OpenAI’s ChatGPT Atlas browser, which merges AI assistance with web navigation, faces a critical security vulnerability. This flaw enables attackers to manipulate the omnibox—its integrated address and search bar—to execute harmful commands disguised as innocuous URLs. Security researchers at NeuralTrust demonstrated that crafted strings can bypass safety protocols, exposing users to phishing and data theft. Attackers can create misleading URLs that incorporate harmful directives, such as instructing the AI agent to ignore safety measures and visit malicious sites. This exploitation allows unauthorized actions, such as deleting files or accessing sensitive user data.
NeuralTrust’s findings reveal a significant boundary enforcement failure in Atlas, as traditional safety measures are bypassed. OpenAI acknowledged these risks and has implemented precautions, including a “logged-out mode” to limit sensitive access. However, the evolving nature of these threats poses ongoing challenges for cybersecurity. Follow us for daily updates on cybersecurity developments and news.
Source link
