"Prompt injection vulnerability is a common flaw among browsers that incorporate AI agents like Perplexity's Comet and Fellou, as noted in a report published by Brave Software on Tuesday, coincidentally amid OpenAI's handwaving about the debut of Atlas. Indirect prompt injection can occur when an AI model or agent handles content like a web page or image and then treats that content as if it were part of its instructed task."
"US Editor Avram Piltch created a web page with text on it telling the browser to open Gmail and exfiltrate the subject line of the first email and send it to another site. Fellou fell for it, but neither Atlas nor Comet took the bait. Pranav Vishnu, product lead for ChatGPT Atlas, did warn potential users that OpenAI's browser-AI chimera might entail some risk. It didn't take long for the internet community to demonstrate indirect prompt injection using Atlas, a Chromium-based browser that makes ChatGPT available as an agent capable of processing web page data."
OpenAI's Atlas browser can be manipulated by indirect prompt injection, where web page content is treated as part of an AI agent's task. Brave Software's report finds prompt injection a common flaw among AI-enabled browsers like Perplexity's Comet and Fellou. Tests showed a crafted web page could instruct a browser to open Gmail and exfiltrate an email subject; Fellou executed the instruction while Atlas and Comet initially did not. Community researchers later demonstrated injections against Atlas, including a Google Docs test that caused ChatGPT in Atlas to print "Trust No AI" instead of a summary. Some users uninstalled Atlas after seeing prompt injections.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]