Good points here by Simon Willison about the new ChatGPT Atlas browser from OpenAI…
I’d like to see a deep explanation of the steps Atlas takes to avoid prompt injection attacks. Right now it looks like the main defense is expecting the user to carefully watch what agent mode is doing at all times!