New attack provides one more reason why AI browsers are a bad idea
Telling an LLM that 2 + 2 = 5 is enough to make it follow forbidden instructions.
Signal weather
Rising
Momentum is building quickly, so this card is a good early entry point into the topic.
Makers of AI browsers make lofty promises. With a single prompt, users can ask one to find a restaurant in a particular part of town, reserve a table, invite a colleague to lunch, and email a confirmation. These makers are much more reticent about the risks of blurring the once fine line between browsing sites and asking a large language model a question or instructing it to take potentially sensitive actions. LLM developers’ answer so far has been to build guardrails that make some requests off-limits. Developing software exploits, stealing credentials, or teaching how to build a pipe bomb are examples. The problem with this approach is that the guardrails are reactive and treat the symptoms rather than solve the root cause. It’s tantamount to the manufacturer of an unsafe vehicle advocating for new road designs rather than fixing the flaws that make it prone to accidents. Lulling LLMs into an alternate reality New research puts this predicament on sharp display. It demonstrates how a website can lull AI browsers into a false reality where the rules governing its behavior no longer apply. After that, an attacker has free rein to invoke all kinds of destructive actions, such as extracting code from a private repository or extracting credentials from the built-in password manager. Read full article Comments
Stay on the signal
Follow New attack provides one more reason why AI browsers are a bad idea
Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.
Story map
Understand this topic fast
A quick entry into the story: why it matters now, who is involved, and where to go next for context.
Why it matters now
Topic constellation
Open the live map for this story
See which entities, story threads, sources, and follow-up articles shape this story right now.
Click nodes to continue
Entity pages
Story timeline
Continue with this story
A short sequence of events and follow-up stories to understand the arc quickly.
How reliable this looks
Signal and trust for Ars Technica
This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.
Reliability
92
Freshness
100
Sources in storyline
1
Related articles
More stories that share tags, source, or category context.
June research roundup: 6 cool science stories we almost missed
Also, the science of poop's distinctive shape, boron buckyballs, and the secret to a soccer feint.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Reddit will require you to log in to use old.reddit.com
Logged-out Old Reddit access is “significant source of abusive scraping."
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Amazon blames piracy apps with malware for killing new Fire Stick sideloading
New Fire Stick OS helps Amazon block third-party homepage launchers, ad blockers.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
NASA may send a backup, nuclear-powered Mars rover to the Moon
"That would be an awesome capability."
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
More from Ars Technica
Fresh reporting and follow-up coverage from the same newsroom.
June research roundup: 6 cool science stories we almost missed
Also, the science of poop's distinctive shape, boron buckyballs, and the secret to a soccer feint.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Reddit will require you to log in to use old.reddit.com
Logged-out Old Reddit access is “significant source of abusive scraping."
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Amazon blames piracy apps with malware for killing new Fire Stick sideloading
New Fire Stick OS helps Amazon block third-party homepage launchers, ad blockers.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
NASA may send a backup, nuclear-powered Mars rover to the Moon
"That would be an awesome capability."
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.