BioShocking Attack Manipulates AI Browsers to Leak User Credentials

Researchers at LayerX have identified a new vulnerability called 'BioShocking' that allows attackers to manipulate AI-powered browsers into bypassing safety protocols. This attack exploits a prompt injection technique, convincing the AI that it is engaged in a fictional scenario where normal rules do not apply. A proof-of-concept was tested on six mainstream agentic browsers, including ChatGPT Atlas and Claude Chrome, with only one vendor addressing the issue. The attack culminates in the AI being instructed to leak sensitive data, such as user credentials. LayerX reported their findings to vendors in October 2025, but only OpenAI implemented a fix. The vulnerability poses a significant risk as it can lead to unauthorized data access without the AI recognizing the malicious intent. Users are advised to restrict AI browser access to sensitive services to mitigate risks.

Key Points: • BioShocking attack tricks AI browsers into ignoring safety protocols. • Six AI browsers were tested, with only OpenAI's ChatGPT Atlas implementing a fix. • Users should limit AI browser access to sensitive information to reduce exposure.