Researchers at LayerX Security have uncovered a critical cross-site request forgery vulnerability in OpenAI's ChatGPT Atlas browser that allows attackers to inject malicious instructions into the AI's persistent memory, enabling code execution and account takeover, reports The Hacker News

The exploit, dubbed "Tainted Memories," leverages ChatGPTs memory feature, introduced in 2024 to store user details across sessions, to persist infected data even after reboots or device changes. According to LayerX CEO Or Eshed, the flaw can let adversaries escalate privileges, deploy malware, or exfiltrate data without the user's awareness.

Head of security research Michelle Levy said the danger lies in how "a standard CSRF chained to a memory write" allows malicious code to survive across browsers and sessions. LayerX testing showed ChatGPT Atlas blocks only 5.8% of phishing attacks, compared to Chrome's 47%, making it far more vulnerable.

Researchers warn the issue underscores the growing risks as AI browsers fuse applications, identity, and intelligence into a single exploitable surface.