- Atlas can access, read, and remember activity across logged‑in sites—including email and banking—by building persistent “memories” of browsing sessions when users grant permissions.
- Atlas is useful for automation but potentially over‑permissive in data capture and susceptible to malicious page‑level instructions.
German encrypted email provider Tuta urged users to avoid installing OpenAI’s new Atlas AI browser, arguing the ChatGPT‑integrated app amasses extensive behavioural data and introduces novel attack surfaces that could outweigh its convenience features.
In a detailed advisory, Tuta said Atlas can access, read, and remember activity across logged‑in sites—including email and banking—by building persistent “memories” of browsing sessions when users grant permissions.
The company said those capabilities make it difficult for consumers to control what is stored or forgotten, and warned that “Incognito” mode is not truly private because interactions may still be visible to ChatGPT and third parties, with chats retained for 30 days for abuse detection.
Tuta also highlighted OpenAI’s US jurisdiction and temporary data retention even after deletion, and pointed to “Agent mode” as an additional risk area given prompt‑injection and phishing vulnerabilities observed in agentic browsers.
Data collection
OpenAI introduced Atlas as an AI‑powered alternative to mainstream browsers that can summarise content, compare products, analyse data, and execute tasks directly on web pages. Tuta framed those features as a double‑edged sword—useful for automation but potentially over‑permissive in data capture and susceptible to malicious page‑level instructions.
The firm consolidated its objections into five primary reasons to “think twice” before using Atlas until stronger safeguards and clearer data controls are in place.
Tuta referenced industry research suggesting agent browsers may be more vulnerable to phishing than traditional clients and cited demonstrations indicating AI agents can retain sensitive contextual information from browsing sessions. The company also cautioned that future product changes, such as advertising, could expand the use of collected data.
OpenAI has positioned Atlas as a productivity tool that personalises the web experience by remembering user preferences and completing tasks on their behalf.
The company says Atlas is not intended to store sensitive credentials. Tuta, however, argues current guardrails are insufficient and that users cannot reliably constrain what AI agents remember in practice.
What’s next
- User adoption and enterprise policies: The warning may prompt privacy‑conscious users and regulated organisations to pause deployment pending clearer controls and third‑party audits.
- Regulatory scrutiny: Atlas’s data practices and “agent mode” could draw attention from EU data protection authorities and consumer watchdogs, particularly around consent, retention, and cross‑border transfers.
- Competitive responses: Browser makers with privacy positioning may seek to differentiate with stricter permissions, on‑device memory, or agent isolation by default.
Discover more from TechChannel News
Subscribe to get the latest posts sent to your email.