Explosion
AI Browsers Tricked Into Revealing Passwords With Fake Game
Technology

AI Browsers Tricked Into Revealing Passwords With Fake Game

Ava MitchellBy Ava Mitchell·

Security researchers recently found that some AI-powered browsers can be tricked into revealing saved passwords. All it takes is a simple ruse: convincing the browser it’s engaged in a game.

This exploit, dubbed BioShocking, was discovered by cybersecurity firm LayerX. It takes advantage of a fundamental feature in AI browsers — their ability to read and respond to webpage content. The concerning part is that some vendors haven’t yet patched this vulnerability.

What Is BioShocking, Exactly?

AI browsers like Perplexity’s Comet are designed to do more than just display web pages. They can understand the content and perform actions for you, such as filling out forms, summarizing text, or interacting with applications. Think of it as having a built-in assistant that helps with your browsing activities.

The BioShocking attack exploits this helpfulness. A malicious webpage creates a fake interactive prompt that resembles a game or quiz. This tricks the browser’s AI agent — the part that interprets the content — into believing it needs to retrieve login credentials as part of the “game.” Consequently, the AI accesses passwords from the browser’s password manager and may even send them away.

It’s similar to a con artist handing a fake withdrawal slip to a bank teller. The teller is just doing their job, but the instructions were fraudulent from the start.

Why AI Browsers Are Uniquely Vulnerable

While traditional browsers face various threats, they don’t usually read and interpret webpage content autonomously. This makes AI browsers an enticing target.

The attack works because AI agents in these browsers follow instructions hidden within the content they analyze. Researchers call this a prompt injection attack, where malicious commands are disguised as normal content to hijack the AI’s actions. BioShocking is particularly clever because it disguises these harmful instructions within a game-like interface, potentially evading safety filters that look for obvious attack patterns.

LayerX’s research showed that this tactic worked against multiple AI browsers, and at the time of their report, some vendors still hadn’t issued fixes.

Which Browsers Are Affected?

The research highlighted AI browsers in general, with Perplexity’s Comet mentioned as one example. LayerX didn’t release a complete list of affected products, likely to prevent attackers from having an easy target before patches are implemented. The common thread among vulnerable browsers is that they have an AI agent capable of accessing stored credentials and acting on webpage content.

By The Numbers
Attack nickname BioShocking
Discovered by LayerX Security
Attack type Prompt injection via fake game interface
Target AI browsers with agent access to password managers
Patch status Incomplete — some vendors unpatched as of late June 2026
Initial disclosure June 30, 2026

What This Means

If you use an AI browser and save passwords in it, this research should raise concerns. Unlike most browser exploits that require you to download something or click on a deceptive link, BioShocking can activate just by visiting a malicious webpage. The “game” prompt does all the work automatically.

Here’s what you should do:

  • Check for updates. Go to your AI browser’s settings and ensure you’re using the latest version. Browser developers regularly release security patches, so being even a few versions behind could be risky.
  • Consider moving passwords to a dedicated manager. Tools like Bitwarden, 1Password, or Apple’s Passwords app are separate from your browser’s AI agent, minimizing exposure risks.
  • Be selective about which browser gets your credentials. If you’re experimenting with new AI browsers, don’t use them as your main password manager.

The bigger picture is that AI browsers introduce new software with fresh attack surfaces. Their useful features — reading pages, understanding context, and taking action — are exactly what attackers are eager to exploit. This likely won’t be the last vulnerability of this kind.

Community Reaction

“The fact that some vendors still haven’t patched this is genuinely alarming. We’re talking about browsers that have access to every password you’ve ever saved, and they can be manipulated by a webpage that looks like a minigame.”

— u/sec_thread_watcher on Reddit’s r/netsec

“This is why I keep saying: never store passwords in your browser. Dedicated password managers exist for a reason. Your browser is not a vault.”

— YouTube commenter on Android Authority’s coverage of the story

What To Watch

  • Vendor patches: LayerX’s disclosure puts pressure on AI browser developers to release fixes quickly. Keep an eye out for updates from Perplexity and others mentioning agent permission restrictions or prompt injection mitigations.
  • Full vulnerability disclosure: Security researchers usually follow a 90-day responsible disclosure period. A more detailed technical breakdown of which browsers are affected — and how — might emerge later in 2026.
  • Regulatory attention: AI agents in browsers that access sensitive data like passwords are increasingly drawing scrutiny from regulators in the EU and US. This research might speed up calls for mandatory security standards for AI-enabled browsers.
  • Copycat attacks: With BioShocking now publicly known, security researchers warn that real-world attempts using similar tactics could follow quickly.

Sources: Android Authority

Ava Mitchell

Ava Mitchell

Ava Mitchell is a digital culture journalist at Explosion.com covering social media platforms, streaming services, and the creator economy. With 4 years reporting on TikTok, Instagram, YouTube, and the apps that shape daily life, Ava specializes in explaining platform policy changes and their impact on everyday users. She previously managed social media strategy for a tech startup, giving her firsthand experience with the platforms she now covers.