Skills
OpenAI Deploys RL-Trained Automated Red Teamer That Discovers Novel Long-Horizon Prompt Injection Attacks Humans Missed, Admits Prompt Injection 'Unlikely to Ever Be Fully Solved'
OpenAI built an LLM-based automated attacker trained with reinforcement learning to find prompt injection attacks against browser agents like ChatGPT Atlas. Unlike prior red teaming that found single-step failures, the RL attacker steers agents into sophisticated multi-step harmful workflows spanning tens to hundreds of steps, discovering novel attack strategies absent from human campaigns. OpenAI simultaneously acknowledged that 'prompt injection, much like scams and social engineering on the web, is unlikely to ever be fully solved' — a significant admission from the company deploying the world's largest agentic browser.
Source
↳ Follow the thread