https://layerxsecurity.com/blog/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser
Security researchers have identified critical vulnerabilities in OpenAI’s newly launched Atlas web browser, raising concerns about the risks of early adoption of such AI-powered software. The findings, published by security vendor LayerX, highlight the need for heightened scrutiny when it comes to the security of emerging technologies.
The researchers have discovered that threat actors can exploit cross-site request forgery (CSRF) vulnerabilities in Atlas to inject malicious instructions that can persistently taint the memories of the browser’s ChatGPT chatbot integration. This, in turn, allows for the remote execution of code, potentially granting attackers access to users’ systems, sensitive data, or the ability to deploy malware.
Furthermore, the researchers found that Atlas lacks meaningful anti-phishing protections, making its users up to 90% more vulnerable to such attacks compared to users of traditional browsers like Google Chrome. In their testing, LayerX found that Atlas allowed 97% of the in-the-wild attacks to go through, in contrast to Microsoft Edge and Google Chrome, which prevented 53% and 47% of the threats, respectively.
OpenAI has acknowledged the issue of prompt injection as an unresolved security problem, and has advised users to exercise caution when using Atlas, especially with regulated, confidential, or production data. The company has also clarified that the browser is currently in beta for business and enterprise customers, and that essential security and compliance features are not yet supported.