Learn how OpenAI protects user data when AI agents open links, preventing URL-based data exfiltration and prompt injection with built-in safeguards.

OpenAI is a research organization focused on artificial intelligence and machine learning. Readers can learn about  AI research, deep learning models, and AI applications across various domains. With research papers, blog posts, and technical documentation, OpenAI provides  insights and expertise for understanding and advancing the field of artificial intelligence.

OpenAI

OpenAI explains how they protect against URL-based data exfiltration when AI agents automatically fetch web content. The core defense uses an independent web index to verify URLs exist publicly before allowing automatic retrieval. If a URL hasn't been seen publicly, the system either blocks it or requires explicit user confirmation. This prevents attackers from using prompt injection to trick agents into loading malicious URLs that encode sensitive user data in query parameters, which would then appear in server logs.

Keeping your data safe when an AI agent clicks a link

The problem: a URL can carry more than a destination

Why simple “trusted site lists” aren’t enough

Our approach: allow automatic fetching only for URLs that are already public

What this protects against and what it doesn’t