Cybercriminals don’t always need malware or exploits to break into systems anymore. Sometimes, they just need the right words in the right place. OpenAI is now openly acknowledging that reality. The company says prompt injection attacks against artificial intelligence (AI)-powered browsers are not a bug that can be fully patched, but a long-term risk that comes with letting AI agents roam the open web. This raises uncomfortable questions about how safe these tools really are, especially as they gain more autonomy and access to your data.

Sign up for my FREE CyberGuy Report 

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

NEW MALWARE CAN READ YOUR CHATS AND STEAL YOUR MONEY

Why prompt injection isn’t going away

In a recent blog post, OpenAI admitted that prompt injection attacks are unlikely to ever be completely eliminated. Prompt injection works by hiding instructions inside web pages, documents or emails in ways that humans don’t notice, but AI agents do. Once the AI reads that content, it can be tricked into following malicious instructions.

OpenAI compared this problem to scams and social engineering. You can reduce them, but you can’t make them disappear. The company also acknowledged that “agent mode” in its ChatGPT Atlas browser increases risk because it expands the attack surface. The more an AI can do on your behalf, the more damage it can cause when something goes wrong.

OpenAI launched the ChatGPT Atlas browser in October, and security researchers immediately started testing its limits. Within hours, demos appeared showing that a few carefully placed words inside a Google Doc could influence how the browser behaved. That same day, Brave published its own warning, explaining that indirect prompt injection is a structural problem for AI-powered browsers, including tools like Perplexity’s Comet.

This isn’t just OpenAI’s problem. Earlier this month, the National Cyber Security Centre in the U.K. warned that prompt injection attacks against generative AI systems may never be fully mitigated.

FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE

The risk trade-off with AI browsers

OpenAI says it views prompt injection as a long-term security challenge that requires constant pressure, not a one-time fix. Its approach relies on faster patch cycles, continuous testing, and layered defenses. That puts it broadly in line with rivals like Anthropic and Google, which have both argued that agentic systems need architectural controls and ongoing stress testing.

Where OpenAI is taking a different approach is with something it calls an “LLM-based automated attacker.” In simple terms, OpenAI trained an AI to act like a hacker. Using reinforcement learning, this attacker bot looks for ways to sneak malicious instructions into an AI agent’s workflow.

The bot runs attacks in simulation first. It predicts how the target AI would reason, what steps it would take and where it might fail. Based on that feedback, it refines the attack and tries again. Because this system has insight into the AI’s internal decision-making, OpenAI believes it can surface weaknesses faster than real-world attackers.

Even with these defenses, AI browsers aren’t safe. They combine two things attackers love: autonomy and access. Unlike regular browsers, they don’t just display information, but also read emails, scan documents, click links and take actions on your behalf. That means a single malicious prompt hidden in a webpage, document or message can influence what the AI does without you ever seeing it. Even when safeguards are in place, these agents operate by trusting content at scale, and that trust can be manipulated.

THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS

7 steps you can take to reduce risk with AI browsers

You may not be able to eliminate prompt injection attacks, but you can significantly limit their impact by changing how you use AI tools.

1) Limit what the AI browser can access

Only give an AI browser access to what it absolutely needs. Avoid connecting your primary email account, cloud storage or payment methods unless there’s a clear reason. The more data an AI can see, the more valuable it becomes to attackers. Limiting access reduces the blast radius if something goes wrong.

2) Require confirmation for every sensitive action

Never allow an AI browser to send emails, make purchases or modify account settings without asking you first. Confirmation breaks long attack chains and gives you a moment to spot suspicious behavior. Many prompt injection attacks rely on the AI acting quietly in the background without user review.

3) Use a password manager for all accounts

A password manager ensures every account has a unique, strong password. If an AI browser or malicious page leaks one credential, attackers can’t reuse it elsewhere. Many password managers also refuse to autofill on unfamiliar or suspicious sites, which can alert you that something isn’t right before you manually enter anything.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

4) Run strong antivirus software on your device

Even if an attack starts inside the browser, antivirus software can still detect suspicious scripts, unauthorized system changes or malicious network activity. Strong antivirus software focuses on behavior, not just files, which is critical when dealing with AI-driven or script-based attacks.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

5) Avoid broad or open-ended instructions

Telling an AI browser to “handle whatever is needed” gives attackers room to manipulate it through hidden prompts. Be specific about what the AI is allowed to do and what it should never do. Narrow instructions make it harder for malicious content to influence the agent.

6) Be careful with AI summaries and automated scans

When an AI browser scans emails, documents or web pages for you, remember that hidden instructions can live inside that content. Treat AI-generated actions as drafts or suggestions, not final decisions. Review anything the AI plans to act on before approving it.

7) Keep your browser, AI tools and operating system updated

Security fixes for AI browsers evolve quickly as new attack techniques emerge. Delaying updates leaves known weaknesses open longer than necessary. Turning on automatic updates ensures you get protection as soon as they’re available, even if you miss the announcement.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaway

There’s been a meteoric rise in AI browsers. We’re now seeing them from major tech companies, including OpenAI’s Atlas, The Browser Company’s Dia, and Perplexity’s Comet. Even existing browsers like Chrome and Edge are pushing hard to add AI and agentic features into their current infrastructure. While these browsers can be useful, the technology is still early. It’s best not to fall for the hype and to wait for it to mature.

Do you think AI browsers are worth the risk today, or are they moving faster than security can keep up? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report 

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

Copyright 2025 CyberGuy.com.  All rights reserved.

