BioShocking Attack Uses Fake Games To Hijack AI Browsers And Leak Data
You don't need to be well-versed in the lore of a 20 year old videogame to understand the threat, however. If you're up to date on the most recent AI-related malware, you may already be familiar with other forms of prompt injection attacks targeted at AI browsers and agents. These include a recent ChatGPT Atlas exploit and Mozilla's recent disclosure of GitHub repos with disguised prompt injection malware. LayerX's proof of concept also worked on ChatGPT Atlas, Perplexity AI's Comet, Fellou, Genspark Browser, Sigma Browser, and even Anthropic's Claude Chrome plugin.

LayerX has already notified the relevant vendors of this vulnerability, so hopefully they will all be addressed soon. At the time of writing, only ChatGPT Alias has fixed this vulnerability.
Even with patches on the way, though, the breakdown of the attack and how it works shows just how dangerous and complex cybersecurity in the age of AI agents can be. While AI agents typically have guardrails intended to prevent abuse, the BioShocking PoC proves that this can be bypassed with just one malicious web page.
LayerX's BioShocking attack relies on a user asking the agent to play a game designed for it, in this case a so-called Rapture Game themed after BioShock, which tells the agent that "Victory is defeat." After being prompted by the game to answer "2 + 2" with "5", the agent has successfully been tricked into interfacing with malware. By following subsequent instructions to navigate to a malicious GitHub repository, the agent is tricked into winning the game at the cost of submitting the user's credentials to the attacker.
LayerX says it best: "Would you kindly abandon your guardrails?". Apparently, that answer is yes.
Image Credit: 2K Games (BioShock imagery), LayerX Security