OpenAI has officially entered the browser wars. On Tuesday, the company announced Atlasnew web browser with ChatGPT integration. It's Mac only at the moment, but I wouldn't advise even my Apple friends to jump in right away – at least not without understanding the underlying risks.
Browse the web with Atlas AI
If you have already used other AI browsers, like a comet of bewildermentThe atlas will seem familiar to you. In fact, this is also true if you've used any web browser before: Atlas is built on Chromium, the engine that powers browsers like Google Chrome, Microsoft Edge, and Opera. This means that the core mechanics of Atlas are pretty standard; There's nothing particularly revolutionary going on here when it comes to tab sorting or browsing itself.
The same applies to some ChatGPT interactions. Like other AI browsers, ChatGPT is docked in the sidebar of the browser window. You can summon it by clicking the “Ask ChatGPT” button, where you can ask it questions about the content you're currently viewing. You can also ask ChatGPT for help with writing text every time you enter an open text field in the browser.
Like Comet, Atlas has an agent mode, but the latter is built on top of the existing mode. ChatGPT Agent. The idea is that you can instruct Atlas to perform functions on your behalf. So instead of going to the DoorDash website and ordering your dinner, you can ask Atlas to order dinner for you. You can even watch Atlas get to work and see how he thinks through every decision. OpenAI has other ideas for using Atlas Agent Mode, including giving the browser a shopping recipe or asking the bot to review team documents at work to create a brief.
Deeper ChatGPT integration is what could set Atlas apart from its competitors. If you're a regular ChatGPT user, you'll likely appreciate the contextual awareness of your past conversations – if you've already asked ChatGPT a topic and are currently exploring it in a browser window, you can continue the conversation and assume ChatGPT will remember what you've already said.
1 credit
Likewise, Atlas will track your browsing and activity history and use it in future sessions. You might open your browser to find personalized suggestions on what sites and topics to explore next. Sounds creepy? Absolutely. But if you're someone who doesn't mind compromising on privacy, there may be some benefits to it. OpenAI's announcement suggested asking Atlas to collect all the job postings you've viewed in the past week and create a summary of industry trends that you can use in your interview preparation. If you find that these memories are too difficult for you, you can turn them off in your browser settings. (OpenAI claims that deleting browsing history also deletes associated browser memories, and an incognito browser window logs you out of ChatGPT.)
The company includes a setting called “ChatGPT Page Visibility” that allows you to control whether ChatGPT can see the web page you're visiting. If you select “Not Allowed” you can prevent the bot from seeing what you do, which is a good thing. But again, this kind of defeats the purpose of Atlas. If you don't want ChatGPT to see what you're doing, you can use a browser that doesn't have ChatGPT built-in. (The company promises it won't train ChatGPT on your browsing data unless you consent to it, but why would you want to?)
What are your thoughts so far?
Is it safe to use Atlas?
1 credit
I am of the opinion that if the security of the browser is in question, then it is better not to bother. This is the case with Atlas, as well as other AI browsers.
The main problem with browsers that include artificial intelligence agents is that they are susceptible to indirect injection attacks. Brave has done a lot of research about this, especially with the comet. In short, attackers can potentially hide malicious instructions on websites that AI agents believe are no different from a typical user request. Since the browser is designed to act on your behalf, these malicious instructions can tell the AI to do things you definitely don't want. You can ask Atlas to review a web page, but because the attacker has hidden a command on the site to do something related to your email, bank account, or corporate intranet, he will do that instead.
To OpenAI's credit, the company has compiled a list of risk mitigations using Atlas. Atlas cannot run code directly in the browser, nor can it download files or install extensions. The browser has no way to access other applications on your Mac or its file system. If Agent Mode requires access to sensitive sites such as your bank, it will pause to make sure “you are watching.” At this point, you may be using the Atlas Agent in logged-out mode, which limits its ability to access sensitive data or perform actions “on your behalf” on websites. But even OpenAI admits that after thousands of hours of testing, its defenses “will not stop every attack that arises as AI agents grow in popularity.” The company says it will patch new vulnerabilities as they are discovered, but if attackers discover them first, they could trick these AI agents into doing terrible things.
In my opinion, the risks currently far outweigh the benefits. I don't yet see any particular reason for a bot in my browser to do anything on my behalf, but even if I did, I wouldn't use it just yet. The risk of someone injecting a malicious command into the website and derailing my AI agent—and my digital life—is too great, especially when I can easily book those flights or order the delivery myself.
