"OpenAI is automating the process of testing ChatGPT Atlas, its agentic web browser, for vulnerabilities that could harm users. At the same time, the company acknowledges that the nature of this new type of browser likely means it will never be completely protected from certain kinds of attacks. The company published a blog post on Tuesday describing its latest effort to secure Atlas against prompt injection attacks, in which malicious third parties covertly slip instructions to the agent behind the browser, causing it to act against the user's interests; think of it like a digital virus that temporarily takes control of a host."
""We expect adversaries to keep adapting," the company writes in the blog post. "Prompt injection, much like scams and social engineering on the web, is unlikely to ever be fully 'solved'. But we're optimistic that a proactive, highly responsive rapid response loop can continue to materially reduce real-world risk over time.""
OpenAI built an automated attacker to probe ChatGPT Atlas for prompt injection vulnerabilities by simulating human-hacker behavior. The automated red teaming accelerates exploration of the browser's security surface and helps researchers find covert instruction paths that could make the agent act against a user's interests. Agentic web browsers must interpret and execute web-provided instructions, creating inherent attack vectors that are difficult to eliminate. OpenAI acknowledges that prompt injection and related social-engineering attacks are unlikely to be fully solved and plans to rely on proactive, rapid-response defenses to reduce real-world risk over time.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]