Overview
- OpenAI released ChatGPT Atlas as an AI‑native browser with an integrated agent mode that can perform tasks for users, initially for paying subscribers.
- Security researchers demonstrated prompt‑injection tricks against Atlas, including forcing responses like “Trust No AI,” and The Register reported replicating the attack.
- Brave warned that AI browsers are broadly vulnerable to indirect prompt injection, while developers shared examples of traps and jailbreaks that exploit agent actions.
- OpenAI detailed guardrails for agent mode and cautioned risks persist, with its CISO calling prompt injection an unsolved security problem despite red‑teaming and new defenses.
- Product lead Adam Fry outlined near‑term additions such as multiprofile support, tab groups, an opt‑in ad blocker, a model picker, and agent reliability improvements, as Atlas also showcases new UI ideas like scrolling tabs.