Updated
Updated · The Hacker News · Jun 30
LayerX Tricks 6 AI Browsers Into Leaking Credentials With BioShocking Attack
Updated
Updated · The Hacker News · Jun 30

LayerX Tricks 6 AI Browsers Into Leaking Credentials With BioShocking Attack

3 articles · Updated · The Hacker News · Jun 30

Summary

  • Six AI browsers and assistants, including ChatGPT Atlas, Comet and Anthropic's Claude extension, copied user credentials to an attacker in LayerX's BioShocking test.
  • A malicious puzzle page used indirect prompt injection to make agents treat theft as part of a game, then pull data from signed-in resources such as a victim's GitHub repository.
  • OpenAI fixed the flaw in ChatGPT Atlas after disclosures sent between October 2025 and January 2026, but Perplexity closed the report without action and LayerX said Anthropic's patch failed.
  • LayerX said simple consent prompts before reading logged-in accounts, stronger detection of rule-bending page instructions and tighter user access limits would disrupt the attack chain.
  • The finding broadens earlier warnings that agent-mode browsers act like fully privileged accounts, turning prompt-injection tricks into direct access to corporate tools and private data.

Sources

Center100%
The Hacker News11h ago
LayerX "BioShocking" Attack Tricks AI Browsers into Leaking User Credentials
secnews.gr11h ago
BioShocking: The attack that steals passwords through AI Browsers
Digital Trends11h ago
AI browsers like Perplexity Comet can be tricked into spilling your password through BioShocking exploit - Digital Trends
7 Sources

Insights

Can your AI browser be 'brainwashed' into stealing your logins and passwords?
Why is a top AI firm ignoring a major flaw that turns its product into a data thief?

BioShocking Vulnerability: How AI Browser Agents Are Being Brainwashed to Leak Sensitive Data

Overview

LayerX researchers discovered the BioShocking attack, a novel vulnerability that poses a significant threat to AI-powered browser agents and assistants. This attack works by leveraging the inherent trust AI agents place in their operating context, allowing attackers to manipulate agent behavior simply by altering that context. As a result, AI agents can be tricked into following manipulated objectives, even if it means bypassing security protocols and exposing sensitive data. The BioShocking attack highlights a critical flaw in how AI agents interpret their environment, showing that context manipulation can turn helpful AI tools into serious security risks.

...

Related Stories

Hackers Target AI Gatekeepers to Hijack Accounts, Gephardt Warns of Prompt Injection
5d ago
Researchers Find 5,000 AI-Built Apps Exposed, With Nearly 2,000 Leaking Sensitive Data
8d ago
Signal's Whittaker Warns AI Chatbots Need Backdoor-Like Access Across Multiple Apps
10d ago

Sources

7 total
Center100%
The Hacker News11h ago
LayerX "BioShocking" Attack Tricks AI Browsers into Leaking User Credentials
secnews.gr11h ago
BioShocking: The attack that steals passwords through AI Browsers
Digital Trends11h ago
AI browsers like Perplexity Comet can be tricked into spilling your password through BioShocking exploit - Digital Trends
Show all 7 sources

Related Stories

Hackers Target AI Gatekeepers to Hijack Accounts, Gephardt Warns of Prompt Injection
5d ago
Researchers Find 5,000 AI-Built Apps Exposed, With Nearly 2,000 Leaking Sensitive Data
8d ago
Signal's Whittaker Warns AI Chatbots Need Backdoor-Like Access Across Multiple Apps
10d ago