AI browsers such as ChatGPT Atlas, Perplexity Comet, and Dia provide remarkable convenience with their autonomous web browsing capabilities. However, these advantages are accompanied by significant security risks that every user must be aware of. Threats like prompt injection and credential theft pose real dangers, making it crucial to understand how to secure your AI browsing experience.
Understanding Prompt Injection Risks
One of the most prevalent threats is prompt injection, a tactic where harmful commands are hidden within HTML code on websites. Even OpenAI has cautioned against using Atlas for production data due to these vulnerabilities. Alarmingly, users do not need to take any action; simply visiting a webpage with concealed commands can lead the browser to execute them without your knowledge.
Real-World Examples of AI Browser Vulnerabilities
The security team at Brave showcased this type of attack on Perplexity Comet, termed CometJacking. In a notable incident, Comet successfully extracted a user's email address, gained access to a one-time password from their inbox, and relayed it to an attacker—all initiated by the user requesting a summary of a Reddit thread that included malicious commands. ChatGPT Atlas also exhibited similar vulnerabilities when security researcher Johann Rehberger managed to switch the browser from light mode to dark mode using a simple command hidden in a Word document.
Additional Security Threats
Moreover, AI browsers often lack the same phishing detection measures as traditional browsers. LayerX reported that Atlas users are 90% more susceptible to such attacks compared to users of Chrome or Edge. Automated checkout features can also introduce direct financial risks, as demonstrated when Amazon successfully prevented Comet from completing transactions on its site.
Enhancing AI Browser Security
Despite these risks, it is possible to use AI browsers safely. Here are some built-in settings you can enable to significantly enhance your security:
- Disable Data Sharing: Most AI browsers utilize your browsing patterns and search history to train their AI models, sending your data to developers by default unless you opt-out. Learn how to disable this feature in each browser.
- Limit Login Session Access: AI browsers can potentially access accounts you've already logged into, allowing them to extract sensitive information. In ChatGPT Atlas, select the Logged out mode in Agent Mode to ensure the browser requests credentials each time it needs to log in. For Comet and Dia, use incognito mode when accessing any website.
- Turn Off Persistent Memory: Memory poisoning is a more advanced form of prompt injection where attackers inject harmful commands into the specific memory of your account stored across devices. Disable this feature to enhance security.
- Restrict Agent Access to Sensitive Sites: Consider disabling agent access to banking and health platforms, preventing them from viewing or taking action on these sites.
In addition to these built-in settings, following best practices can help minimize risks while using AI browsers like Atlas, Comet, or Dia. Ultimately, the less data and permissions your agent browser has, the lower the potential damage in the event of an attack. By configuring your security settings and adhering to best practices, you can enjoy the convenience of AI browsers without compromising your privacy and personal data security.
Source: https://telset.id/how-to/panduan-keamanan-ai-browser-lindungi-data-dari-peretasan



