OpenAI's ChatGPT Atlas browser raises digital security alerts

• Privacy Risks in ChatGPT Atlas Browser
• Experts warn of rapid injection attacks
• Cryptocurrency users should exercise extra caution

The launch of the navigator OpenAI's ChatGPT Atlas, announced Tuesday, has raised concerns among digital security experts. According to researchers, the new product still has serious vulnerabilities, particularly related to fast injection attacks—a problem that persists even with the company's recent defenses.

Cryptocurrency users have been highlighted as one of the groups most exposed to this type of flaw. This is because a simple hidden line on a seemingly legitimate page can trick the browser assistant into executing unwanted commands, such as copying autofill data, saved logins, or session information linked to exchanges like Coinbase.

The flaw occurs when the assistant interprets instructions embedded in a page's content as legitimate commands. Thus, by simply attempting to summarize a text, the system can inadvertently reveal private information. This behavior poses a high risk in an environment where millions of people already use OpenAI's integrated services every week.

Atlas is definitely vulnerable to Prompt Injection pic.twitter.com/N9VHjqnTVd

— P1njc70r (@p1njc70r) October 21, 2025

Within hours of release, researchers demonstrated successful exploits that included clipboard hijacking, configuration manipulation through Google Docs, and the insertion of invisible phishing commands. The company has yet to issue an official response, but OpenAI's Chief Information Security Officer, Dane Stuckey, acknowledged that "rapid injection remains an unresolved and evolving security issue."

OpenAI's Atlas browser seems to detect prompt injection attempts. pic.twitter.com/fwCeSDZrNU

—Ethan Wickstrom (@ethan_wickstrom) October 21, 2025

Stuckey highlighted that measures such as "Observation Mode," red-teaming, and rapid response systems are being improved, but admitted that adversaries "will spend significant time and resources" to exploit gaps.

Atlas, available for download on macOS, collects user history and actions by default through the "Memories" feature. This data can be used internally for personalization, although the privacy policy still leaves gaps regarding how the information is stored and deleted.

For those who decide to try it, experts recommend disabling "agent mode," which allows the browser to perform autonomous actions. They also suggest using "disconnected" mode when accessing sensitive websites and never allowing the browser to manage authenticated sessions related to finances, health, or corporate email.