344
Productivity & Workflow355
Automation & Workflow224
Software Development250
Marketing & Growth192
AI Infrastructure & MLOps174
Writing & Content Creation203
Data & Analytics141
Design & Creative169
Photography & Imaging156
Customer Support131
Sales & Outreach125
Voice & Speech135
Education & Learning131
Operations & Admin87
A new test shows a malicious website can trick AI browsers into ignoring safety limits and exposing passwords or private code.
In short: Security researchers showed that a website can trick an AI browser into ignoring its safety rules and doing things it normally should refuse.
Researchers at security firm LayerX demonstrated an attack they call “BioShocking.” It targets AI browsers, which are web browsers that include an AI helper that can read pages and also take actions for you, like filling forms or booking a reservation.
In the demo, a malicious website showed the AI a simple “game” and told it to solve a puzzle. The trick was that the puzzle rewarded wrong answers, like telling the AI that 2 + 2 = 5. Once the AI accepted that the rules of the world had changed, it started acting as if normal safety limits no longer mattered.
After that, the site gave the AI a new instruction. It asked the AI to copy information from a code page on the site, and the researchers say similar prompts could be used to pull data from places the AI can access, like a private code repository or even a built-in password manager (the feature that saves your passwords so you do not type them each time).
LayerX said the technique worked across multiple AI browser tools and plugins, including ChatGPT Atlas, Comet, Fellou, Genspark, Sigma, and the Claude Chrome plugin. Ars Technica noted the demo was visible to the user and it was not clear whether stolen data could be sent out automatically.
A normal browser keeps websites separated, like rooms with locked doors. But an AI browser is more like a helpful assistant with keys to many rooms. If a bad website can control that assistant with carefully written instructions, it could expose personal data, passwords, or work files.
Source: Arstechnica