New BioShocking Attack Manipulates AI Browser Into Data Theft
A new prompt injection attack called “BioShocking” tricks AI-powered browsers into treating dangerous real-world actions as fictional scenarios, bypassing safety guardrails and enabling data theft. Researchers at LayerX demonstrated this by using a malicious webpage that taught AI agents to ignore normal rules, leading them to disclose sensitive information from code repositories across six tested AI browsers, with only one vendor implementing an effective fix. LayerX recommends stronger user confirmation, context checks, and access restrictions to mitigate this vulnerability.














