News Grower

Independent coverage of AI, startups, and technology.

Ars Technica Jun 30, 2026 at 20:03 Big Tech Rising Hot

New attack provides one more reason why AI browsers are a bad idea

Telling an LLM that 2 + 2 = 5 is enough to make it follow forbidden instructions.

Signal weather

Rising

Momentum is building quickly, so this card is a good early entry point into the topic.

By Dan Goodin Original source
New attack provides one more reason why AI browsers are a bad idea

Makers of AI browsers make lofty promises. With a single prompt, users can ask one to find a restaurant in a particular part of town, reserve a table, invite a colleague to lunch, and email a confirmation. These makers are much more reticent about the risks of blurring the once fine line between browsing sites and asking a large language model a question or instructing it to take potentially sensitive actions. LLM developers’ answer so far has been to build guardrails that make some requests off-limits. Developing software exploits, stealing credentials, or teaching how to build a pipe bomb are examples. The problem with this approach is that the guardrails are reactive and treat the symptoms rather than solve the root cause. It’s tantamount to the manufacturer of an unsafe vehicle advocating for new road designs rather than fixing the flaws that make it prone to accidents. Lulling LLMs into an alternate reality New research puts this predicament on sharp display. It demonstrates how a website can lull AI browsers into a false reality where the rules governing its behavior no longer apply. After that, an attacker has free rein to invoke all kinds of destructive actions, such as extracting code from a private repository or extracting credentials from the built-in password manager. Read full article Comments

Stay on the signal

Follow New attack provides one more reason why AI browsers are a bad idea

Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.

We send a confirmation link first, then only meaningful digests.

Story map

Understand this topic fast

A quick entry into the story: why it matters now, who is involved, and where to go next for context.

Why it matters now

Fresh coverage with immediate momentum.
There are already 6 connected articles in the same storyline to continue from here.
The story keeps orbiting around Ars Technica, Bad Idea, and Browsers, so the entity pages are the fastest way to build context.
Ars Technica already has 4 follow-up stories on the same theme.

Topic constellation

Open the live map for this story

See which entities, story threads, sources, and follow-up articles shape this story right now.

Click nodes to continue

Entity Cluster Article Hub Source

Story timeline

Continue with this story

A short sequence of events and follow-up stories to understand the arc quickly.

Jun 30, 2026 at 22:11 Ars Technica

June research roundup: 6 cool science stories we almost missed

Also, the science of poop's distinctive shape, boron buckyballs, and the secret to a soccer feint.

Jun 30, 2026 at 21:46 Ars Technica

Reddit will require you to log in to use old.reddit.com

Logged-out Old Reddit access is “significant source of abusive scraping."

Jun 30, 2026 at 21:04 Ars Technica

Amazon blames piracy apps with malware for killing new Fire Stick sideloading

New Fire Stick OS helps Amazon block third-party homepage launchers, ad blockers.

Jun 30, 2026 at 20:50 Ars Technica

NASA may send a backup, nuclear-powered Mars rover to the Moon

"That would be an awesome capability."

Jun 30, 2026 at 20:20 Ars Technica

Apple takes Epic fight over app store fees to the Supreme Court

Supreme Court will weigh if Apple contempt finding in Epic case is “erroneous.”

Jun 30, 2026 at 20:03 Ars Technica

New attack provides one more reason why AI browsers are a bad idea

Telling an LLM that 2 + 2 = 5 is enough to make it follow forbidden instructions.

How reliable this looks

Signal and trust for Ars Technica

This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.

Trusted

Reliability

92

Freshness

100

Sources in storyline

1

Related articles

More stories that share tags, source, or category context.

More from Ars Technica

Fresh reporting and follow-up coverage from the same newsroom.

Open source page