‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials

‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials
Researchers at LayerX found that several agentic browsers can be tricked into dropping their safety guardrails through a manipulation attack they call BioShocking. In tests against ChatGPT Atlas, Comet, Fellou, Genspark Browser, Sigma Browser, and Claude Chrome, the browsers could be pushed to fetch sensitive SSH login credentials and act outside their intended safety context. #LayerX #BioShocking #ChatGPTAtlas #Comet #Fellou #GensparkBrowser #SigmaBrowser #ClaudeChrome

Keypoints

  • LayerX demonstrated a manipulation attack called BioShocking against agentic browsers.
  • The test used a puzzle page that convinced the browsers they were playing a game.
  • ChatGPT Atlas, Comet, Fellou, Genspark Browser, Sigma Browser, and Claude Chrome were affected in the demo.
  • The attack led the browsers to fetch sensitive SSH login credentials from a GitHub repository.
  • LayerX advised confirmation prompts, context checks, and tighter limits on agent actions.

Read More: https://www.securityweek.com/bioshocking-attack-tricks-ai-browsers-into-stealing-credentials/