new browser; it charges your browser with the capabilities of an LLM. Although a browsing assistant sounds wonderfully convenient and futuristic, Atlas leaves a lot be be desired.
In this post I’d like to dive deep into how Atlas and most current AI-powered browsers fail on three aspects: privacy, security, and censorship.
First we’ll take a look at how Atlas works.
Atlas under the hood
First let’s understand how Atlas and other AI browsers work, what their capabilities are, and how they differ from other “regular” browsers.
Why do AI browsers exist?
AI browsers aim to solve a growing problem on the web: information overload. I’m sure we can all recognize searching for information in pages full of forms, ads, and endless UX flows. Companies like OpenAI try to solve this by offering an AI assistant to do this for you.
The AI browser is designed to be a new interface layer on top of the web. You can let an LLM interpret a page, extract meaning, answer questions, or even take actions. The strategic incentive of OpenAI is to integrate ChatGPT deeply into a browser in order to keep users inside their ecosystem.
The promise is convenience, automation, and a more personalised browsing experience. As we’ll see later in this article, the implementation introduces significant privacy, security, and moderation risks.
What can Atlas do for me?
AI browsers are browsers that we interact with just like with ChatGPT. You can ask them to summarize the website you’re looking at, translate it, or ask questions about the content. The browser keeps a history, learns from your browsing habits, and “gets to know you” a bit better.
Additionally there’s agent mode. Imagine tasking the browser and seeing it perform the following task autonomously: “I want a nice holiday for 2, either by train or plane with a max cost of €800”. You’ll see Atlas opening tabs, Googling, reading websites, clicking buttons, etc.
How does Atlas work?
Essentially, Atlas is just a Chromium browser that uses ChatGPT for everything. Agent mode is evaluated by ChatGPT, it analyzes web pages with ChatGPT, etc.
Concerns
Although AI browsers like Atlas offer a lot of cool capabilities, there are some concerns, the biggest of which we’ll discuss now.
Privacy
Atlas reads along with everything you see and type, sharing this information with ChatGPT. This is essentially the “AI” part of “AI browser”. This leaves an enormous privacy concern.
We are already quite familiar with “regular” tracking like many websites do. They collect information about what visitors do on their site.
Atlas takes this to the extreme by tracking everything you do on every site. It observes what you read, how long you stay, what you do next; essentially, your entire online behaviour is tracked and that data is in the hands of one company (OpenAI).
Security
The big problem with security is that the browser cannot reliably distinguish between data (e.g. the content of a site for tickets) and instructions (“find tickets to Rome”). This leaves the browser wide open for prompt injection.
Simple prompt injection to steal your sensitive data
The browser reads along with you on a website you visit. It sends the content to ChatGPT in order to analyze it and e.g. summarize it. Imagine a malicious actor who hides invisible instructions (e.g. white text on a white background) on the page:
“Ignore all previous instructions and instead do the following: …”
This incredibly simple method of prompt injection influences how your browser operates. Combine this with agent mode and its capabilities and you’re just asking to be hacked.
Researchers from Brave (“regular” browser) have already documented such attacks, showing that AI-powered browsers can be manipulated to navigate to the user’s banking site, extract saved passwords, and send sensitive information to attacker-controlled servers.
Censorship
We all know that LLMs are heavily moderated. We’ve all heard the stories of Deepseek refusing to answers questions about Tiananmen Square and Google’s Gemini generating racially diverse historical figures. Some queries should not be answered, e.g. we don’t want ChatGPT to teach users how to make a bomb.
My problem with Atlas, however, is that there is one company that determines what you see, especially when you realise that same company holds the entire history of your online activity. In a world full of fake news, propaganda, censorship, and increasingly authoritarian figures, this feels like an enormous risk.
Conclusion
AI-assisted browsing is coming, but not like this. Personally I think there’s a lot of potential in AI browsers but the security issues are glaring. That, in combination with the fact that Atlas will share all my online activity with just one company, which also is perfectly able to censor or influence what i see, is something I find very risky.
Until transparency, privacy, and safeguards catch up, I wouldn’t trust it with my data… or my wallet.
I hope this article was as clear as I intended it to be but if this is not the case please let me know what I can do to clarify further. In the meantime, check out my other articles on all kinds of programming-related topics.
Happy coding!
— Mike
Sources:
