Exclusive: OpenAI\u2019s Atlas browser \u2014 and others \u2014 can be tricked by manipulated web content | CyberScoop<\/title> <meta name=\"description\" content=\"Researchers are poking holes in OpenAI\u2019s new browser as international standards bodies fear U.S. businesses may be \u201csleepwalking\u201d into an AI governance crisis. \"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/openai-atlas-splx-research-cloaking-attacks-browser-agents\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Exclusive: OpenAI\u2019s Atlas browser \u2014 and others \u2014 can be tricked by manipulated web content\"> <meta property=\"og:description\" content=\"Researchers are poking holes in OpenAI\u2019s new browser as international standards bodies fear U.S. businesses may be \u201csleepwalking\u201d into an AI governance crisis. \"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/openai-atlas-splx-research-cloaking-attacks-browser-agents\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-10-28T17:10:17+00:00\"> <meta property=\"article:modified_time\" content=\"2025-10-28T17:18:46+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.jpg\"> <meta property=\"og:image:width\" content=\"1013\"> <meta property=\"og:image:height\" content=\"675\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1759256725g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1761070183g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86502\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86502\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fopenai-atlas-splx-research-cloaking-attacks-browser-agents%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fopenai-atlas-splx-research-cloaking-attacks-browser-agents%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86502 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/openai-atlas-splx-research-cloaking-attacks-browser-agents\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.726904376013\">\n<div class=\"single-article__header-content\" readability=\"34.510344827586\">\n<p> Researchers poke holes in OpenAI\u2019s new browser as standards bodies fear U.S. businesses are \u201csleepwalking\u201d into an AI governance crisis. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/86502\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.jpg 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.jpg?resize=506,337 506w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Researchers poke holes in OpenAI\u2019s new browser as standards bodies fear U.S. businesses are \u201csleepwalking\u201d into an AI governance crisis. (Photo illustration by Cheng Xin\/Getty <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"83.623122939812\"><body readability=\"168.9112394958\"><\/p>\n<p>As AI browser agents enter the market promising to help people shop, hire employees or assist with other online tasks, security researchers are warning that the information these programs collect from the internet can be manipulated and corrupted without anyone ever realizing it.<\/p>\n<p>In new research shared exclusively with CyberScoop, AI cybersecurity firm SPLX highlighted vulnerabilities in ChatGPT Atlas, OpenAI\u2019s newly released browser agent, as well as ChatGPT and Perplexity AI. Based on a simple change in the user-agent header, the website could send clandestine, cloaked information to the underlying LLM that influences its behavior and decision-making.<\/p>\n<p>SPLX AI engineer Ivan Vlahov told CyberScoop that his team built a website capable of displaying different content depending on the visitor. To a human user, the site looked like a standard professional biography for a product designer.<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" height=\"445\" width=\"640\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content.png?resize=640%2C445&ssl=1\" alt class=\"wp-image-86504\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-3.png 1176w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-3.png?resize=300,209 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-3.png?resize=768,534 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-3.png?resize=1024,712 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-3.png?resize=600,417 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-3.png?resize=242,168 242w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-3.png?resize=484,337 484w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-3.png?resize=970,675 970w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><figcaption class=\"wp-element-caption\"><em>How the website of Zerphina Quortane, a fictional designer created by SPLX researchers, looks when a human visitor is detected. (Source: SPLX)<\/em><\/figcaption><\/figure>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>However, if the website detected an AI crawler, such as those used in Atlas, GPT or Perplexity, a separate server would deliver an alternate, hidden version filled with negative commentary about the designer.<\/p>\n<p>\u201cIt\u2019s very easy to serve different content based on the header,\u201d Vlahov said.<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" height=\"427\" width=\"640\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-1.png?resize=640%2C427&ssl=1\" alt class=\"wp-image-86505\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-4.png 1130w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-4.png?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-4.png?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-4.png?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-4.png?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-4.png?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-4.png?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-4.png?resize=1012,675 1012w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><figcaption class=\"wp-element-caption\"><em>A malicious, cloaked version of Zerphina Quortane\u2019s website, served only to AI crawlers. (Source: SPLX) <\/em><\/figcaption><\/figure>\n<p>Malicious hackers could use the technique to launch smear campaigns about individuals or organizations, knowing that browser agents searching for those same names or terms would find the manipulated information. Meanwhile, scammers could potentially show agents fake promotions or discounts, displaying a completely different set of prices or products to the agent than what appears to actual visitors on a legitimate website.