Copyright forbes
The results are in, as Atlas battles Chrome. NurPhoto via Getty Images Be careful what you wish for. With so much hope and expectation surrounding OpenAI’s launch of its first browser forray, ChatGPT’s Atlas was never going to meet expectations. Early reviews have been snagged by the need to subscribe to unlock full value, and some disconnects around what we expect from a browser versus an AI assistant. But there’s a serious warning as well when it comes to wandering onto the thin ice of new, unproven browsers. Just as with Perplexity’s Comet, the issue is the catching up required when it comes to safe browsing and the risks from new vulnerabilities. ForbesGoogle And Microsoft Issue Password Warnings—Most Users Must Act NowBy Zak Doffman Both have been flagged in a new report from LayerX. On the vulnerability front, the team has discovered an inherent weakness when a user is logged into ChatGPT as they use the web on any browser, but especially on Atlas. LayerX says bad actors can “inject malicious instructions into ChatGPT’s ‘memory’ and execute remote code. This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware.” MORE FOR YOU This works by way of Cross-Site Request Forgery (CSRF) requests, which then plan “malicious instructions” in ChatGPT’s persistent memory. “When the user attempts to use ChatGPT for legitimate purposes, the tainted memories will be invoked, and can execute remote code that will allow the attacker to gain control of the user account, their browser, code they are writing, or systems they have access to.” Atlas Vs Chrome. There is a more basic warning as well. LayerX says it has found that “Atlas currently does not include any meaningful anti-phishing protections, meaning that users of this browser are up to 90% more vulnerable to phishing attacks.” They have compared Atlas to Chrome to see how it handles realistic threats. Put simply, it’s not great, even underperforming Comet and Genspark in the tests. This comparison is critical, because Atlas has been positioned as a direct competitor to Chrome. Forbes‘Severe Outages’—Switch To Gmail, Google Warns Microsoft UsersBy Zak Doffman ChatGPT’s Atlas is not good at defending against phishing attacks. “Out of 103 in-the-wild attacks that LayerX tested, ChatGPT Atlas allowed 97 to go through, a whopping 94.2% failure rate. Compared to Edge (which stopped 53% of attacks in LayerX’s test) and Chrome (which stopped 47% of attacks), ChatGPT Atlas was able to successfully stop only 5.8% of malicious web pages, meaning that users of Atlas were nearly 90% more vulnerable to phishing attacks, compared to users of other browsers.” These results should not come as a surprise. This is a new platform and it should be handled with care. The usual hygiene factors such as safe browsing will be built around the product, and vulnerabilities will be patched. But in these early days, proceed with caution. As I’ve said before, this ice is particularly thin, tread carefully. Until this is addressed, you shouldn’t switch your daily browser. It’s not worth the risk. I have reached out to OpenAI for any comments on the LayerX report. Editorial StandardsReprints & Permissions
