Overview
- Researchers demonstrated prompt-injection attacks against Atlas’ agent, with Brave calling such exploits a systemic risk for AI browsers and The Register replicating a hidden-instruction test.
- OpenAI’s security chief acknowledged prompt injection as an unsolved problem and highlighted red-teaming, overlapping guardrails, and limits on agent capabilities, while advising users to monitor agent activity.
- Product lead Adam Fry outlined near-term additions such as profiles, tab groups, a model picker, and an opt-in ad blocker, with further refinements to agent reliability and speed planned.
- Atlas is live on macOS with a free Ask ChatGPT sidebar and a paid Agent Mode for Plus/Pro subscribers, positioning the browser as an AI-first entry point to the web.
- UX changes like Darin Fisher’s scrolling tabs debut alongside mixed early reviews, including WIRED’s report of clunky sidebar behavior and a confusing privacy interaction in direct messages.