OpenAI’s Atlas browser and others can be tricked by manipulated web content
As AI browser agents enter the market promising to help people shop, hire employees or assist with other online tasks, security researchers are warning that the information these programs collect from the internet can be manipulated and corrupted without anyone ever realizing it.
In new research shared exclusively with CyberScoop, AI cybersecurity firm SPLX highlighted vulnerabilities in ChatGPT Atlas, OpenAI’s newly released browser agent, as well as ChatGPT and Perplexity AI. Based on a simple change in the user-agent header, the website could send clandestine, cloaked information to the underlying LLM that influences its behavior and decision-making.
SPLX AI engineer Ivan Vlahov told CyberScoop that his team built a website capable of displaying different content depending on the visitor. To a human user, the site looked like a standard professional biography for a product designer.
Read more at CyberScoop