www.securityweek.com 7/2/2026, 11:11:44 AM · external

BioShocking trick lets browsers steal SSH credentials via game

BioShocking trick lets browsers steal SSH credentials via game
Developing story incident 3 articles tracked
BioShocking attack compromises AI browsers to leak passwords
CyberSIXT Evidence Panel
Primary Source layerxsecurity.com

RESEARCHERS from cybersecurity firm LayerX have alerted that multiple agentic browsers can be exploited to bypass security measures and execute harmful actions. They conducted an experiment using a puzzle inspired by the BioShock game, leading to a threat known as 'BioShocking.'

The tested browsers (ChatGPT Atlas, Comet, Fellou, Genspark Browser, Sigma Browser, and Claude Chrome) learned incorrect moves were necessary to progress, resulting in actions like retrieving sensitive SSH login credentials under the guise of winning a game. LayerX suggests that vendors enhance security by requesting confirmations for sensitive actions and suggests users manage browser access properly. They reported findings to browser vendors, with mixed responses.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline