OpenAI releases ChatGPT Atlas, the web browser you can chat with?

[Free]

You know a company is really onto something when they make a big announcement with a long product video showing a bunch of tech guys sitting on a couch hovering over a laptop.



ChatGPT Atlas (the name...) is on MacOS only for now. Soon to take over the rest of the computing world!

 

[Free]

Questions, questions.

OpenAI's New Browser Raises 'Insurmountably High' Security Concerns

You can't say they aren't innovating.

gizmodo.com

Yesterday, OpenAI launched its ChatGPT Atlas browser—a supposedly reimagined web browser that actually looks a lot more like a forked version of Chromium with a chatbot bolted on—in an effort to redefine the way that people navigate the internet. It’s not clear that it’ll accomplish that, but it has been innovative in one way already: It’s launched a whole new set of concerns about online privacy and security.

 

[Dakota Tebaldi]

You know a company is really onto something when they make a big announcement with a long product video showing a bunch of tech guys sitting on a couch hovering over a laptop.



ChatGPT Atlas (the name...) is on MacOS only for now. Soon to take over the rest of the computing world!

actually looks a lot more like a forked version of Chromium with a chatbot bolted on

lol, so this is just Microsoft Edge with Copilot which already exists

 

[Free]

OpenAI defends Atlas as prompt injection attacks surface

: 'Trust no AI' says one researcher

www.theregister.com

OpenAI's brand new Atlas browser is more than willing to follow commands maliciously embedded in a web page, an attack type known as indirect prompt injection.

Prompt injection vulnerability is a common flaw among browsers that incorporate AI agents like Perplexity's Comet and Fellou, as noted in a report published by Brave Software on Tuesday, coincidentally amid OpenAI's handwaving about the debut of Atlas.

Indirect prompt injection can occur when an AI model or agent handles content like a web page or image and then treats that content as if it were part of its instructed task. Direct prompt injection refers to instructions entered directly into a model's input box that bypass or override existing system instructions.

"What we've found confirms our initial concerns: indirect prompt injection is not an isolated issue, but a systemic challenge facing the entire category of AI-powered browsers," Artem Chaikin, senior mobile security engineer for Brave, and Shivan Kaul Sahib, VP of privacy and security, wrote in their post.

Pranav Vishnu, product lead for ChatGPT Atlas, did warn potential users that OpenAI's browser-AI chimera might entail some risk.

Security, thy name is NOT OpenAI.

 

[Free]

Continuing security issues with Atlas.

OpenAI Atlas Browser tripped up by malformed URLs

: NeuralTrust shows how agentic browser can interpret bogus links as trusted user commands

www.theregister.com

NeuralTrust found that Atlas's "omnibox" (where URLs or search terms are entered) has potential vulnerabilities. "We've identified a prompt injection technique that disguises malicious instructions to look like a URL, but that Atlas treats as high-trust 'user intent' text, enabling harmful actions," the researchers said.

The problem comes from how Atlas treats input in the omnibox. It might be a URL or a natural-language command to the agent. In NeuralTrust's example, what appears to be a standard URL is deliberately malformed, so it is treated as plain text. Then some natural language follows, sending Atlas off somewhere unexpected.

"The core failure mode in agentic browsers is the lack of strict boundaries between trusted user input and untrusted content," the researchers said.

 

[Free]

A web browser that avoids parts of the web due to legal problems. That sounds useful.

ChatGPT's Browser Bot Seems to Avoid New York Times Links Like a Rat Who Got Electrocuted

Atlas appears to have journeyed far from litigious publications, favoring a safer, more AI-friendly path to the end of its little rat maze.

gizmodo.com

AI-powered browsers like ChatGPT Atlas aren’t just browsers with little ChatGPT picture-in-picture boxes off to the side answering questions. They also have “agentic capabilities,” meaning they can theoretically carry out tasks like buying airline tickets and making hotel reservations (Atlas hasn’t exactly gotten rave reviews as a travel agent). But what happens when the little web-crawling bot that does these tasks senses danger?

The danger we’re talking about is not to the user, but to the browser’s parent company. According to an investigation by Aisvarya Chandrasekar and Klaudia Jaźwińska of the Columbia Journalism Review, when Atlas is in agent mode, running all over the internet gobbling up information for you, it will take great pains to avoid certain sources of information. Some of that shyness appears to be connected to the fact that those sources of information belong to companies that are suing OpenAI.