ChatGPT Atlas is having a rocky launch to say the least. While the new browser is being praised by many as the next big thing in web browsing, it has already raised big questions over both privacy and security.
On the security side of things, multiple reports have been raised, both with users finding ways to inject malicious software into the browser and with ways to jailbreak it. Jailbreaking allows a user to fundamentally change the functionality of a device or software, to use it to their own liking.
One user on X highlights how they were able to lay a trap for ChatGPT Atlas, using its agent functionality. With this trap, when the agent was given a task that involved this particular user’s website, there was a button that, when clicked, would inject a malicious phishing link into a user’s clipboard.
The trap relies on you not checking things first when using the browser's copy and paste function. The malicious link adds a URL to your clipboard and then when its pasted into your address bar, this will trigger an attack.
Another user highlighted a way to trick the browser by making use of its combination of being both a search engine and a chatbot. This leverages the difference between typing a website's address and a prompt into the search bar, to trick Atlas into running with elevated privileges.
Other users have found ways to change their own ChatGPT Atlas experience via jailbreaks, but luckily, these aren’t a risk to anyone else, only changing their own browser.
Elsewhere, major companies in the world of tech privacy and security warned of the potential for prompt injections. This is another hack in which malicious prompts are hidden in such a way that agents like Atlas will accidentally ingest and use them.
ChatGPT Atlas isn’t just another browser: it watches, infers, and acts on your behalf. Worryingly, there are still many open questions about how this product protects user data.If you're curious about what that means for privacy, read on…1/8October 23, 2025
Proton, a well-known company that offers secure email, VPN, and security services, warned of the security risks of Atlas and pr on its blog. This same concern was pointed out by Brave, a competitor in the world of AI browsing, publishing a string of posts on X highlighting the security concerns of these browsers via agents and prompt injections.
What does this all mean?
A lot of these problems are relatively easy for OpenAI to fix. They can introduce changes that will stop some of these jailbreaks from occurring and avoid the AI being tricked in a lot of circumstances.
However, the browser was only launched a couple of days ago, so it is concerning just how many issues, bugs, and potential security slips have already been discovered.
Each time OpenAI releases an update, or something changes in the way that the browser operates, it opens up the opportunity for new jailbreaks and malicious attacks to be discovered.
How can you stay safe while using ChatGPT Atlas?
There are a few things to learn from this and keep in mind. Most obviously is being aware of how and where you are using the ChatGPT Agent functionality. This is where most of the issues are occurring, as ChatGPT takes over and completes commands on your behalf.
This is old school internet advice, but it all boils down to being smart about how you use these new AI-powered browsers. When visiting legitimate and trusted websites, this risk decreases drastically.
Treat anything that you are copying or pasting into an AI prompt as a potential risk. Don’t paste text directly from the internet, especially chunks of code snippets, without knowing what it is beforehand. Likewise, you also want to make sure your computer is protected with the best antivirus software and if you're really concerned about keeping your personal information safe, one of the best identity theft protection services is a great investment for both you and your family.
Equally, be careful when inputting important personal data whenever using an AI agent. These bits of information are going to be what is most useful to cybercriminals and will be the main thing these kinds of scams will be designed to target.
However, as Brave points out in its thread of X posts on the issue, it is mostly up to the developers to make these browsers safer.
“To make agentic browsing less risky, developers should:
- Isolate agentic browsing from regular browsing
- Require explicit consent from users for agentic browsing actions like opening sites or reading emails
However, larger structural changes are needed in the long term.
The security vulnerability we found in Perplexity’s Comet browser this summer is not an isolated issue.Indirect prompt injections are a systemic problem facing Comet and other AI-powered browsers.Today we’re publishing details on more security vulnerabilities we uncovered.October 21, 2025
Should you stop using these browsers?
This isn’t all to say you can’t or shouldn’t use ChatGPT Atlas. The browser has quickly proved to be an impressive tool, along with other AI browsers like Perplexity Comet or Opera Neon.
Instead, it is just best to operate with a degree of caution, especially when dealing with personal information, or if anything seems suspicious when using an AI agent.
If you are actively using an agent, we would advise reading up on how you can keep your privacy and security safe in the process.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
