OpenAI ChatGPT Atlas BioShocking fix
Advisory/Mitigation
Summary
Hide ▲
Show ▼
OpenAI delivered a working fix for BioShocking in ChatGPT Atlas, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and credential theft. The mitigation addresses a concrete agentic-browser safety weakness that researchers showed across six mainstream products. OpenAI was the only vendor reported to have implemented an effective fix after receiving the disclosure.
Related Happenings
IPhone AI chatbot traffic leak of API keys, replayable tokens, and open relays
Technical Analysis
H score27
First: 30.06.2026 16:49
Last: 30.06.2026 16:49
Sources 1
About this happening:
**LLMKeyLens** testing found **444 iPhone AI chatbot apps** leaking **paid AI access**, exposing **API keys**, **replayable tokens**, and **open relays** that let others bill mode...
IPhone AI chatbot traffic leak of API keys, replayable tokens, and open relays
Technical AnalysisAbout this happening: **LLMKeyLens** testing found **444 iPhone AI chatbot apps** leaking **paid AI access**, exposing **API keys**, **replayable tokens**, and **open relays** that let others bill mode...
LayerX BioShocking prompt injection against agentic browsers
Technical Analysis
H score30
First: 24.06.2026 19:05
Last: 24.06.2026 19:05
Sources 1
How related:
A proof-of-concept (PoC) for the attack, devised by researchers at LayerX, was successfully tested against six mainstream agentic browser products (ChatGPT Atlas, Comet, Fellou, Genspark Browser, Sigma Browser, and the Claude Chrome plugin), with only one addressing it after receiving the report.
About this happening:
Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...
LayerX BioShocking prompt injection against agentic browsers
Technical AnalysisHow related: A proof-of-concept (PoC) for the attack, devised by researchers at LayerX, was successfully tested against six mainstream agentic browser products (ChatGPT Atlas, Comet, Fellou, Genspark Browser, Sigma Browser, and the Claude Chrome plugin), with only one addressing it after receiving the report.
About this happening: Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...
OpenAI Daybreak expands with **GPT-5.5-Cyber** and **Codex Security** patch automation
Security Tool/Service
H score14
First: 23.06.2026 17:15
Last: 23.06.2026 17:15
Sources 1
About this happening:
OpenAI expanded **Daybreak** with a full release of **GPT-5.5-Cyber** and updated **Codex Security**, widening AI-assisted patch automation for **verified defenders**. The rollout...
OpenAI Daybreak expands with **GPT-5.5-Cyber** and **Codex Security** patch automation
Security Tool/ServiceAbout this happening: OpenAI expanded **Daybreak** with a full release of **GPT-5.5-Cyber** and updated **Codex Security**, widening AI-assisted patch automation for **verified defenders**. The rollout...
OpenAI and Trail of Bits launch Patch the Planet open-source security program
Commercial Activity
H score1
First: 23.06.2026 06:56
Last: 23.06.2026 06:56
Sources 1
About this happening:
OpenAI launched **Patch the Planet** with **Trail of Bits** to help secure **open-source projects**, expanding a cybersecurity-focused partnership program for maintainers and defe...
OpenAI and Trail of Bits launch Patch the Planet open-source security program
Commercial ActivityAbout this happening: OpenAI launched **Patch the Planet** with **Trail of Bits** to help secure **open-source projects**, expanding a cybersecurity-focused partnership program for maintainers and defe...
OpenAI ChatGPT Lockdown Mode rollout limits prompt-injection exfiltration paths
Security Tool/Service
H score10
First: 06.06.2026 16:36
Last: 06.06.2026 16:36
Sources 1
About this happening:
**OpenAI ChatGPT** is rolling out **Lockdown Mode** for eligible personal accounts, reducing the risk of **prompt-injection-driven data exfiltration**. The update adds stricter li...
OpenAI ChatGPT Lockdown Mode rollout limits prompt-injection exfiltration paths
Security Tool/ServiceAbout this happening: **OpenAI ChatGPT** is rolling out **Lockdown Mode** for eligible personal accounts, reducing the risk of **prompt-injection-driven data exfiltration**. The update adds stricter li...
Timeline
-
01.07.2026 00:50 2 articles · 2h ago
OpenAI fixes BioShocking in ChatGPT Atlas
Mitigation Patch UpdateLayerX says OpenAI implemented a working fix for the BioShocking prompt injection issue in the ChatGPT Atlas browser after the disclosure of a malicious webpage PoC that pushed agentic browsers toward unsafe real-world actions. The same report says Anthropic's patch for the Claude Chrome plugin was ineffective and Perplexity AI closed the report without fixing the issue.
Show sources
- New BioShocking attack manipulates AI browser into data theft — www.bleepingcomputer.com — 01.07.2026 00:50
- New BioShocking attack manipulates AI browser into data theft — www.bleepingcomputer.com — 01.07.2026 00:50