- OpenAI says fast injection attacks cannot be completely eliminated, only mitigated
- Malicious prompts hidden in websites can trick AI browsers into extracting data or installing malware
- OpenAI’s rapid response cycle uses adversarial training and automated discovery to strengthen defenses
OpenAI has stated that while AI browsers may never be fully protected against rapid injection attacks, that doesn’t mean the industry should simply give up on the idea or admit defeat to fraudsters: there are ways to protect products.
The company published a new blog post about cybersecurity risks in its AI-powered browser, Atlas, in which it shared a somewhat bleak outlook.
“It is unlikely that rapid injection, like scams and social engineering on the web, will ever be completely ‘solved’,” the blog reads. “But we are optimistic that a highly responsive, proactive rapid response cycle can continue to materially reduce real-world risk over time. By combining automated attack discovery with adversary training and system-level safeguards, we can identify new attack patterns sooner, close gaps faster, and continually increase the cost of exploitation.”
Quick response loop
So what exactly is rapid injection and what is this “rapid response loop” approach?
Immediate injection is a type of attack in which a malicious cue is “injected” into the victim’s AI agent without their knowledge or consent.
For example, an AI browser could be allowed to read the entire content of a website. If that website is malicious (or hijacked) and contains a hidden message (white letters on a white background, for example), the AI could act accordingly without the user realizing it.
That message could be different things, from leaking sensitive files to downloading and running malicious browser add-ons.
It seems that OpenAI wants to fight fire with fire. He created a robot, trained it through reinforcement learning, and let the hacker be the one to find ways in. It pits that robot against an AI defender who then goes back and forth, trying to outwit each other. The end result is an AI defender capable of detecting most attack techniques.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
