BioShocking attack convinces AI browsers they are in a game, then steals credentials
Researchers at LayerX detailed BioShocking, an attack that manipulates AI browser agents into ignoring their safety rules by convincing them they are inside a fictional game. Using a web page with a puzzle that rewards deliberately wrong answers, the attack gets the agent to accept a false reality, after which it treats a request to open a page and copy its contents as just another step. In the demonstration, that page redirected to the victim's work GitHub repository and the agent handed over SSH credentials, treating the theft as finishing the game. None of the six AI browser agents tested flagged it as a rule violation.
- Check
- Review where AI browser agents are used and what logged-in accounts they can reach, and test whether an agent follows instructions from web content telling it the normal rules no longer apply.
- Affected
- Users of AI browser agents that act on logged-in sessions; an attacker-controlled page can trick the agent into ignoring its rules and stealing credentials or data from sites the user uses.
- Fix
- Require user confirmation before an agent reads from logged-in accounts, limit which sites and data agents can touch, and prefer AI browsers that flag when content tries to override their instructions.