“BioShocking” tricks AI browsers into leaking your passwords

https://media.thenextweb.com/2026/07/layerxsecurity-bioshocking-agent-research.avif

Security researchers convinced six AI browsers they were playing a game. The browsers then handed over their users’ passwords and treated it as a win.

The firm behind it, LayerX, calls the technique BioShocking, and says it worked on every agent it tried. The list reads like a roll-call of the new AI browser market: OpenAI’s ChatGPT Atlas, Perplexity’s Comet, Anthropic’s Claude extension for Chrome, and three smaller players, Fellou, Genspark, and Sigma.

The name nods to the video game BioShock, in which a brainwashed character obeys the trigger phrase “Would you kindly?” The attack runs on the same idea. Convince the AI that the normal rules do not apply, and it stops applying them.

How a maths puzzle breaks the rules

An AI browser in agent mode does not just read pages. It clicks, types, and reaches into any site you have already logged into. That access is...

Copyright of this story solely belongs to thenextweb.com. To see the full text click HERE

Read more