Don’t miss out on our latest stories. Add PCMag as a preferred source on Google.
OpenAI on Tuesday debuted its long-awaited AI browser, ChatGPT Atlas, but one company executive is now warning that it may not always do what you want it to.
AI browsers promise to take routine actions on the web for you, such as scheduling meetings or buying groceries on Instacart. But they’re far from perfect. “ChatGPT agent is powerful and helpful, and designed to be safe, but it can still make (sometimes surprising!) mistakes, like trying to buy the wrong product or forgetting to check in with you before taking an important action,” OpenAI Chief Information Security Officer Dane Stuckey wrote on X.
Of concern are prompt injection attacks, or when a hacker embeds “malicious instructions in websites, emails, or other sources, to try to trick [an AI] agent into behaving in unintended ways.” This is a known risk with all AI browsers, including Anthropic’s Claude computer, Google’s Gemini on Chrome, and Perplexity’s Comet AI browser.
Since large language models (LLMs) cannot determine the intent behind web content, they may encounter hacker-planted instructions on the internet and execute those requests. “The objective for attackers can be as simple as trying to bias the agent’s opinion while shopping, or as consequential as an attacker trying to get the agent to fetch and leak private data, such as sensitive information from your email, or credentials,” Stuckey says.
OpenAI is “very thoughtfully researching and mitigating” this risk, Stuckey adds, though he notes hackers may find new ways to influence AI agents. Researchers at Brave Software, which develops the privacy-focused Brave browser, discovered that hackers can embed secret instructions into images to deliver a prompt injection attack via Perplexity’s Comet, for example.
These attacks could erode consumer trust in AI browsers and threaten a much-needed revenue stream for OpenAI. “As with computer viruses in the early 2000s, we think it’s important for everyone to understand responsible usage, including thinking about prompt injection attacks, so we can all learn to benefit from this technology safely,” Stuckey says. “We are excited to see how ChatGPT agent will empower your workflows in Atlas, and are resolute in our mission to build the most secure, private, and safe AI technologies for the benefit of all humanity.”
Recommended by Our Editors
ChatGPT Atlas is currently only available on macOS.
Disclosure: Ziff Davis, PCMag’s parent company, filed a lawsuit against OpenAI in April 2025, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Emily Forlini
Senior Reporter
Experience
As a news and features writer at PCMag, I cover the biggest tech trends that shape the way we live and work. I specialize in on-the-ground reporting, uncovering stories from the people who are at the center of change—whether that’s the CEO of a high-valued startup or an everyday person taking on Big Tech. I also cover daily tech news and breaking stories, contextualizing them so you get the full picture.
I came to journalism from a previous career working in Big Tech on the West Coast. That experience gave me an up-close view of how software works and how business strategies shift over time. Now that I have my master’s in journalism from Northwestern University, I couple my insider knowledge and reporting chops to help answer the big question: Where is this all going?
Read Full Bio
