본문으로 건너뛰기
All news

'BioShocking' Jailbreak Fools All 6 AI Browsers Into Leaking Credentials via Fake Game Logic

Summary: LayerX Security disclosed "BioShocking," a novel attack that lures AI browser agents into game-world reasoning — where wrong answers are rewarded — then exploits that logic to extract real credentials. All six products tested were successfully compromised.

Key Points

  • Attack mechanism: A malicious website embeds an indirect prompt injection that teaches the agent "incorrect actions are acceptable," then uses that learned rule to force credential extraction from real repositories
  • Affected products: OpenAI ChatGPT Atlas, Perplexity AI Comet, Fellou, Genspark Browser, Sigma Browser, and Anthropic's Claude Chrome plugin — all six submitted credentials from a test repo
  • Patch status: OpenAI has patched ChatGPT Atlas; Anthropic attempted a fix, but LayerX confirmed the patch can still be bypassed
  • Named after the 2007 game BioShock, where the protagonist is brainwashed into blindly following a villain's commands

Why It Matters

As AI agents gain browser and tool-calling permissions, prompt injection escalates from a nuisance into a live credential-theft vector. BioShocking demonstrates that safety guardrails anchored in "real-world context" are fragile — agents cannot reliably distinguish a game scenario from reality. Enterprises running browser agents on automated workflows should treat this as an active threat requiring immediate review.

Read More

뉴스레터 구독

무료 뉴스레터

매주 핵심 AI 소식, 한 번에 받기

쏟아지는 AI·LLM 뉴스 중 꼭 알아야 할 것만 골라 메일로 보내드려요. 뉴스레터 발송이 시작되면 구독자분들께 가장 먼저 보내드립니다.