Skip to main content
  1. Home
  2. Computing
  3. News

AI browsers like Perplexity Comet can be tricked into spilling your password through BioShocking exploit

Six AI browsers were found leaking saved passwords and many of them haven't fixed it yet.

By
Add as a preferred source on Google
MacBook Air in hand, Comet browser loaded—let’s see what Perplexity’s AI can really do
Nadeem Sarwar / Digital Trends

Security researchers just found a strange way to trick AI browsers into handing over your passwords. They managed to trick AI browser agents into exposing sensitive data like saved passwords, session cookies, and private tokens by disguising the theft as part of a harmless “game.”

The technique is called BioShocking, named after the popular video game BioShock, where a brainwashed character is manipulated into believing a false reality. Once an AI browser falls for the same trick, it stops following its own safety rules entirely.

How BioShocking tricks AI into breaking its own rules

AI browsers are built with guardrails to avoid exposing your data, but researchers at LayerX found a clever workaround. The attack starts on a malicious webpage with hidden prompts telling the AI it has entered a game to find secret strings. Since AI browsers rely heavily on context, that framing changes everything.

bioshocking-technique-ai-browser
LayerX

The page presents a BioShock-style puzzle where wrong answers earn points, encouraging logic like two plus two equals five. Once the AI accepts that logic, its safety rules weaken. The AI was told the next step of the game was to find and copy a hidden code from another page which secretly led straight to the user’s private login information.

Recommended Videos

In short, a request for saved passwords, which is normally blocked, gets reframed as just another game objective, letting the AI hand over sensitive data without recognizing the risk.

Which AI browsers fell for the BioShocking attack?

All six AI browsers that were tested copied real credentials and sent them straight to the attacker, then treated the whole thing as a win. The proof of concept worked against ChatGPT Atlas, Perplexity’s Comet, Fellou, Genspark Browser, Sigma Browser, and Anthropic’s Claude extension for Chrome.

LayerX notified every vendor of its findings between October 2025 and January 2026, before going public. OpenAI fixed the issue in ChatGPT Atlas, while Perplexity closed the report without acting on it. Anthropic attempted a fix for its Claude extension, but LayerX says the patch did not hold up. Meanwhile, Fellou, Genspark, and Sigma never responded.

As AI browsers grow more common, BioShocking shows how easily they can be talked into making the wrong call.

Manisha Priyadarshini
Manisha Priyadarshini
News Writer
Manisha Priyadarshini is a tech and entertainment writer with over nine years of editorial experience.
Topics
Google Play’s latest speed boost goes way beyond the phone
Play Store v52.1 targets app install performance across Android devices, including cars, TVs, watches, tablets, and phones.
Google Play Store Photo

Google is rolling out Play Store v52.1 with changes built around a practical Android problem, getting apps installed more smoothly on very different kinds of hardware.

The update focuses on Play Store infrastructure, with Google pointing to stability, performance, and better memory use while a device adds an app. That install path now has to work on phones, tablets, Wear OS watches, Google TV, Android TV, Android Auto, and cars running Android Automotive.

Read more
Peacock Premium Plus joins YouTube as the streaming bundle battle gets messier
The $16.99 subscription brings Peacock’s sports-heavy catalog into YouTube, with account details still unclear.
Adult, Female, Person

Peacock Premium Plus is now available through YouTube Primetime Channels, giving viewers a new way to add a major streaming service inside YouTube.

The $16.99-per-month subscription brings Peacock’s live sports, NBC and Bravo shows, originals, Universal movies, Telemundo programming, and Spanish-language FIFA World Cup 2026 coverage into YouTube’s channel marketplace.

Read more
OpenClaw lands on Android and iOS, turning your phone into a control hub for your AI agent
OpenClaw's mobile apps bring chat, voice, and approvals straight to your phone.
openclaw-ios-android-app

OpenClaw, the open-source AI agent that runs entirely on your own computer, just landed native apps for Android and iOS. The app does not run the AI itself. Instead, it connects to a private gateway you set up yourself on a Mac, PC, or Linux machine, turning your phone into a secure remote for everything that gateway can do.

https://twitter.com/openclaw/status/2071688039114342592

Read more