With the release of OpenAI’s new ChatGPT Atlas browser, a word of caution: please consider avoiding it (and other similar AI-powered browsers) for sensitive personal tasks like email, banking, or shopping.
It has been proven (see the post by Brave on Perplexity’s Comet browser) where an attacker can use indirect prompt injection to instruct the browser’s AI agent to perform malicious actions, like stealing information.
Are we witnessing a new kind of RCE?
While not technically Remote Code Execution, it’s dangerously close. It’s more like Remote Agent Execution, where an attacker can remotely control the AI assistant, which then operates with your full permissions.
Stay safe and be mindful of what data these new tools can access. Agents have to be sandboxed, be it on your terminal or your browser.