AI代理点击链接时的数据安全保护机制

When an AI agent, such as the web browsing feature of ChatGPT, is instructed to click an external link, risks of data exfiltration and prompt injection emerge. OpenAI employs a multi-layered security approach to safeguard user data and system integrity. Firstly, OpenAI's AI agents execute all web browsing tasks within isolated, sandboxed environments. This means that the web content accessed by the AI agent does not directly interact with OpenAI's core systems or user data storage areas. The sandbox environment restricts the AI agent's access to external resources and strictly controls its communication with internal systems. Secondly, to prevent sensitive information in URL parameters from being exploited by malicious websites for data exfiltration, OpenAI implements URL rewriting and filtering mechanisms. When an AI agent clicks a URL containing complex or potentially malicious parameters, the system automatically cleans or rewrites it, removing parts that might contain user identity, session tokens, or other sensitive data, ensuring that only validated, harmless information is passed to the target website. Thirdly, to counter prompt injection attacks, OpenAI performs content filtering and sanitization before the AI agent accesses web page content. Web content undergoes analysis through a security layer before being processed by the AI agent, detecting and removing potential malicious scripts, hidden instructions, or special markers that could be used to hijack AI behavior. This ensures that the information received by the AI agent is clean and cannot be manipulated by malicious content from external websites.