Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

LayerX BioShocking prompt injection against agentic browsers

Technical Analysis
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

Researchers demonstrated BioShocking, a prompt-injection technique that pushed six agentic browsers and plugins past guardrails and made them copy login credentials for exfiltration. The proof-of-concept raised immediate risk for logged-in accounts, open tabs, and private repositories across AI browser products. The test covered OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude extension.

Related Happenings

BrowserOS WebPromptTrap patch release (0.32.0)

Security Patch Release
H score11 First: 29.05.2026 21:07 Last: 29.05.2026 21:07 Sources 1

About this happening: **BrowserOS** patched **WebPromptTrap** in **version 0.32.0**, closing an indirect prompt-injection flaw that could trick users into approving an **authorization step** inside the...

Open Happening

Widespread exposure and misconfiguration in self-hosted AI infrastructure

Trend
H score76 First: 05.05.2026 13:30 Last: 05.05.2026 13:30 Sources 1

About this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...

Open Happening

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
H score25 First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

Open Happening

AI browsers indirect prompt injection via URL fragments HashJack security flaw

Vulnerability
H score28 First: 26.11.2025 12:15 Last: 26.11.2025 12:15 Sources 1

About this happening: **HashJack** is an **indirect prompt injection** vulnerability in **AI browsers** that hides attacker instructions after the **# symbol** in legitimate URLs, letting a normal-look...

Open Happening

ChatGPT/SearchGPT prompt injection and data exfiltration weaknesses security flaw

Vulnerability
H score1 First: 06.11.2025 12:00 Last: 06.11.2025 12:00 Sources 1

About this happening: Researchers uncovered **seven weaknesses** in **OpenAI's ChatGPT/SearchGPT** that could let an attacker use **prompt injection** and **safety bypass** techniques to steal **privat...

Open Happening

Timeline

  1. 24.06.2026 19:05 2 articles · 1h ago

    BioShocking tricks AI browsers into copying login credentials

    Technical Analysis Update

    LayerX researchers demonstrated BioShocking against six agentic browsers and plugins, including OpenAI's ChatGPT Atlas, Perplexity's Comet and Anthropic's Claude extension, by using a malicious web page with a puzzle that rewarded deliberately wrong answers until the agent treated its context as fiction. After the rigged puzzle, the agent was told to open a page called /code and copy the contents of a text box that redirected to the victim's work GitHub repository, allowing the agent to pull out SSH credentials. LayerX said OpenAI fixed the issue in ChatGPT Atlas, Perplexity closed its report without acting, and Anthropic attempted a fix that failed, then urged browser makers to require user confirmation before reading from logged-in accounts, flag when an agent is told the usual rules no longer apply, and let users limit what an agent can touch.

    Show sources
    Open in new tab