OpenAI works to stop code injection vulnerabilities in its ChatGPT Atlas browser

OpenAI has shared its progress for strengthen the security of the ChatGPT Atlas browser against injection attack vulnerabilities, with the implementation of a new continuous defense system that anticipates these threats and tries to reduce the risks for users.

The browser ChatGPT Atlas launched in October, offers versatile features that allow the assistant to view web pages and perform actions within the browser autonomously so that it increases navigation productivity and helps the user in multiple ways.

However, ChatGPT Atlas, like the rest of the agentic browsers with the capacity to act autonomously, is vulnerable to injection type attacks, that introduce hidden instructions for the language model to process and execute actions that are normally blocked because they are potentially harmful.

This vulnerability, which makes them a valuable target for cyber attacks, was recently revealed, after identifying a clipboard injection casewhich causes the AI ​​to copy a malicious link to the clipboard without the user realizing it to activate it the moment they decide to paste the content into the address bar.

Now, OpenAI has announced that it is carrying out a Continuous reinforcement against rapid injection attacksfacing Proactively discover and fix vulnerabilities of agents before they “become weapons in practice.

This was detailed by the company in a statement on its blog, where it shared that it has implemented a security update for ChatGPT Atlas which includes a new model trained to face adversaries and with reinforced security measures.

This security update includes a fast response cycle, developed with the help of its internal red team, which has capabilities to Continually investigate and discover attacks and submit mitigations quickly.

Likewise, the technology company has specified that, to investigate new attack strategies with this system, they have used a “LLM-based automated attacker”, that is, a bot trained to play the role that a ‘hacker’ would carry out, so that look for ways to send malicious instructions to an AI agent in ChatGPT Atlas.

“Our attacker trained through reinforcement learning can induce an agent to execute sophisticated and far-reaching harmful workflows that are developed in dozens (or even hundreds) of steps,” explained OpenAI.

In this way, the bot carries out attacks in simulations to identify how the AI ​​agent would act in this regard and what actions it should take to avoid said attacks. This process is carried out in loopsince, the bot analyzes the agent’s response to your attack and adjusts it to try again.

As a result, OpenAI has detailed that, thanks to this cycle, They are discovering new attack strategies internally, “before they appear in the real world“. Therefore, this way of approaching rapid injection, together with greater investment in security controls, “can make attacks increasingly difficult and costly”, reducing the risk of rapid injection in reality.

With all this, the company has expressed its intention to continue working so that users can trust a ChatGPT agent to use your browser “the way you would trust a highly competent, security-conscious friend.”

However, OpenAI has also admitted that it is “unlikely” that rapid injection, “just like scams and social engineering on the web” are completely resolved. “We consider rapid injection to be a long-term challenge for AI security, and we will need to continually strengthen our defenses against it,” the technology company stated.