This vulnerability allows attackers to inject malicious commands into the AI's own memory, turning a useful feature into a persistent weapon to run arbitrary code (Illustration photo: ST).
According to a report from LayerX Security, this attack exploits a cross-site request forgery (CSRF) vulnerability to inject malicious commands into ChatGPT's persistent memory.
The "Memory" feature, which was designed for AI to remember useful details like users' names and preferences to personalize responses, can now be "broken".
Once the memory is infected, these commands will persist permanently – unless the user manually goes into settings to delete them – and can be triggered across multiple devices and sessions.
“What makes this vulnerability particularly dangerous is that it targets the AI's persistent memory, not just the browser session,” said Michelle Levy, director of security research at LayerX Security.
“In simple terms, an attacker uses a trick to ‘trick’ the AI into writing a malicious command into its memory,” Levy explains. “The most dangerous part is that this command stays in the AI forever – even if the user changes computers, logs out and back in, or even uses a different browser.
Later, when a user makes a completely normal request, they may accidentally trigger the malicious code. As a result, hackers can run code in the background, steal data, or gain higher control over the system.”
The attack scenario described is quite simple: First, a user logs in to ChatGPT Atlas. They are tricked into clicking a malicious link, after which the malicious site secretly triggers a CSRF request, silently injecting malicious instructions into the victim's ChatGPT memory.
Finally, when a user makes a completely legitimate query, for example asking the AI to write code, the tainted “memories” are triggered.
The problem is exacerbated by ChatGPT Atlas' lack of strong anti-phishing controls, LayerX points out.
In tests with over 100 exploits and phishing sites, Atlas only blocked 5.8% of malicious sites.
This number is too modest compared to Google Chrome (47%) or Microsoft Edge (53%), making Atlas users "up to 90% more vulnerable" to attacks than traditional browsers.
This discovery follows another rapid malware injection vulnerability previously demonstrated by NeuralTrust, suggesting that AI browsers are becoming a new attack front.
The ChatGPT Atlas web browser was just launched by OpenAI earlier last week. It is not too surprising that OpenAI integrated the ChatGPT artificial intelligence tool into this browser, helping to better support users when surfing the web.
Whenever a user clicks on a search result in ChatGPT Atlas, a ChatGPT dialog box appears right next to the web page window, allowing them to ask questions related to the content they are viewing, saving them time reading.
ChatGPT can also summarize web page content, edit text when composing an email, or suggest rewriting it to better fit the context.
Source: https://dantri.com.vn/cong-nghe/nguoi-dung-chatgpt-atlas-co-the-bi-danh-cap-du-lieu-voi-ma-doc-vinh-vien-20251028111706750.htm
![[Photo] Draft documents of the 14th Party Congress reach people at the Commune Cultural Post Offices](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/28/1761642182616_du-thao-tai-tinh-hung-yen-4070-5235-jpg.webp)
![[Photo] Flooding on the right side of the gate, entrance to Hue Citadel](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/28/1761660788143_ndo_br_gen-h-z7165069467254-74c71c36d0cb396744b678cec80552f0-2-jpg.webp)
![[Photo] National Assembly Chairman Tran Thanh Man received a delegation of the Social Democratic Party of Germany](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/28/1761652150406_ndo_br_cover-3345-jpg.webp)
![[Photo] President Luong Cuong attends the 80th Anniversary of the Traditional Day of the Armed Forces of Military Region 3](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/28/1761635584312_ndo_br_1-jpg.webp)
Comment (0)