Researchers from NeuralTrust have uncovered vulnerabilities in OpenAI’s Atlas web browser, specifically in the omnibox feature where URLs or search queries are entered. They discovered a prompt injection technique that allows attackers to disguise malicious commands as seemingly innocuous URLs. When a user inputs this malformed string, Atlas misclassifies it as trusted user intent, leading to potentially harmful consequences. This exploit relies on social engineering—users must copy and paste the deceptive string into the omnibox. NeuralTrust cited two examples: a crafted link directing users to a phishing site and another with destructive commands, like deleting files from Google Drive. The fundamental flaw lies in Atlas’s failure to differentiate between trusted and untrusted inputs. To mitigate these risks, NeuralTrust recommends treating omnibox prompts as untrusted by default and ensuring strict validation protocols. This highlights a recurring issue in AI-driven browsers, where ambiguous inputs can lead to significant vulnerabilities.
Source link
Share
Read more