Overview
- OpenAI’s ChatGPT Atlas is live on macOS and rivals like Perplexity’s Comet and Browser Company’s Dia are publicly available, with Opera previewing Neon and Microsoft testing Edge Copilot Actions.
- Security research details multiple exploit paths, including LayerX’s finding that a single crafted URL can trigger Perplexity Comet to pull from memory and exfiltrate data from connected services to an attacker.
- Brave and other researchers describe indirect prompt‑injection attacks that hide instructions in webpage content, letting malicious pages hijack an agent’s tools and potentially access sensitive information.
- OpenAI’s Atlas leans on a “memory” feature that analyzes past ChatGPT sessions and browsing history, raising privacy concerns, while early use shows bare‑bones browsing features, slower results, and login failures.
- A Columbia Journalism Review investigation reported that Atlas’s agent mode routes around certain outlets, including the New York Times and PCMag, by assembling summaries from alternative sources, and both OpenAI and Perplexity acknowledge prompt‑injection as a still‑unsolved frontier problem.