OpenAI says that it is working hard to make its Atlas AI browser safer , as experts warn about the prompt injection attacks. The worst part is that it’s very hard to stop such attacks. They hide harmful instructions in emails or web pages and trick AI agents into doing the wrong thing. The tech giant says that the problem will not disappear completely.

AI browsers are at risk of prompt injection attacks

OpenAI had launched its new AI browser, the ChatGPT Atlas , back in October this year. However, soon after the launch, security researchers showed how a few hidden words in a document or email could change the browser’s behaviour. OpenAI also admitted that the agent mode of the browser could increase security risks. This is primarily because of the fact that AI can control the system on the user’s behalf.

Other companies across the globe agreed that it is not just OpenAI’s problem. Brave, one of the most popular browsers, also warned that prompt injection could affect many AI browsers. Other tech giants, such as Anthropic and Google , say that these attacks are long-term issues. To make it even worse, the National Cyber Security Centre of the UK says that prompt injection attacks may never be fully prevented.

Damage control is the only solution to the attack

The UK’s research centre further advises companies to focus on limiting damage instead of trying to stop prompt injection completely. OpenAI says that its shield against such attacks is faster testing and quicker updates.

To further solve the problem, the firm has developed an AI model that’s trained using reinforcement learning to act like a hacker. It continuously looks for ways to trick AI agents and tests attacks in simulations. This helps the company fix or prevent the attack before a real attacker can use it. OpenAI further says that the system has already flagged new attack methods that human testers missed.

Moreover, it’s not all about the browsers and the tech companies. The user behavior also matters a lot. Wiz researcher Rami McCarthy explains that the risk of such attacks will grow further when the AI has more freedom and access to users’ sensitive data.