This was rumoured since much before Perplexity rolled out the Comet, Opera released a subscription based Neon browser and Google as well as Microsoft talked about an AI layer for Chrome and Edge respectively. Nevertheless, OpenAI has finally given the world a first glimpse at ChatGPT Atlas, a web browser which as the name suggests, keeps the ChatGPT artificial intelligence (AI) at its core. As things stand, ChatGPT Atlas is now available for macOS devices, and the ‘agent mode’, which can do some tasks in a predefined manner, is unlocked only for ChatGPT Plus and ChatGPT Pro subscribers. The ChatGPT Atlas for Windows PCs, Apple’s iPhones as well as millions of Android devices, is “coming soon”.
Mind you, this is Chromium based, which OpenAI confirms — “Atlas is OpenAI’s Mac browser built on Chromium”, the support documents clarify. This gives it the same foundation as almost 65% of the web browser apps being used worldwide, including the very popular Google Chrome, as well as Microsoft’s Edge. Perplexity’s AI browser, Comet, is also based on Chromium, which is an open-source software project first introduced by Google in 2008 with the Chrome browser, that has since been a popular platform for developers to build their software with, for free. Two sides to this coin as well — it means OpenAI is as reliant on open-source technology as almost anyone else in the tech space, but this also means a well established foundation should hold the ChatGPT Atlas in good stead.
Also Read:Google Search Live and AI Mode with Circle to Search, set to launch in India
Key to ChatGPT Atlas would be memory, with OpenAI suggesting ChatGPT will remember key details from your web browsing to improve chat responses and offer smarter suggestions. This would include, for instance, retrieving a web page you read a while ago. OpenAI insists the privacy aspect has been taken care of, with browser memories being private to a user’s account. They say a user has the option to view them all in settings, archive ones that are no longer relevant, and clear browsing history to delete them. The guidance seems to be that even if browser memory is toggled on, a user can decide which sites ChatGPT can’t see using the toggle in the address bar. When this visibility is off, ChatGPT can’t view that page or website’s content, and therefore no memories are created from it.
As is par for course with AI browser promises, OpenAI also lists browsing add-ons with ChatGPT Atlas — a sidebar where a user will be able to summarise content, compare products on shopping platforms, can do certain tasks such as researching for a trip and then purchasing everything in the shopping list, supposedly smarter searches and highlighting text to invoke further explanations with AI chat.
Also Read:Perplexity vs Google: A tug of war for India’s AI mind space
For OpenAI’s agentic functionality aspirations, they do find a strong foundation from the Operator tool, introduced earlier this year, to help in automating certain tasks on the web by simulating human actions such as restaurant reservations, filling out web forms and ordering groceries. Mind you, Operator was then succeeded by ChatGPT Agent in July, which did everything Operator already did, but merged Deep Research as well for multi-step processes and analysis. Earlier this month, OpenAI had launched AgentKit, a set of tools and APIs for developers to build, deploy, and scale their own AI agents.
The AI browser landscape has been active in recent months. Credit may be due to Perplexity, when they launched the Comet browser this summer, to push the conversation from prototypes to an actual real-world web browser experience. Since then, Google has confirmed that its Gemini models will be deeply integrated within Chrome in the coming months to do the mix of summarisations, analysis and comparisons, as well as shop for groceries, complete an online reservation and schedule appointments. For OpenAI’s ChatGPT Atlas, and indeed all other AI browsers, the most significant challenge comes from Google Search, which has extended the AI summarisation functionality to Search results with AI Overviews and an AI Mode.
Also Read:Comet browser is designed to be a thought partner: Perplexity’s Aravind Srinivas
On the macOS version, ChatGPT Atlas still doesn’t have a lot of functionality that you may be used to with Apple’s own Safari, or Chrome. For instance, the search tab cannot be set to search with Google Search, which will be disorienting for many users with Google Search more a habit borne from familiarity. Secondly, for now, the default ChatGPT model to use with query responses cannot be predefined by a user — in our case, GPT 5 Instant seems to be the default. We were also not able to find a web page translation feature. ChatGPT Atlas also cannot pull in passwords and autofill credit card details stored in the Passwords app in macOS — it is likely this behaviour may extend to the iPhone and iPad version, when that is released.
Beyond the AI glitter, vulnerabilities galore
Web browser company Brave, which has its own Chromium based Brave browser that’s available across platforms, has embarked on a research series to illustrate vulnerabilities with AI browsers — not specifically ChatGPT Atlas or Perplexity’s Comet, but the broader space that’s attracting excited users. In their latest research paper, they illustrate that a vulnerability called “prompt injection” is a “systematic problem facing Comet and other AI-powered browsers”. Simply put, prompt injection attacks, which basically are malicious but hidden prompts on web pages, that can be used to execute tasks on our computing device including accessing files or saved credentials. This threat could be delivered with something seemingly as harmless as a screenshot.
Also Read:Tech Tonic | Why are AI companies this interested in Google Chrome?
Shivan Kaul Sahib, who is Vice President for Privacy and Security at Brave, and Artem Chaikin, who is a Senior Mobile Security Engineer, write that “AI-powered browsers that can take actions on your behalf are powerful yet extremely risky. If you’re signed into sensitive accounts like your bank or your email provider in your browser, simply summarising a Reddit post could result in an attacker being able to steal money or your private data.” They go on to detail instances of prompt injection via screenshots in Perplexity’s Comet.
“Until we have categorical safety improvements (i.e., across the browser landscape), agentic browsing will be inherently dangerous and should be treated as such. In the meantime, browsers should isolate agentic browsing from regular browsing and initiate agentic browsing actions (opening websites, reading emails, etc.) only when the user explicitly invokes them,” their warning is clear.
Researchers at Brave aren’t the only ones setting off the alarm bells. There are concerns about AI models that drive these browsers hallucinating and performing actions a user didn’t specifically request.
Research by Malwarebytes Labs is also pointing to prompt injection as a rather easy method for anyone with malicious intent, to utilise the capabilities of an AI browser to gain access. “What if my agentic browser gets new details while visiting a website? I can imagine criminals setting up a website with extremely competitive pricing just to attract visitors, but the real goal is to extract the payment information which the agentic browser needs to make purchases on your behalf. You could end up paying for someone else’s vacation to France,” notes Pieter Arntz, Malware Intelligence Researcher.