New BioShocking attack shows how AI browsers can leak code and credentials
New research shows that AI browsers can be manipulated into an alternate reality where their safety guardrails stop working, making them vulnerable to dangerous instructions. A malicious website can trick the embedded LLM into believing false rules, such as rewarding incorrect answers like 2 + 2 = 5, causing the model to abandon normal constraints. Once in this delusional state, the AI browser may follow harmful prompts, including extracting private code or credentials. The attack, named BioShocking, demonstrates how merging browsing and AI agent capabilities creates a new security risk far more severe than traditional jailbreaks. Multiple AI browsers, including ChatGPT Atlas, Comet, Fellou, Genspark, Sigma and Claude’s Chrome plugin, were shown to be susceptible. The research highlights that AI browsers blur critical security boundaries and may become a major vector for credential theft and data breaches.
Read the full story on Ars Technica →