hrbrmstr's Daily Drop

Drop #721 (2025-10-23): Atlas? ¯\_(ツ)_/¯

hrbrmstr

One section this morning since I’m going to make an effort to post a belated Typography Tuesday Drop this afternoon (I still have not shaken this plague and had a fairly wretched and debilitating coughing fit Tuesday).

I tried OpenAI’s new browser so you didn’t have to.

TL;DR: Don’t use it.

If you follow tech news even in a casual manner, you know OpenAI released “OpenAI ChatGPT Atlas” (the actual daft full name) this week. We’ll just call it “Atlas”, since everyone else is.

It’s a fairly pathetic also-ran “AI”-“powered”, “agentic” Chromium-based browser that, for now, only works on macOS. It has Titanic cohorts such as Atlassian’s Dia, Perplexity’s Comet, and others. They all essentially purport to do the same things. You get a sidebar that is a chat interface to the back-end commercial models, and it has baked in “tools” for examining and manipulating the browser’s user interface and web page DOM.

Looking at the preferences panel:

It’s clear that OpenAI expects you to provide them with access to all your private information, such as identities and financial information. For the love of Henry, do not do that. In fact, do not install Atlas or any other one of these beasts.

I did the basic “can it do DOM stuff” with an Inoreader test, and it worked, so we’ll just note that it can, in fact, machinate the DOM.

Then, I came across this post by OpenAI’s CISO. It read like a pretty cowardly defensive tome full of excuses, so I figured some folks were mean to Atlas, and a quick Kagi verified that hypothesis.

So, I decided to make the world’s worst prompt injection test that even said it was a prompt injection test:

Just like the Babylon Project, it failed.

Others seem to have had similar success in Google Docs and other contexts.

OpenAI clearly isn’t concerned about your safety and also seems not to employ any competent humans.

To my surprise, the injection attack worked in ChatGPT-proper:

and sadly (but, unsurprisingly, since the model came from OpenAI) worked in Ollama.com’s gpt-oss-200b-cloud environment:

So, much like the end result of the Titanomachy, Atlas has been defeated.

FIN

Remember, you can follow and interact with the full text of The Daily Drop’s free posts on:

  • 🐘 Mastodon via @dailydrop.hrbrmstr.dev@dailydrop.hrbrmstr.dev
  • 🦋 Bluesky via https://bsky.app/profile/dailydrop.hrbrmstr.dev.web.brid.gy

☮️

,

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.