OpenAI Will Forever Fight Prompt Injection Attacks

AI Firm Discovers New Prompt Injection Attack Class Rashmi Ramesh (rashmiramesh_) • December 23, 2025

OpenAI faces a years-long battle to secure its ChatGPT Atlas web browser against prompt injection attacks, a threat the company says will require continuous defense strengthening much like the arms race against online scams targeting humans.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

The company shipped a security update to Atlas following internal discovery through automated red-teaming of a new class of prompt injection attacks.

Prompt injection attacks embed malicious instructions into content that AI agents process, overriding the agent's intended behavior to follow an attacker's commands instead. For browser agents like the one in ChatGPT Atlas, this creates a threat distinct from traditional web security risks.

The attack surface is extensive. Agents may encounter untrusted instructions in emails, attachments, calendar invites, shared documents, forums, social ...