<\/p>\n<p>Vlahov noted that scammers often used similar SEO-like schemes with online ads before Google began blocking for ads that relied on similar manipulation. However, he claimed OpenAI\u2019s terms of service do not appear to substantively address the problem.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThere\u2019s no explicit terms of service for OpenAI and ChatGPT; [they] don\u2019t specifically disallow this behavior from websites,\u201d he said. \u201cGoogle for example \u2026 they\u2019ll block your page and it won\u2019t appear anymore on their search results. The first step for OpenAI would be to start implementing some verification methods and actually banning bad actors.\u201d<\/p>\n<p>In another test, the team explored how such weaknesses could be used to manipulate online job recruiting. They generated a fictional job posting with specific evaluation criteria, as well as online resume and profiles for five job candidates, with each hosted on a separate page. All resumes \u201clooked realistic and well structured, complete with plausible work histories and skill descriptions.\u201d<\/p>\n<p>One of the fake candidates, \u201cNatalie Carter,\u201d had the weakest qualifications according to her human-viewable website, and was given the lowest score by the AI models. However, if Natalie\u2019s webpage detected the presence of an AI crawler, it was sent a different page with inflated credentials, titles, and accomplishments.<\/p>\n<p>As a result, Natalie sailed through the AI screening process, receiving the highest score and beating the next ranked candidate by 10 points.<\/p>\n<p>Vlahov noted one of the ironies of this flaw is that, if a user does somehow notice that the LLM is processing different information on the backend, they might just assume it\u2019s an example of hallucination, another well-known challenge with AI models.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cEven if the chatbot says something bad about a person or provides some hurtful or bad content that shouldn\u2019t be there \u2014 even when the user clicks the link \u2014 it still opens the normal website where everything is fine,\u201d he said. \u201cIt feels like a hallucination.\u201d<\/p>\n<p>OpenAI did not immediately respond to questions about the research Tuesday. Vlahov and SPLX officials told CyberScoop that OpenAI has not responded to their previous attempts to contact the company about similar research.<\/p>\n<p>Other researchers and tech executives highlighted additional concerns with Atlas.<\/p>\n<p>LayerX<a href=\"https:\/\/layerxsecurity.com\/blog\/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser\/\"> said<\/a> this week it had discovered a way to piggyback off ChatGPT\u2019s authentication protocols to inject hidden instructions into the LLM\u2019s memory, even allowing for remote code execution in some instances.<\/p>\n<p>\u201cThe vulnerability affects ChatGPT users on any browser, but it is particularly dangerous for users of OpenAI\u2019s new agentic browser: ChatGPT Atlas,\u201d Or Eshed, the security firm\u2019s cofounder and CEO, wrote Monday. \u201cLayerX has found that Atlas currently does not include any meaningful anti-phishing protections, meaning that users of this browser are up to 90% more vulnerable to phishing attacks than users of traditional browsers like Chrome or Edge.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>There are caveats worth noting: the user must already be logged in to ChatGPT and hold a valid authentication cookie or token in their browser. The user must also first click a malicious link for the exploit to work.<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" loading=\"lazy\" decoding=\"async\" height=\"433\" width=\"640\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-2.png?resize=640%2C433&ssl=1\" alt class=\"wp-image-86503\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.png 1208w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.png?resize=300,203 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.png?resize=768,520 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.png?resize=1024,693 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.png?resize=600,406 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.png?resize=248,168 248w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.png?resize=498,337 498w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-5.png?resize=997,675 997w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><figcaption class=\"wp-element-caption\"><em>An illustration of a memory corruption attack impacting ChatGPT and Atlas, discovered by researchers at LayerX. (Source: LayerX) <\/em><\/figcaption><\/figure>\n<p>Business users reported some hiccups as well. Pete Johnson, chief technology officer for MongoDB, said after installing the Atlas browser he became \u201ccurious\u201d how it stored cached data. He quickly discovered a number of concerns. <\/p>\n<p>He wrote that while \u201cit is standard practice on the Mac for a browser to store oAuth tokens in a SQLite database, what I discovered that apparently isn\u2019t standard practice is that by default the ChatGPT Atlas install has 644 permissions on that file (making it accessible to any process on your system).\u201d Additionally, unlike other standard browsers, Atlas \u201cisn\u2019t using keychain to encrypt the oAuth tokens within that SQLite database (which means that those tokens are queryable and then usable).\u201d<\/p>\n<p>Johnson, who described himself as \u201chardly a security expert,\u201d said his script was later validated by a MongoDB security specialist. He said other users have since reported the same flaw, while others did receive encrypted OAuth tokens.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>At the same time security researchers are poking around AI browser agents, global standards organizations are tracking worrying signals that many U.S. businesses are \u201csleepwalking\u201d into an AI governance crisis.<\/p>\n<p>New research set to be released this week by the British Standards Institution, the United Kingdom\u2019s national standards body, analyzed 100 multinational annual reports and surveyed 850 senior business leaders around the world. <\/p>\n<p>The results, shared exclusively in advance with CyberScoop, found that U.S. businesses are lagging behind the world in planning for the safe and responsible use of AI, even as the nation\u2019s government and business leaders have seemingly gone all in on the technology from an investment and adoption perspective.