If you have switched to Atlas, OpenAI's browser, you have a huge security gap on your computer

The newly launched Atlas web browser from OpenAI has been affected by a command injection attack that allows attackers to disguise malicious instructions as innocent URLs. According to a report from NeuralTrust, this vulnerability resides in the browser’s omnibox, which interprets user input both as a URL to navigate to and as a natural language command for the artificial intelligence agent.

A problem of enormous magnitude

Attackers can manipulate the omnibox by creating malformed URLs that start with “https” and contain domain text, followed by instructions that can execute harmful commands. If an unsuspecting user enters this misleading string into the omnibox, the browser may treat it as a high-trust command, allowing harmful actions, such as redirecting the victim to phishing pages or even deleting files from connected applications like Google Drive.

The CISO of OpenAI, Dane Stuckey, has acknowledged that command injection is an unresolved security issue that requires ongoing attention. Despite the company implementing training techniques and additional security measures to mitigate these risks, the challenge persists and could allow malicious actors to devise innovative ways to exploit this vulnerability.

Additionally, SquareX Labs has warned about a technique known as “AI sidebar sabotage,” which allows attackers to create malicious extensions to steal data or deceive users. This attack is triggered when commands are entered into a fake sidebar, highlighting how command injections are a growing concern in the security of browsers and artificial intelligence assistants.

The industry is recognizing command injection as a critical security issue. Companies like Perplexity and Brave have also reported the susceptibility of their browsers to these attacks, which indicates a fundamental shift in how security should be addressed in the field of artificial intelligence.

ChatGPT DOWNLOAD