Overview
- OpenAI released ChatGPT Atlas, a Chromium-based browser that embeds ChatGPT throughout the interface and offers a paid agent mode to carry out multi-step tasks on websites.
- SquareX disclosed an "AI Sidebar Spoofing" attack in AI-first browsers like Atlas and Comet, showing how a rogue extension can overlay a fake sidebar to capture user interactions.
- Demonstrations from SquareX illustrated plausible harms including crypto phishing, OAuth credential theft through deceptive logins, and device compromise via tricked software installs.
- Brave’s analysis and independent tests highlight ongoing prompt-injection vulnerabilities that can manipulate agent behavior, with some researchers advising uninstalling or limiting use.
- Google and Microsoft are testing similar agent features in Canary builds (Chrome Contextual Tasks and Edge Copilot Actions) with regional limits, while OpenAI says Atlas restricts agent capabilities and does not train on users’ browsing by default.