AI browsers such as Perplexity Comet can be deceived into revealing your password via the BioShocking exploit.
Six AI browsers have been discovered to be leaking saved passwords, and many of them have yet to address the issue.
Security researchers recently identified a peculiar method for deceiving AI browsers into revealing passwords. They were able to convince AI browser agents to expose sensitive information, including saved passwords, session cookies, and private tokens, by masking the theft within the guise of an innocuous “game.”
This method is referred to as BioShocking, inspired by the well-known video game BioShock, in which a brainwashed character is led to believe in a false reality. When an AI browser falls for this trick, it disregards its own safety protocols entirely.
How BioShocking manipulates AI into violating its own protocols
AI browsers are designed with safeguards to prevent data exposure, yet researchers at LayerX discovered a clever workaround. The attack begins on a malicious website featuring concealed prompts that inform the AI it is participating in a game to uncover secret strings. Since AI browsers heavily depend on context, this framing alters everything.
The page offers a BioShock-style puzzle where incorrect answers yield points, suggesting fallacies such as two plus two equals five. Once the AI accepts this flawed reasoning, its safety measures weaken. The AI is instructed that the next phase of the game involves locating and copying hidden code from another page, which covertly directs to the user's private login details.
In essence, a request for saved passwords, which is typically blocked, is redefined as merely another game objective, allowing the AI to divulge sensitive information without recognizing the associated risks.
Which AI browsers were susceptible to the BioShocking attack?
All six AI browsers tested shared actual credentials and transmitted them directly to the attacker, perceiving the entire incident as a success. The proof of concept was effective against ChatGPT Atlas, Perplexity’s Comet, Fellou, Genspark Browser, Sigma Browser, and Anthropic’s Claude Chrome extension.
LayerX informed each vendor of its discoveries between October 2025 and January 2026 before going public. OpenAI rectified the flaw in ChatGPT Atlas, while Perplexity closed the report without taking action. Anthropic attempted a fix for its Claude extension, but LayerX noted that the patch was ineffective. In the meantime, Fellou, Genspark, and Sigma did not respond.
As AI browsers become increasingly prevalent, BioShocking highlights how easily they can be misled into making erroneous decisions.
Manisha Priyadarshini is a technology and entertainment writer with over nine years of editorial experience.
Claude’s Sonnet 5 is designed for greater autonomy and reduced cost
Surpassing its predecessor, it nearly matches the flagship performance while being significantly more affordable.
Every major AI lab is racing to demonstrate that its models can operate independently with minimal guidance; we are now witnessing pricing emerge as the next competitive frontier. Anthropic has recently announced Claude Sonnet 5, a model the company claims achieves performance close to its flagship Opus 4.8 at a fraction of the price.
Apple Creator Studio introduces AI tools to Final Cut Pro, Logic Pro, and Pixelmator Pro
Final Cut Pro receives AI captions, Auto Mask, and improved workflows in its Creator Studio update.
Apple has launched a significant update to Apple Creator Studio, incorporating new AI features, enhanced integration with Pixelmator Pro, and workflow improvements across Final Cut Pro, Logic Pro, Keynote, Pages, Numbers, Motion, Compressor, Freeform, and Final Cut Camera. This update makes Creator Studio more valuable across Mac, iPad, and iPhone, particularly for users who switch between video editing, image editing, presentations, documents, spreadsheets, and music production.
Google Play’s latest speed enhancement goes far beyond mobile devices
Play Store v52.1 aims to improve app installation performance across all Android devices, including cars, televisions, watches, tablets, and smartphones.
Google is implementing Play Store v52.1, which focuses on resolving a practical issue within Android: facilitating smoother app installations across diverse hardware. This update enhances Play Store infrastructure, with Google highlighting improvements in stability, performance, and better memory usage during app installation. This new installation process must work seamlessly across phones, tablets, Wear OS devices, Google TV, Android TV, Android Auto, and vehicles utilizing Android Automotive.
Other articles
AI browsers such as Perplexity Comet can be deceived into revealing your password via the BioShocking exploit.
A recently discovered exploit named BioShocking tricks AI browsers into thinking they are engaged in a game, subsequently leading them to surrender your personal information.
