New Delhi, Dec. 23 -- Agent-based AI systems promise productivity gains by operating directly inside user workflows. ChatGPT Atlas pushes this model further by allowing an AI agent to browse the web, click links, fill forms, and execute tasks much like a human user would.

That same capability, however, widens the attack surface.

As Atlas' browser agent becomes more embedded in everyday work, email, documents, and dashboards, it also becomes a higher-value target for adversaries. OpenAI says prompt injection attacks, where malicious instructions are hidden inside content an AI processes, now represent one of the most persistent risks facing agentic systems.

Unlike traditional phishing, these attacks are not designed to trick humans. The...