Loading the article brief, supporting context, and related editorial blocks.
Continuously hardening ChatGPT Atlas against prompt injection | AI BriefWire
AI BriefWire / Briefing
OpenAI NewsSafetyCore AIHeat 54
Continuously hardening ChatGPT Atlas against prompt injection
OpenAI is continuously improving ChatGPT Atlas to defend against prompt injection attacks. These attacks manipulate AI responses by injecting malicious prompts. Strengthening security ensures more reliable and safe AI interactions for users.
Server-side extracted preview paragraphs from the original source.
Original article excerpt
OpenAI is strengthening ChatGPT Atlas against prompt injection attacks using automated red teaming trained with reinforcement learning. This proactive discover-and-patch loop helps identify novel exploits early and harden the browser agent’s defenses as AI becomes more agentic.
Automated red teaming—powered by reinforcement learning—helps us proactively discover and patch real-world agent exploits before they’re weaponized in the wild.
Agent mode in ChatGPT Atlas is one of the most general-purpose agentic features we’ve released to date. In this mode, the browser agent views webpages and takes actions, clicks, and keystrokes inside your browser, just as you would. This allows ChatGPT to work directly on many of your day-to-day workflows using the same space, context, and data.
As the browser agent helps you get more done, it also becomes a higher-value target of adversarial attacks. This makes AI security especially important. Long before we launched ChatGPT Atlas, we’ve been continuously building and hardening defenses against emerging threats that specifically target this new “agent in the browser” paradigm. Prompt injection is one of the most significant risks we actively defend against to help ensure ChatGPT Atlas can operate securely on your behalf.
As part of this effort, we recently shipped a security update to Atlas’s browser agent, including a newly adversarially trained model and strengthened surrounding safeguards. This update was prompted by a new class of prompt-injection attacks uncovered through our internal automated red teaming.
In this post, we explain how prompt-injection risk can arise for web-based agents, and we share a rapid response loop we’ve been building to continuously discover new attacks and ship mitigations quickly—illustrated by this recent security update.
We view prompt injection as a long-term AI security challenge, and we’ll need to continuously strengthen our defenses against it (much like ever-evolving online scams that target humans). Our latest rapid response cycle is showing early promise as a critical tool on that journey: we’re discovering novel attack strategies internally before they show up in the wild. Our long-term vision is to fully leverage (1) our white-box access to our models, (2) deep understanding of our defenses, and (3) compute scale to stay ahead of external attackers—finding exploits earlier, shipping mitigations faster, and continuously tightening the loop. Combined with frontier research on new techniques to address prompt injection and increased investment in other security controls, this compounding cycle can make attacks increasingly difficult and costly, materially reducing real-world prompt-injection risk. Ultimately, our goal is for you to be able to trust a ChatGPT agent to use your browser the way you’d trust a highly competent, security-aware colleague or friend.
%22%2F%3E%0A%3Ccircle%20cx%3D%22978%22%20cy%3D%22150%22%20r%3D%22210%22%20fill%3D%22rgba(124%2C166%2C199%2C0.16)%22%2F%3E%0A%3Ccircle%20cx%3D%22978%22%20cy%3D%22150%22%20r%3D%22122%22%20fill%3D%22rgba(255%2C255%2C255%2C0.04)%22%20stroke%3D%22rgba(255%2C255%2C255%2C0.12)%22%2F%3E%0A%3Cpath%20d%3D%22M70%20428H1130%22%20stroke%3D%22rgba(208%2C122%2C85%2C0.28)%22%20stroke-width%3D%222%22%20stroke-dasharray%3D%2210%2014%22%2F%3E%0A%3Crect%20x%3D%2276%22%20y%3D%2272%22%20width%3D%22360%22%20height%3D%2242%22%20rx%3D%2221%22%20fill%3D%22rgba(255%2C255%2C255%2C0.06)%22%20stroke%3D%22rgba(255%2C255%2C255%2C0.1)%22%2F%3E%0A%3Ctext%20x%3D%2298%22%20y%3D%2299%22%20fill%3D%22rgba(242%2C244%2C247%2C0.82)%22%20font-family%3D%22Arial%2C%20Helvetica%2C%20sans-serif%22%20font-size%3D%2217%22%20font-weight%3D%22700%22%20letter-spacing%3D%223%22%3EOPENAI%20NEWS%3C%2Ftext%3E%0A%3Ctext%20x%3D%2278%22%20y%3D%22212%22%20fill%3D%22%23F2F4F7%22%20font-family%3D%22Georgia%2C%20'Times%20New%20Roman'%2C%20serif%22%20font-size%3D%2254%22%20font-weight%3D%22700%22%3E%3Ctspan%20x%3D%2278%22%20dy%3D%220%22%3EContinuously%20hardening%3C%2Ftspan%3E%3Ctspan%20x%3D%2278%22%20dy%3D%2262%22%3EChatGPT%20Atlas%20against%3C%2Ftspan%3E%3Ctspan%20x%3D%2278%22%20dy%3D%2262%22%3Eprompt...%3C%2Ftspan%3E%3C%2Ftext%3E%0A%3Crect%20x%3D%2278%22%20y%3D%22502%22%20width%3D%22260%22%20height%3D%2246%22%20rx%3D%2223%22%20fill%3D%22rgba(208%2C122%2C85%2C0.18)%22%20stroke%3D%22rgba(208%2C122%2C85%2C0.32)%22%2F%3E%0A%3Ctext%20x%3D%22104%22%20y%3D%22532%22%20fill%3D%22%23F2F4F7%22%20font-family%3D%22Arial%2C%20Helvetica%2C%20sans-serif%22%20font-size%3D%2222%22%20font-weight%3D%22700%22%3ECore%20AI%3C%2Ftext%3E%0A%3Crect%20x%3D%22900%22%20y%3D%22410%22%20width%3D%22190%22%20height%3D%22190%22%20rx%3D%2238%22%20fill%3D%22rgba(255%2C255%2C255%2C0.06)%22%20stroke%3D%22rgba(255%2C255%2C255%2C0.12)%22%2F%3E%0A%3Ctext%20x%3D%22995%22%20y%3D%22522%22%20text-anchor%3D%22middle%22%20fill%3D%22%23F2F4F7%22%20font-family%3D%22Arial%2C%20Helvetica%2C%20sans-serif%22%20font-size%3D%2292%22%20font-weight%3D%22800%22%3EOP%3C%2Ftext%3E%0A%3C%2Fsvg%3E)