They have and they’ve explicitly said it’s not solved lmao
A 1% attack success rate—while a significant improvement—still represents meaningful risk. No browser agent is immune to prompt injection, and we share these findings to demonstrate progress, not to claim the problem is solved
I’ve used agents, they tell you everything they’re going to do. And they’re incredibly slow and stupid. I don’t think OPs original premise of it instantly and secretly stealing your bank account details is realistic.
I don’t think I said prompt injection didn’t exist, just that it didn’t need to be worried about by users in exactly the way that was described
Pretty sure they thought of this. But maybe you are the first very smart person ever to think of it, who knows
They have and they’ve explicitly said it’s not solved lmao
Mitigating the risk of prompt injections in browser use \ Anthropic - https://www.anthropic.com/research/prompt-injection-defenses
I’ve used agents, they tell you everything they’re going to do. And they’re incredibly slow and stupid. I don’t think OPs original premise of it instantly and secretly stealing your bank account details is realistic.
I don’t think I said prompt injection didn’t exist, just that it didn’t need to be worried about by users in exactly the way that was described