A debate over security has erupted around Atlas, the new browser developed by OpenAI, after the German service Tuta—known for its fully end-to-end encrypted email and calendar—issued a warning to users about the risks associated with installing the tool. The company argues that Atlas’s deep integration with ChatGPT makes it excessively inquisitive and poses a serious threat to privacy.
Tuta emphasizes that the browser is capable of accessing virtually everything a user opens online. According to the service, Atlas observes webpages, gathers information, analyzes user behavior, and builds its own knowledge base—provided it is granted the necessary permissions during installation. This extends to email platforms, banking portals, and any other online service: the browser sees every action a user takes, otherwise it would not be able to generate recommendations or leverage accumulated context.
The authors of the warning note that it is impossible to predict which fragments of information Atlas will retain and which it will discard. Despite OpenAI’s assurances that the browser should not store passwords or other highly sensitive data, Tuta considers such promises unreliable, recalling cases in which AI systems have strayed beyond their prescribed limits. Particular attention is drawn to a demonstration by an Electronic Frontier Foundation employee, who showed Atlas retaining records of visits to a reproductive-health services website.
A separate concern involves Incognito Mode. Tuta asserts that it does not provide full protection, as Atlas continues to observe user activity, albeit without linking it to an account. The service also highlights that conversations in this mode are nonetheless preserved for a month under abuse-detection mechanisms, and that the activity may still be visible to third parties.
Additional worries stem from the fact that OpenAI operates under U.S. jurisdiction, where government agencies have broader powers to compel data access. Even when browsing history and conversations are deleted, some information is retained for the same 30-day period.
Tuta identifies the Agent Mode as the most serious threat, as it expands ChatGPT’s operational capabilities and enlarges the attack surface. The company recalls multiple cases in which voice and text assistants were manipulated into executing unauthorized commands. Reports describe incidents involving the execution of malicious code and illicit access to protected systems. LayerX’s analysis is also referenced, noting that Atlas users may be considerably more vulnerable to phishing pages due to the browser’s limited protective mechanisms.
Tuta concludes by cautioning that the volume of collected data could one day be used for advertising if OpenAI alters its monetization strategy—an eventuality that, in the company’s view, would render the situation even more unpredictable.
