AI browsers: the security headache nobody asked for

It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.

After a spooky twist on the newsletter during October, we’re back to our regular format here as the leaves keep falling and we turn the calendar to November!

AI browsers present a security challenge

Security news has been awash in reports highlighting significant vulnerabilities in AI-powered browsers following OpenAI’s release of ChatGPT Atlas last month. Similar to Perplexity’s Comet, Microsoft’s CoPilot-centric version of Edge, and a range of other AI browsers, Atlas is designed to handle common tasks by granting a built-in AI agent permission to navigate and read sites, click links, fill forms, and even send messages on the user’s behalf. This design expands the attack surface compared to traditional browsers, including through potential “prompt injection attacks.”

Such attacks, which OpenAI and Perplexity acknowledge are an as-of-yet unsolved security challenge, enable attackers to prompt the browser without a user’s awareness through instructions hidden on websites, in screenshots, or in links that the user visits, searches, or clicks. These injected prompts can be crafted to trick the embedded AI agent into sending the browser’s data — which could include information stored in sensitive accounts to which the browser has been granted access — to attacker-controlled servers.

What you can do

• Avoid — or at the very least, severely limit — your use of AI-enabled browsers. The benefits of these browsers are highly unlikely to outweigh the risks right now. With that said, if you do use an AI-enabled browser, don’t grant it access to sensitive systems (e.g. your email account, password manager, or calendar), and use other browsers for accessing information that you’d like to keep private.
• Keep your browser updated. While not vulnerable to the types of attacks described above, traditional browsers are also targeted by hackers. Regardless of which browser you use, the first step to defending against browser-based attacks is to apply security updates as soon as they are released. Here are instructions on how to do so for popular browsers, including Firefox, Brave, Tor Browser, Safari, and Chrome.
• Be mindful of your extensions. Even in traditional browsers, extensions and add-ons are often granted significant permissions, including the ability to access your browsing history and data you provide to websites. Take a moment to review what extensions you have added to your browsers. Be sure to only grant access to those that you’ve thoroughly researched and trusted. Generally, we recommend keeping extensions limited to your password manager and privacy-focused extensions like Privacy Badger or uBlock Origin.

Updates from our team

• While not every journalist needs to worry about location tracking, when it matters, it really matters. Last month, we published a new guide to help you assess when location tracking risks apply to your work — and what steps you can take to mitigate those risks when they do.
• In our latest “Ask a security trainer” column, Senior Digital Security Trainer David Huerta answers perhaps the most frequent of frequently asked questions: Can I trust public Wi-Fi networks?

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Evan

-

Evan Summers

Senior Digital Security Trainer

Freedom of the Press Foundation