Beware the AI browser: Don’t let Prompt Injection Attacks Ruin Your Day

Written By Tim Fauley

The newest thing on the AI landscape are AI browsers. OpenAI, the makers of ChatGPT recently released Atlas and Perplexity recently released Comet—these browsers are different from Chrome, Safari or Firefox because they integrate the capability of the AI in the browser. This means that you can have the browser perform tasks like placing orders, sending email or pretty much anything ChatGPT or Perplexity is capable of doing. The problem is that these browsers usually are installed with elevated privileges to allow them to perform tasks on your local machine. These privileges mean that the browser can often make system changes, modify files, or perform other tasks on your computer.

Enter the Prompt Injection Attack—this is something that you may not have heard of before, but it is certainly something that is a concern as all of us rely more and more on AI. In the case of AI browsers, a website that you’re visiting could contain a hidden prompt for the AI—something that you wouldn’t see visually but a command the AI will pick up and execute. This means that the browser could be tricked into exposing files on your computer, stored passwords or other data that should be kept private. These types of attacks are difficult to prevent and are a new frontier for cybercriminals.

I’ve tried both Atlas and Comet and they are moderately effective and basic tasks when you provide the required access, but they aren’t very effective at complicated tasks. I tested both browsers with what I thought was a relatively simple task: find this product on the website and give me the cost. The browsers both struggled to navigate the website and while they did eventually provide an answer, it would have been much faster to complete the task on my own.

I’m sure that AI browsers will improve in the future, but given how clunky the current generation performs, it isn’t worth the risk to give up so much system access. OpenAI’s chief information security officer acknowledged the challenges of Prompt Injection Attacks when launching ChatGPTs Agent Mode in a post on x. A post by Perplexity’s security team also acknowledged the issue and stated prompt injection attacks are so fundamentally serious, that it requires rethinking security from the ground up.

For now, I’d recommend that you skip the current generation of AI browsers and stick to standard browsers like Chrome, Safari, Edge, Firefox or Opera. They all have their advantages and drawbacks, but in my opinion are safer than the AI browsers.

Are you a business owner and need a consultant to help you navigate technology issues? Contact Us and we’ll be glad to help!

Tim Fauley
Next

Automating the Busywork: A Small Business Playbook for No-Code Efficiency