{"data":{"id":"35e2bafe-893b-4830-9131-ba533149f29d","title":"New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials","summary":"BioShocking is an attack technique that tricks AI browsers (applications that can act on your behalf by clicking, typing, and accessing websites you're logged into) into stealing user credentials through indirect prompt injection (hiding malicious commands in web page content that the AI can't distinguish from legitimate instructions). Researchers demonstrated this by creating a puzzle game that convinced six AI browsers, including ChatGPT Atlas and Claude, to copy login credentials and send them to attackers.","solution":"LayerX proposes that AI browsers should ask users for confirmation before reading from logged-in accounts (for example, \"I'm about to copy data from your GitHub repository. Continue?\"), detect when a webpage claims normal rules no longer apply, and let users set hard limits on what an agent can access. The source also recommends that users limit what information the browser can see and revoke access when done, and that security teams treat AI browsers in agent mode as additional accounts that should receive only the narrowest access needed for specific tasks.","labels":["security","safety"],"sourceUrl":"https://thehackernews.com/2026/06/new-bioshocking-attack-tricks-ai.html","publishedAt":"2026-06-30T08:37:19.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["jailbreak"],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI","Anthropic","Perplexity"],"affectedVendorsRaw":["OpenAI ChatGPT Atlas","Anthropic Claude browser extension","Perplexity Comet","Fellou","Genspark","Sigma"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-30T08:37:19.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}