<\/p>\n<p>For example, just 17.5% of U.S. business leaders reported having an AI governance program in place, compared to 24% worldwide. Meanwhile, just 1 in 4 U.S. businesses restrict their employees from using unauthorized AI tools, and a quarter of business leaders were aware of the data their AI tools were trained on.<\/p>\n<p>Their findings concluded that U.S. \u201cbusinesses showcase \u2026 a striking absence of guardrails to prevent harmful or irresponsible use of AI due to companies\u2019 ambition in taking part in the AI gold rush,\u201d according to a press release viewed by CyberScoop.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.4355400696864\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"21.731707317073\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/openai-threat-report-ai-cybercrime-hacking-scams\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"590\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-2.jpg?resize=590%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg 7000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg?resize=300,171 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg?resize=768,439 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg?resize=1024,585 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg?resize=1536,878 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg?resize=2048,1170 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg?resize=600,343 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg?resize=294,168 294w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg?resize=590,337 590w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg?resize=1181,675 1181w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-6.jpg?resize=1475,843 1475w\" sizes=\"auto, (max-width: 590px) 100vw, 590px\"> <\/a><figcaption class=\"screen-reader-text\"> A new report from the leader in the generative AI boom says AI is being used in existing workflows, instead of to create new ones dedicated to malicious hacking. (Image Via Getty) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"2.6086956521739\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/openai-threat-report-ai-cybercrime-hacking-scams\/\"> OpenAI: Threat actors use us to be efficient, not make new tools <\/a> <\/h3>\n<p> A new report from the leader in the generative AI boom says AI is being used in existing workflows, instead of to create new ones dedicated to\u2026 <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/derek-johnson\/\"> Derek B. Johnson <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/openai-anthropic-ai-safety-government-research-us-uk\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-3.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg 6240w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-7.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> OpenAI and Anthropic said they turned over their models to government researchers, who found an array of previously undiscovered vulnerabilities and attack techniques. (Image via Getty) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/openai-anthropic-ai-safety-government-research-us-uk\/\"> Top AI companies have spent months working with US, UK governments on model safety <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/derek-johnson\/\"> Derek B. Johnson <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/gpt5-openai-microsoft-security-review\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-4.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg 6754w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content-8.jpg?resize=1264,843 1264w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> In this photo illustration, a person holds a smartphone showing the Introducing GPT-5 interface in the ChatGPT app, with text describing the model\u2019s capabilities, in front of a blurred OpenAI logo on August 9, 2025 in Chongqing, China. (Photo illustration by Cheng Xin\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/gpt5-openai-microsoft-security-review\/\"> Guess what else GPT-5 is bad at? Security <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/derek-johnson\/\"> Derek B. Johnson <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/openai-atlas-splx-research-cloaking-attacks-browser-agents\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Exclusive: OpenAI\u2019s Atlas browser \u2014 and others \u2014 can be<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,5315,384,5316,385,78,564,4734,256,310],"tags":[236,5317,388,5318,389,86,565,4736,262,311],"class_list":["post-8112","post","type-post","status-publish","format-standard","hentry","category-ai","category-ai-agents","category-artificial-intelligence-ai","category-atlas-browser","category-chatgpt","category-cybersecurity","category-openai","category-perplexity","category-research","category-technology","tag-ai","tag-ai-agents","tag-artificial-intelligence-ai","tag-atlas-browser","tag-chatgpt","tag-cybersecurity","tag-openai","tag-perplexity","tag-research","tag-technology"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai-agents\/\" rel=\"category tag\">AI agents<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/atlas-browser\/\" rel=\"category tag\">Atlas browser<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/chatgpt\/\" rel=\"category tag\">ChatGPT<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/openai\/\" rel=\"category tag\">OpenAI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/perplexity\/\" rel=\"category tag\">Perplexity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a>","tag_info":"Technology","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8112"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8112\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8112,"date":"2025-10-28T12:10:17","date_gmt":"2025-10-28T17:10:17","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86502"},"modified":"2025-10-28T12:10:17","modified_gmt":"2025-10-28T17:10:17","slug":"exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/10\/28\/exclusive-openais-atlas-browser-and-others-can-be-tricked-by-manipulated-web-content\/","title":{"rendered":"Exclusive: OpenAI\u2019s Atlas browser \u2014 and others \u2014 can be tricked by manipulated web content"},"content":{"rendered":"