New Agent-Aware Cloaking Technique Uses ChatGPT Atlas Browser to Feed Fake Content

Security researchers have uncovered a sophisticated attack vector that exploits how AI search tools and autonomous agents retrieve web content.

The vulnerability, termed “agent-aware cloaking,” allows attackers to serve different webpage versions to AI crawlers like OpenAI’s Atlas, ChatGPT, and Perplexity while displaying legitimate content to regular users.

This technique represents a significant evolution of traditional cloaking attacks, weaponizing the trust that AI systems place in web-retrieved data.

Unlike conventional SEO manipulation, agent-aware cloaking operates at the content-delivery layer through simple conditional rules that detect AI user-agent headers.

When an AI crawler accesses a website, the server identifies it and serves fabricated or poisoned content while human visitors see the genuine version.

The elegance and danger of this approach lies in its simplicity: no technical exploitation is required, only intelligent traffic routing.

How AI Becomes Weaponized

Researchers at SPLX conducted controlled experiments demonstrating the real-world impact of this technique ...