"OpenAI states that prompt injection will probably never disappear completely, but that a proactive and rapid response can significantly reduce the risk. The company reported this in an explanation of its security approach to AI agents such as ChatGPT Atlas. According to OpenAI, this is a structural challenge within AI security, comparable to online fraud and social engineering, in which attackers continue to adapt to new defensive measures. The company therefore expects to continue working actively on this for years to come."
"This assessment is not unique. According to TechCrunch, the UK's National Cyber Security Centre also recently warned that prompt injection attacks on generative AI may never be completely preventable. The British cyber authority advises organizations to focus on limiting risk and impact, rather than expecting the problem to be completely solved. This positions prompt injection as a fundamental challenge for AI systems operating on the open web."
"For browser-based agents such as ChatGPT Atlas, this means an additional layer of threat on top of existing web security risks. The agent can independently open web pages, read emails, and perform actions. A malicious email with hidden instructions can therefore become part of a workflow without being noticed, for example when a user asks to process or summarize emails. This can lead to data leaks or other undesirable actions."
OpenAI expects prompt injection to probably never disappear completely but says proactive, rapid responses can significantly reduce risk. The problem is framed as a structural AI security challenge, comparable to online fraud and social engineering, with attackers adapting to defenses. The UK's National Cyber Security Centre similarly warns that prompt injection on generative AI may never be fully preventable and advises focusing on limiting risk and impact. Prompt injection hides malicious instructions in content processed by agents, causing them to follow attacker interests. Browser-based agents increase the attack surface by opening pages, reading emails, and performing actions, risking data leaks.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]