In 2025, agents will be the most intense battlefield in the field of AI.

However, OpenAI, which has been "leading the way" in the field of AI, has been slow to make a move.

However, foreign media recently exposed a piece of good news - OpenAI may release its own "computer operation agent" this month!

In this regard, netizens have said that they have been waiting for a long time and are eager to wear out!

Swipe left and right to view

Computer operating agent

In October last year, Anthropic was the first to release a "computer operating agent" based on Claude 3.5 Sonnet.

In the Demo at that time, Anthropic achieved for the first time let the model autonomously control the computer screen, move the cursor, complete the task, and amazed everyone.

In theory, the new feature can do everything according to a simple prompt, and all the user has to do is write down the prompt, and the other necessary steps will be carried out by the model.

In April last year, Google released Vertex AI Agent Builder, a tool to simplify AI agent development, and in October it was revealed that it was secretly developing an agent called "Project Jarvis."

According to the news, Google uses the operation principle similar to Anthropic, also by taking a screen shot, parsing the screen content, and then automatically click buttons, or input text, and finally help people complete daily tasks based on the web.

However, it takes a few seconds to think between different actions. Therefore, it is not yet practical to run in the terminal device and still need to operate on the cloud.

In fact, OpenAI has also laid out the development of such software.

In February last year, OpenAI told the media that it was developing AI agents.

In November last year, it was revealed that it would release an AI agent tool code-named "Operator" in January of the following year.

In a recent blog post, Altman said OpenAI has mastered how to create general-purpose artificial intelligence in the traditional sense. We believe that by 2025, we will see the first AI agents "join the workforce" and dramatically change the output of companies.

Now that DDL is approaching, foreign media suddenly broke the news that OpenAI's agent will have another three or four weeks to release.

And the reason why this is actually because they are worried about "AI security issues" - prompted injection attacks!

Prompt injection attack

Imagine that, faced with an upcoming holiday party, you decide to ask the agent to find and order a new outfit.

Accidentally, the model clicks on a malicious website. Then, the site instructs it to forget the previous instructions, tells it to log into your email and steals your credit card information.

In this process, the computer operating agent model generally requires four execution steps:

1. First, the model receives the user's API request

2. Select a tool as prompted

3. Then, capture the content of the desktop screen and evaluate whether the task is complete

4. If not, keep using these tools until you reach your goal

The problem arises in step 3, where the screenshot content can be maliciously exploited, known as a "prompt injection attack."

This is a very real concern for the AI LABS that are developing such computer-controlled software.

This is because such software essentially takes over the user's device and automates complex tasks for the user, such as shopping online or editing spreadsheets.

This attack is known as prompt injection, where a large language model is induced by the user to follow malicious instructions.

Prompt injection is not a new threat.

For months, it has been a problem for products such as OpenAI's ChatGPT and Anthropic's Claude. Through "cue injection," these products have become instructions for making computer viruses or bombs.

But for computer operating agents, prompt injection poses a greater threat.

"This is because when the model is browsing the network or controlling the user's computer, it is difficult for the user to control the information the model receives," an OpenAI employee said.

In a blog post, Anthropic also acknowledged the risks of prompt injection.

However, it doesn't offer much in the way of solutions, only urging developers to take "precautionary measures to isolate Claude from sensitive data," including the use of dedicated virtual environments (i.e., virtual machines) that are separate from the main computer system and sensitive data.

This relatively laissez-faire attitude surprised the OpenAI staff: "Considering that Anthropic has in the past emphasized that it takes AI safety very seriously, this operation is very confusing."

But in October, Anthropic took the plunge and released experimental computer control capabilities. This may explain why it is difficult for such startups to strike a balance between developing AI safely and generating profits for shareholders.

Can OpenAI provide more security when releasing AI agent software? Can it go beyond what Anthropic and Google have already introduced?