Fordel StudiosOpenAI says AI browsers may always be vulnerable to prompt injection attacks
What Happened
OpenAI says prompt injections will always be a risk for AI browsers with agentic capabilities, like Atlas. But the firm is beefing up its cybersecurity with an "LLM-based automated attacker."
Our Take
Here's the thing: OpenAI's basically saying "prompt injection is unsolvable, but we built an LLM to attack itself and call that security." That's not a solution, that's security theater.
Prompt injection isn't a bug—it's a fundamental feature of how language models work. Telling users "we can't fix this, but don't worry we're monitoring" is honest but also deeply unsatisfying.
Real issue: agentic AI browsers are a mistake if you can't guarantee safety. They're releasing Atlas knowing it's broken. That's a choice.
What To Do
Don't build agentic systems until you've solved prompt injection—saying "we'll monitor for attacks" isn't a strategy.
Cited By
React