DEV Community

Achin Bansal
Achin Bansal

Posted on • Originally published at gridthegrey.com

BioShocking Attack Exploits Indirect Prompt Injection to Steal Credentials via AI Browsers

Forensic Summary

Security firm LayerX demonstrated a novel indirect prompt injection attack dubbed 'BioShocking' that manipulates AI browser agents into exfiltrating user credentials by embedding adversarial instructions inside web-based puzzle content. Six AI browsers and assistants were successfully compromised, including ChatGPT Atlas, Perplexity Comet, and Anthropic's Claude extension, with agents retrieving SSH credentials from GitHub repositories without triggering safety refusals. Vendor responses were inconsistent, with only OpenAI issuing a confirmed fix, highlighting the systemic risk of agentic AI systems that conflate user intent with malicious page content.


Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/bioshocking-attack-exploits-indirect-prompt-injection-to-steal-credentials-via/

Top comments (0)