from the I’m-sorry,-Dave,-I’m-afraid-I-can’t-undo-that dept
In a further sign of where the generative AI world is heading, OpenAI has launched ChatGPT Atlas, “a new web browser built with ChatGPT at its core.” It’s not the first to do something like this: earlier browsers incorporating varying degrees of AI include Microsoft Edge (with Copilot), Opera (with Aria), Brave (with Leo), The Browser Company’s Dia, Perplexity’s Comet, and Google’s Gemini in Chrome. Aside from a desire to jump on the genAI bandwagon, a key reason for this sudden flowering of browsers with built-in chatbots is summarized by Sam Altman in the video introducing ChatGPT Atlas. Right at the beginning, Altman says:
We think that AI represents a rare once a decade opportunity to rethink what a browser can be about and how to use one, and how to most productively and pleasantly use the Web.
AI is a disruptive force that could allow new sectoral leaders to emerge in the digital world, and the browser is clearly a key market. Chatbots are already popular as an alternative way to search for and access information, so it makes sense to embrace that by fully integrating them into the browser. Moreover, as OpenAI writes in its post about Atlas: “your browser is where all of your work, tools, and context come together. A browser built with ChatGPT takes us closer to a true super-assistant that understands your world and helps you achieve your goals.” The intent to supplant Google’s browser at the heart of the digital world is clear.
Given its leading role in AI, OpenAI’s offering is of particular interest as a guide to how this new kind of browser might work and be used. There are two main elements to Atlas. One is “browser memories”:
If you turn on browser memories, ChatGPT will remember key details from content you browse to improve chat responses and offer smarter suggestions—like creating a to-do list from your recent activity or continuing to research holiday gifts based on products you’ve viewed.
Browser memories are private to your ChatGPT account and under your control. You can view them all in settings, archive ones that are no longer relevant, and clear your browsing history to delete them. Even when browser memories are on, you can decide which sites ChatGPT can or can’t see using the toggle in the address bar. When visibility is off, ChatGPT can’t view the page content, and no memories are created from it.
Browser memories are potentially a privacy nightmare, since they can hold all kinds of sensitive information about users — and their browsing habits. OpenAI is clearly aware of this, hence the numerous options to control exactly what is remembered. The problem is that many users can’t be bothered making privacy-preserving tweaks to how they browse. Browser memories could certainly make online activities easier and more efficient, which is likely to encourage people to turn them on without much thought for possible consequences later on. The same is true of the other important optional feature of Atlas: agent mode.
In agent mode, ChatGPT can complete end to end tasks for you like researching a meal plan, making a list of ingredients, and adding the groceries to a shopping cart ready for delivery. You’re always in control: ChatGPT is trained to ask before taking many important actions, and you can pause, interrupt, or take over the browser at any time.
Once again, OpenAI is aware of the risks such a powerful agent mode brings with it, and has tried to minimize these in the following ways:
It cannot run code in the browser, download files, or install extensions
It cannot access other apps on your computer or file system
It will pause to ensure you’re watching it take actions on specific sensitive sites such as financial institutions
You can use agent in logged out mode to limit its access to sensitive data and the risk of it taking actions as you on websites
Even so, the company emphasizes bad stuff can still happen:
Besides simply making mistakes when acting on your behalf, agents are susceptible to hidden malicious instructions, which may be hidden in places such as a webpage or email with the intention that the instructions override ChatGPT agent’s intended behavior. This could lead to stealing data from sites you’re logged into or taking actions you didn’t intend.
Someone who is still skeptical about this new kind of browser is AI expert Simon Willison. Writing on his blog about OpenAI Atlas, Willison says:
The security and privacy risks involved here still feel insurmountably high to me – I certainly won’t be trusting any of these products until a bunch of security researchers have given them a very thorough beating.
Web browsers with chatbots built in are an interesting development, and may represent a paradigm shift for working online. Done properly, their utility could range from handy to life changing. But the danger is that FOMO and pressure from investors will cause companies to rush the release of products in this sector, before they are really safe for ordinary users to deploy with real, deeply-private information, and with agent access to critically-important online accounts — and real money.
Follow me @glynmoody on Mastodon and on Bluesky.
Filed Under: agents, ai agents, atlas, browser, chatgpt, chrome, comet, copilot, edge, fomo, gemini, genai, leo, privacy, prompt injection, security, simon willison, web
Companies: brave, dia, google, microsoft, openai, opera, perplexity
