Attack Flow Steps:

: Attackers exploit the ChatGPT Atlas browser's omnibox by disguising malicious prompts as URLs to bypass input validation and execute unintended commands. : Extension that spoofs AI assistant sidebars to steal data or trick users into downloading malware. : Web browser with built-in ChatGPT capabilities targeted by prompt injection attacks. : Victim places malformed URL string in browser's omnibox, causing the browser to treat input as a prompt to the AI agent. : Attackers hide malicious instructions on web pages using white text on white backgrounds, HTML comments, CSS trickery, or faint light blue text on yellow backgrounds in images. : AI assistant browser susceptible to prompt injection attacks and sidebar spoofing. : AI assistant browser found susceptible to prompt injection attacks. : Malicious extensions and prompts can execute data exfiltration commands to steal sensitive information from victim's machine. : Connected cloud storage app that could be targeted for file deletion via hidden commands. : Attackers redirect users to phishing pages under their control by embedding malicious URLs in disguised prompts. : Malicious websites that victims are redirected to through prompt injection attacks. : Attackers install backdoors that provide persistent remote access to victim's entire machine through spoofed AI sidebars. : Malicious backdoor providing persistent remote access to victim's machine installed through AI sidebar spoofing. : Attackers manipulate AI's underlying decision-making process to turn the agent against the user and execute unintended commands

MITRE ATT&CK Techniques:

T1190

T1204

T1027

T1005

T1566

T1525

T1565

Back to Gallery

ChatGPT Atlas Browser Prompt Injection

Anonymous

3 months ago

124 views

14 nodes

This flow addresses a security vulnerability in the newly released OpenAI ChatGPT Atlas web browser, which can be tricked into executing hidden commands through prompt injection attacks. Attackers can disguise malicious instructions as seemingly harmless URLs, leading the browser's AI agent to perform unintended actions, such as redirecting users to phishing sites or executing harmful commands.

React Flow