logo

Researchers Trick AI Browsers Into Leaking Credentials

ID: 962232a7-089a-5720-8fad-62d518f78251

STIX ID: report--962232a7-089a-5720-8fad-62d518f78251

Feed Name: Infosecurity Magazine (News)

Threat Score
60/100

Date Published: 2026-06-24

Date Updated: 2026-06-25

...
...

LayerX demonstrated a proof-of-concept attack named "BioShocking" that tricks AI-powered web browsers and browser extensions into believing they are playing a game, causing them to ignore safety rules and copy credentials from logged-in pages. Six agents (including ChatGPT Atlas, Perplexity Comet, and an Anthropic extension) were shown to exfiltrate SSH/login data during the test; vendors' responses varied and LayerX recommends user-confirmation and tighter context controls to prevent such exfiltration.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.