- OpenAI says prompt injection attacks can’t be fully eliminated, only mitigated
- Malicious prompts hidden in websites can trick AI browsers into exfiltrating data or installing malware
- OpenAI’s rapid response loop uses adversarial training and automated discovery to harden defenses
OpenAI has claimed that while AI browsers might never be fully protected from prompt injection attacks, that doesn’t mean the industry should simply give up on the idea or admit defeat to the scammers - there are ways to harden the products.
The company published a new blog post discussing cybersecurity risks in its AI-powered browser, Atlas, in which it shared the somewhat grim outlook.
“Prompt injection, much like scams and social engineering on the web, is unlikely to ever be fully ‘solved,’” the blog reads. “But we’re optimistic that a proactive, highly responsive rapid response loop can continue to materially reduce real-world risk over time. By combining automated attack discovery with adversarial training and system-level safeguards, we can identify new attack patterns earlier, close gaps faster, and continuously raise the cost of exploitation.”
Rapid response loop
So what exactly is prompt injection, and what is this “rapid response loop” approach?
Prompt injection is a type of attack in which a malicious prompt is “injected” into the victim’s AI agent without their knowledge, or consent.
For example, an AI browser could be allowed to read all of the contents of a website. If that website is malicious (or hijacked) and contains a hidden prompt (white letters on a white background, for example), the AI might act on it without the user ever realizing anything.
That prompt could be different things, from exfiltrating sensitive files, to downloading and running malicious browser addons.
OpenAI wants to fight fire with fire, it seems. It created a bot, trained through reinforced learning, and let it be the hacker looking for ways in. It pits that bot against an AI defender who then go back and forth, trying to outwit one another. The end result is the AI defender capable of spotting most attack techniques.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
