Researchers Discover New BioShocking Attack That Tricks AI Browsers into Stealing Users’ Sensitive Information

Views: 412 views

358/69 Thursday, July 2, 2026

Researchers from LayerX have discovered a new attack technique called BioShocking, a type of prompt injection attack that can trick AI-powered browsers into ignoring security controls and stealing sensitive information. The attack works by creating a simulated scenario that causes the AI system to interpret risky real-world actions as merely part of a fictional game environment. This affects AI agent-powered browser products used by both enterprises and general users, potentially putting personal information and important user passwords at risk of being exfiltrated.

According to the Proof of Concept developed by LayerX, a malicious website can present a BioShock-themed puzzle game that rewards incorrect answers, conditioning the AI agent to believe that normal rules do not apply in that context. When the game reaches its final stage, the AI agent is instructed to access a GitHub repository to copy and disclose sensitive information, including passwords. The test was conducted against six major agentic browser products, including ChatGPT Atlas, Comet, Fellou, Genspark Browser, Sigma Browser, and the Claude plugin on Chrome. All were confirmed to be vulnerable, with only one vendor successfully fixing the issue after receiving the report.

LayerX reported its findings to the platform developers in October last year. The researchers found that only OpenAI successfully fixed the vulnerability in the ChatGPT Atlas browser. Anthropic attempted to patch the issue in its Chrome plugin, but the fix was not able to fully prevent the attack demonstrated in the Proof of Concept. Perplexity AI closed the report without implementing any fix. LayerX recommends that developers require explicit user confirmation before carrying out sensitive actions, strengthen contextual validation, and limit the scope of agentic browser sessions. General users are also advised to restrict the permissions granted to AI browsers when accessing sensitive services.

Source: https://www.bleepingcomputer.com/news/security/new-bioshocking-attack-manipulates-ai-browser-into-data-theft/