- All browser AI agents are susceptible to immediate indirect injections
- Use agent navigation only when you are not handling sensitive information
- We might need to rethink how browsers work and how we use them
Just days after OpenAI launched Atlas, its version of the web browser, the company is struggling to maintain its reputation amid security concerns.
The Chromium-based browser, which has a built-in AI agent for web browsing and automation, has been found to be vulnerable to indirect injection, meaning that malicious commands can be hidden within web content to manipulate the agent’s functions.
As a result, cybercriminals could alter browser behavior without having to directly address OpenAI technology, and users could be susceptible to data leaks.
OpenAI’s Atlas could be vulnerable to attacks
The warning comes from a new report from Brave, but it’s not just Atlas that could face these challenges, but any AI browser, including Perplexity’s Comet.
“AI-powered browsers that can take actions on your behalf are powerful but extremely risky,” the researchers wrote.
Brave explained that the core problem arises from the fact that AI browsers not only use input from trusted users, but must also use untrusted web content to generate messages. Even malicious comments on sites like Reddit could trigger actions with unintended consequences.
In the meantime, Brave recommends separating normal browsing from agent browsing through browsers like Atlas, Comet, and Fellou, using them only when beneficial or necessary.
It’s probably best to keep sessions that handle sensitive information, such as banking and communications, in your regular browser.
Brave researchers also noted that, where possible, users should configure AI to require explicit confirmation from the user before performing autonomous tasks.
However, the problem appears to be much broader. “Indirect fast injection is not an isolated problem, but rather a systemic challenge facing the entire category of AI-powered browsers,” the researchers wrote.
Brave promises to provide long-term solutions to keep users as secure as possible into the future, but it’s clear that a complete overhaul of how browsers work and how we interact with them may be necessary.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
The best antivirus for all budgets