Valve has announced the winners of the 2025 Steam Awards and, unsurprisingly, Hollow Knight: Silksong, took home the Game of the Year honors. It was also given the “Best Game You Suck At” award, which, I’m not sure if that’s a good thing or not. Given the relentless fawning over Silksong since its release in September, an event that nearly brought the entire digital video game distribution system to its knees, that it would win Game of the Year felt like something of a forgone conclusion.

The Best Game on Steam Deck was awarded to Hades II (an award we’d already unofficially granted it). The mechanics of Hades lend it to being played in short bursts, and the stylized graphics scale down well. Silent Hill f won the Outstanding Visual Style award and, while there’s no denying it’s a gorgeous title, I can’t help but feel like Dream BBQ, with its uniquely hallucinatory visuals, got robbed. Check out the full list of winners and nominees here at the Steam Awards 2025 landing page.

The University of Phoenix has confirmed a major data breach affecting nearly 3.5 million people. The incident traces back to August when attackers accessed the university’s network and quietly stole sensitive information.

The school detected the intrusion on Nov. 21. That discovery came after the attackers listed the university on a public leak site. In early December, the university disclosed the incident, and its parent company filed an 8-K with regulators.

The scope is large. Notification letters filed with Maine’s Attorney General show 3,489,274 individuals were affected. Those affected include current and former students, faculty, staff and suppliers.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

DATA BREACH EXPOSES 400,000 BANK CUSTOMERS’ INFO

What happened and how attackers got in

According to the university, hackers exploited a zero-day vulnerability in Oracle E-Business Suite. This application handles financial operations and contains highly sensitive data.

Based on the technical details shared so far, security researchers believe the attack aligns with tactics used by the Clop ransomware gang. Clop has a long track record of stealing data through zero-day flaws rather than encrypting systems.

The vulnerability tied to this campaign is tracked as CVE-2025-61882. Investigators say it has been abused since early August.

What data was exposed

The university says the attackers accessed highly sensitive personal and financial information. That includes:

• Full names
• Contact information
• Dates of birth
• Social security numbers
• Bank account numbers
• Routing numbers

This type of data creates a serious risk. It can fuel identity theft, financial fraud and targeted phishing scams.

700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS

Nearly 3.5 million people affected

In letters sent to affected individuals, the university confirmed the breach affects 3,489,274 people. If you are a current or former student or employee, watch your mail closely.

These notifications often arrive by postal mail, not email. The letter explains what data was exposed and includes instructions for protective services.

We reached out to the University of Phoenix for comment, and a rep provided CyberGuy with the following statement: 

“We recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform. Upon detecting the incident on November 21, 2025, we promptly took steps to investigate and respond with the assistance of leading third-party cybersecurity firms. We are reviewing the impacted data and will provide the required notifications to affected individuals and regulatory entities.”

Free identity protection is now available

The University of Phoenix is offering affected individuals free identity protection services. These include:

• 12 months of credit monitoring
• Identity theft recovery assistance
• Dark web monitoring
• A $1 million fraud reimbursement policy

To enroll, you must use the redemption code provided in the notification letter. Without that code, you cannot activate the service.

This attack fits a larger Clop campaign

The University of Phoenix breach is not an isolated case. Clop has used similar tactics in past campaigns involving GoAnywhere MFT, Accellion FTA, MOVEit Transfer, Cleo and Gladinet CentreStack.

Other universities have also reported Oracle EBS-related incidents. These include Harvard University and the University of Pennsylvania.

The U.S. government is taking notice. The U.S. Department of State is now offering a reward of up to $10 million for information linking Clop’s attacks to a foreign government.

Why colleges are prime targets

Universities store massive amounts of personal data. Student records, financial aid files, payroll systems and donor databases all live under one roof.

Like healthcare organizations, colleges present a high-value target. A single breach can expose years of data tied to millions of people.

MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA

Steps to stay safe right now

If you believe you may be affected, act quickly. These steps can reduce your risk.

1) Watch for your breach notification letter

Read it carefully. It explains what data was exposed and how to enroll in protection services.

2) Enroll in the free identity protection

First, use the redemption code provided. Because Social Security and banking data are involved, credit monitoring and recovery services matter. Even if you do not qualify for the free service, an identity theft protection service is still a smart move.

In addition, these services actively monitor sensitive details like your Social Security number, phone number and email address. If your information appears on the dark web or if someone tries to open a new account, you receive an alert right away. As a result, many services also help you quickly freeze bank and credit card accounts to limit further fraud.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

3) Use a data removal service

Because this breach exposed names, contact details and other identifiers, reducing what is publicly available about you matters. A data removal service can help remove your personal information from data broker sites, which lowers the risk of targeted phishing or fraud tied to the stolen University of Phoenix records.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

4) Monitor financial accounts daily

Check bank statements and credit card activity for unfamiliar charges. Report anything suspicious immediately.

5) Consider freezing your credit

A credit freeze can stop criminals from opening new accounts in your name. It is free and reversible. To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 

6) Be alert for phishing attempts and use strong antivirus software 

Expect more scam emails and phone calls. Criminals may reference the breach to sound legitimate.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com

7) Secure your devices

Keep your operating systems and apps up to date, as attackers often exploit outdated software to gain access. In addition, enable automatic updates and review app permissions to prevent stolen personal data from being combined with device-level access and causing further harm.

Kurt’s key takeaways

The University of Phoenix data breach highlights a growing problem in higher education. When attackers exploit trusted enterprise software, the fallout spreads fast and wide. While free identity protection helps, long-term vigilance matters most. Staying alert can limit damage long after the headlines fade.

If universities cannot protect this level of sensitive data, should students demand stronger cybersecurity standards before enrolling? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

Copyright 2025 CyberGuy.com.  All rights reserved.