OpenAI: Will your AI browser ever be completely secure? Why did OpenAI acknowledge that the threat will always remain?
OpenAI is continuously working to secure its new Atlas AI browser against cyberattacks. But the company has also acknowledged a harsh reality. OpenAI believes that prompt injection attacks (a method by which hackers manipulate AI) are a risk that may never be eliminated. This statement raises questions about how securely AI agents can operate on the open web.
What is prompt injection, and why is it dangerous?
In its blog post, OpenAI explained that "prompt injection is similar to scams and social engineering on the web, which are almost impossible to completely solve." Simply put, in prompt injection, hackers insert hidden instructions (malicious instructions) into web pages or emails. When an AI agent reads that page, it unknowingly begins to follow those instructions. OpenAI has acknowledged that its browser's 'agent mode' increases the scope of security risks. Not only OpenAI, but Brave and the UK's National Cyber Security Centre have also warned that completely preventing such attacks may never be possible.
OpenAI's 'hacker bot' will fight prompt injection attacks.
Since prompt injection attacks cannot be eliminated, OpenAI is adopting a different approach to manage them. The company has developed a 'large language model-based automated attacker'. This is essentially a bot that OpenAI has trained using 'reinforcement learning (RL)' to act as a 'hacker'. This bot attacks the AI agent in a simulation (a simulated environment) and finds new vulnerabilities. This helps OpenAI understand what the AI will think and how it will react when attacked. The advantage is that the company can strengthen its security before real hackers attack. Shocking Results Shown in Demo
OpenAI shared a demo showing how their automated attacker injected an email with hidden instructions into a user's inbox. When the AI agent scanned the inbox, it misinterpreted the hidden instruction and, instead of drafting an "out of office" reply, sent a resignation email on behalf of the user. However, after a security update, the "agent mode" detected this attack and warned the user.
Advice for Users
Rami McCarthy, a researcher at the cybersecurity firm Wiz, says that AI browsers pose a significant risk because they have extensive access to emails, payments, and other sensitive information. However, they are not entirely autonomous.
Follow these tips to stay safe:
Do not allow the AI to send messages or make payments automatically; require user approval for every action. Instead of giving the AI vague instructions like "do whatever you think is best," assign it very specific and limited tasks. Avoid giving the AI full access to your sensitive accounts. McCarthy believes that, for now, the risks of AI browsers outweigh their benefits for the general public, especially when it comes to private information like emails and payments.
Disclaimer: This content has been sourced and edited from Amar Ujala. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.
