Tuta warns users: don’t install OpenAI’s Atlas AI browser
Tuta, a German privacy-focused and end-to-end encrypted email and calendar service, has alerted users to avoid installing Atlas AI, an OpenAI browser that directly integrates ChatGPT into browsing. Both privacy and security are at stake.
Tuta claims that the Atlas AI browser is not safe and lists at least five reasons why users “should think twice before using it.”
OpenAI introduced Atlas AI as an AI-powered alternative to Chrome, Firefox, and other browsers, capable of remembering user activity, performing actions directly on web pages, and more.
While an AI assistant summarizing content, comparing products, analyzing data, and running other tasks might sound useful, it has too much access to sensitive user information.
“It comes with privacy and security risks: from having access to, reading, and remembering almost everything you’re logged into, to vulnerabilities that could allow bad actors to inject malicious instructions into the browser,” the company said in a blog post titled “Don’t install Atlas AI browser – here’s why.”
First, Tuta warns that Atlas can read and store everything – even the mailbox or bank account when logged in. It does this through tracking, processing, and collecting user data.
“If you grant it the permissions upon setup, Atlas builds a huge database of memories of the websites you visit, and based on what you search for, it creates facts and insights,” the post reads.
The firm argues that everything the user does online is accessible to Atlas, otherwise it wouldn’t be able to offer a personalized experience.
The second reason is that it’s impossible to know what Atlas will or won’t remember. While the browser is not meant to remember bank details, passwords, addresses, IDs, or other sensitive data, currently, you can’t really trust AI to stick to any rules.
Lena Cohen, a staff technologist at the Electronic Frontier Foundation, demonstrated how Atlas memorized simulated users’ appointments on a website, offering sexual and reproductive health services.
This brings us to the third reason: that Incognito mode in Atlas “isn’t truly private.” According to OpenAI’s explanation, the data is still visible to ChatGPT and the rest of the internet.
“In this mode, your actions are still being tracked by the Atlas browser and ChatGPT,” Tuta warns.
“If you have chats with ChatGPT in this mode, they are not saved to your account, but ChatGPT retains them for 30 days for abuse detection and prevention purposes. It also notes that you’re visible to third parties, and that activity might also be seen by your employer, school, or ISP.
Fourth, Tuta warns that OpenAI is an American tech giant operating under US jurisdiction, which makes it easier for law enforcement and the government to access and monitor user information. Even if users delete all the information and chats within Atlas, the company still keeps them for 30 days.
The last concern is that Agent mode introduces even more risks that are not currently well understood.
Previous exploits demonstrated that AI assistants are vulnerable to prompt injection attacks, which can lead to remote code execution. Attackers on the web can trick bots into running malicious code, granting privileges, or deploying malware. Researchers have previously demonstrated that the Claude agent can be hijacked by simply asking everyday questions.
“Atlas currently doesn’t have any ‘meaningful’ anti-phishing protections, and because of this, users who use Atlas ChatGPT browser are up to 90% more vulnerable to phishing attacks than users who use traditional browsers like Chrome,” Tuta quoted a LayerX report.
Tuta also cautions that OpenAI might start advertising, and all the collected data might be ultimately sold to advertisers, who will target users with annoying ads.
Because who knows what else OpenAI will do in the future?
Unlock more exclusive Cybernews content on YouTube.
