AnalysisCybersecurityJune 30, 2026

BioShocking attack tricks AI browsers into leaking credentials

Security firm LayerX demonstrated BioShocking, an attack that tricked six AI browsers—including ChatGPT Atlas, Perplexity Comet, and Anthropic's Claude extension—into handing over user credentials via indirect prompt injection. The method exploits how AI agents cannot distinguish between page content and instructions, turning a puzzle game into a credential-stealing vector.

1 source