Security firm SquareX has revealed a spoofing technique that uses fake AI sidebars to steal passwords without altering browser code. This method bypasses traditional antivirus defenses and threatens browsers like OpenAI's new Atlas. The attack deceives users into thinking they are interacting with legitimate AI assistants.
SquareX, a cybersecurity company, has disclosed a novel spoofing trick targeting AI-integrated browsers. According to their findings, attackers can create fake AI sidebars that mimic legitimate chat interfaces, tricking users into entering passwords while believing they are conversing with an assistant.
The vulnerability is particularly concerning because the spoofing method does not modify any browser code, allowing it to evade detection by antivirus software. This means the attack operates stealthily within the browser environment without triggering security alerts.
OpenAI's recently launched Atlas browser is highlighted as vulnerable, but SquareX notes it is not alone—other similar browsers face the same risks from these dangerous spoof attacks. The revelation comes amid growing adoption of AI features in web browsing, raising questions about the security of such integrations.
No specific timeline for the discovery was provided, but the report underscores the need for enhanced defenses against non-code-altering threats in AI-driven interfaces.