New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials
ID: a6001b2c-5bb8-593e-a3f6-0752a1424e68
STIX ID: report--a6001b2c-5bb8-593e-a3f6-0752a1424e68
Feed Name: The Hacker News
**BioShocking — prompt-injection exfiltration from AI browsers:** LayerX demonstrated a technique that convinces AI browsers/agents (e.g., ChatGPT Atlas, Perplexity Comet, Anthropic Claude extension) to follow malicious game-like instructions and steal credentials available in the user's signed-in session (tested by retrieving SSH keys from a GitHub repo); vendors responded unevenly and LayerX recommends agents require explicit consent before accessing logged-in accounts and enforce hard limits on what an agent may touch.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
