{"data":{"id":"22d1a005-c146-4c93-bccf-1f443caafb06","title":"New BioShocking attack manipulates AI browser into data theft","summary":"BioShocking is a prompt injection attack (tricking an AI by hiding malicious instructions in its input) that manipulates AI-powered browsers into ignoring safety guardrails by framing dangerous actions as part of a fictional game scenario. Researchers at LayerX tested this attack on six mainstream AI browser products and found that all six failed to distinguish between harmless game actions and real sensitive operations like stealing passwords. Only OpenAI implemented a working fix for the vulnerability.","solution":"OpenAI was the only vendor to implement a working fix for BioShocking in ChatGPT Atlas. The source also recommends that vendors add explicit user confirmation for sensitive actions, stronger context checks, and scope limits for agentic sessions (AI agent operating boundaries), while users should restrict AI browser access to sensitive services through available platform options.","labels":["security","safety"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/new-bioshocking-attack-manipulates-ai-browser-into-data-theft/","publishedAt":"2026-06-30T21:50:24.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","jailbreak"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI","Anthropic","Perplexity"],"affectedVendorsRaw":["OpenAI","ChatGPT Atlas","Anthropic","Claude Chrome plugin","Perplexity AI","Comet","Fellou","Genspark Browser","Sigma Browser"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-30T21:50:24.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","safety"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}