OpenAI Admits Prompt Injection Risks Persist in AI-Powered Browsers
OpenAI has acknowledged that the risk of prompt injection attacks cannot be completely eliminated in artificial intelligence–powered browsers. In a recent blog post, the company said that despite strengthening the security of its ChatGPT Atlas browser, web-based prompt injection—where hidden instructions are used to mislead AI agents—will remain a long-term challenge. TechCrunch reported the development.
According to OpenAI, much like social engineering or online fraud, such attacks can never be fully “solved.” The company noted that the introduction of “agent mode” has further expanded the potential security risk surface.
Soon after the launch of Atlas in October, researchers demonstrated how hidden instructions embedded in documents or emails could manipulate the browser’s behavior, raising serious concerns about misuse.
To mitigate these risks, OpenAI said it is deploying rapid response–based updates, layered security defenses, and reinforcement learning–trained automated “AI attackers” designed to proactively identify vulnerabilities before they can be exploited.
However, experts have warned that risks remain when high-level access and automation are combined. OpenAI has therefore advised limiting user permissions and ensuring human confirmation for critical decisions to reduce potential harm.
DBTech/BMT/OR
