Attack Flow Steps:

: Attackers exploit the ChatGPT Atlas browser's omnibox by disguising malicious prompts as URLs to bypass input validation and execute unintended commands. : Extension that spoofs AI assistant sidebars to steal data or trick users into downloading malware. : Web browser with built-in ChatGPT capabilities targeted by prompt injection attacks. : Victim places malformed URL string in browser's omnibox, causing the browser to treat input as a prompt to the AI agent. : Attackers hide malicious instructions on web pages using white text on white backgrounds, HTML comments, CSS trickery, or faint light blue text on yellow backgrounds in images. : AI assistant browser susceptible to prompt injection attacks and sidebar spoofing. : AI assistant browser found susceptible to prompt injection attacks. : Malicious extensions and prompts can execute data exfiltration commands to steal sensitive information from victim's machine. : Connected cloud storage app that could be targeted for file deletion via hidden commands. : Attackers redirect users to phishing pages under their control by embedding malicious URLs in disguised prompts. : Malicious websites that victims are redirected to through prompt injection attacks. : Attackers install backdoors that provide persistent remote access to victim's entire machine through spoofed AI sidebars. : Malicious backdoor providing persistent remote access to victim's machine installed through AI sidebar spoofing. : Attackers manipulate AI's underlying decision-making process to turn the agent against the user and execute unintended commands

MITRE ATT&CK Techniques:

• T1190
• T1204
• T1027
• T1005
• T1566
• T1525
• T1565