phishing. It is a deep structural risk.

Form interaction, autofill and multiple tabs

Because Atlas has a fill-in capability, data submission, web automatisation with multiple tabs and web automation across tabs, a single bad site can affect the behaviour of an agent in a different tab. A shopping site may induce the agent to open a bank tab and place a transfer. An evil version may take advantage of the agent privileges and your open-sessions. According to researchers, these agentic browsing vulnerabilities disintegrate the distinction between regular browsing and complete automation.

Memory, personalisation and side-effects

Atlas keeps a lot of information regarding your behaviour that your average browsers do: visits, searches, read content, likes. Although OpenAI mentions that the data will not automatically feed the model, the thing is that there is a large, centralised pool of personal data. Any hacker who hacks such a memory may learn a lot about your habits. And in case the business model changes, to the advertising one the data may become a gold mine.

Atlas AI browser: What you should do to mitigate these risks

The risks are higher in the case of organisations and serious users. Especially agent-enabled browsers such as Atlas are not a mere browser choice, but have potential to be vectors of data leakage, abuse of automation and credentials. In fact, scholars recommend companies to stay off such browsers until the architecture and security features are mature. The privileged sessions of your browser should be treated as a client-side automation engine that has all the permissions and audit capabilities when it is acting on behalf of you.

  • Use a separate standard browser to keep sensitive business (banking, enterprise portals) things.

  • In Atlas, agent/autofill features and memory-storage should be turned off in case you use Atlas.

  • Keep an eye on tab behaviour: once a site opens another tab with irrelevant information, it can be the indication of abuse.

  • It is advisable to update your software since the loopholes are new and developing.

  • Be transparent in the way your browser uses the memory of your behaviour in case you use it in a business environment.

Final word

ChatGPT Atlas is a new frontier in the evolution of web interaction but it has a very grave security cost. Once a browser is your agent, you have to raise your threat model. This is not merely a case of evil links or phishing, it is evil code within web content, cross-tab manipulation and artificial intelligence-based form submission. In the meantime, when the ecosystem is not mature and security measures are not in place, surfing an AI browser such as Atlas is walking on thin ice.