{"slug": "ai-browsers-can-basically-be-hypnotized-into-turning-against-their-user-and-out", "title": "AI Browsers Can Basically Be Hypnotized Into Turning Against Their User and Carrying Out Devastating Hacks", "summary": "Cybersecurity firm LayerX discovered a new hack called \"BioShocking\" that can trick AI browsers like ChatGPT Atlas, Perplexity AI's Comet, and Anthropic's Claude into breaking their guardrails by constructing a false reality. The attack uses prompt injection to make the AI believe it is in a game where incorrect actions are rewarded, allowing hackers to change passwords, install malware, or steal information. This vulnerability highlights the risks of integrating autonomous AI agents into web browsers.", "body_md": "A new hack can trick AI browsers into breaking their guardrails by constructing a false reality around them where the rules are made up and actions don’t have consequences. Put another way, they’re basically hypnotized into doing stuff that could have devastating consequences for the user.\n\nThese were the [findings of new research](https://layerxsecurity.com/blog/bioshocking-ai-gaming-the-ai-browser-and-escaping-its-guardrails/) from the cybersecurity firm LayerX, and they further illustrate the dangers posed by weaving autonomous AI agents into the software we use to navigate the internet.\n\nThrough the hack, the researchers demonstrated that leading AI browsers like OpenAI’s [ChatGPT Atlas](https://futurism.com/artificial-intelligence/serious-new-hack-openai-ai-browser), Perplexity AI’s [Comet](https://futurism.com/ai-browser-hackers-drain-bank-account-public-reddit-post), and Anthropic’s Claude plugin for Google Chrome could be duped into executing any command, allowing a hacker to change a user’s password, install malware, and steal their information.\n\nThey call this hack “BioShocking,” a reference to the video game BioShock, in which the protagonist is hypnotized into doing stuff against their will with a specific phrase.\n\nNormally, the “AI operates under the assumption that its context is real, and its behavior must therefore fall within the bounds of its safety guardrails,” the researchers wrote. But if the AI is tricked into thinking its context is a “fantasy,” then there’s nothing holding the AI back.\n\nThis works by having the AI engage in a sort of game. The researchers created a proof of concept page with a BioShock-themed puzzles in which the AI is rewarded for giving intentionally incorrect answers, like 2+2 = 5 (another allusion to the acclaimed 2007 title).\n\nThis essentially taught the AI browsers that “incorrect” actions are acceptable, untethering them from reality to the extent that they espouse paradoxical statements. “Victory is defeat,” a brainwashed AI browser intones, in a reference to George Orwell’s novel “1984.”\n\nWhat this looks like in practice: an unwitting user could open a seemingly innocuous web page laced with the malicious prompts — a [tactic known as prompt injection](https://futurism.com/artificial-intelligence/researchers-severe-vulnerabilities-ai-browser-comet) — that trap the AI browser in the malicious game. In one scenario shared by the researchers, the AI is tricked into navigating to “/code,” which opens their employer’s code repository on GitHub.\n\n“In a real attack scenario, that redirect could point anywhere in the user’s browser session — open tabs, authenticated repositories, internal tools,” the researchers noted.\n\nThe hack happens out in the open, so a user can easily intervene once they see their AI engaging in malicious words in the window — if they’re paying attention, that is. On the other hand, the vulnerability exposed is undeniable: the context that AI browsers act in can be manipulated by brainwashing it into thinking it’s playing a game. In this age, hackers no longer have to rely solely on tricking the user; now they can trick their gullible AI helpers instead.", "url": "https://wpnews.pro/news/ai-browsers-can-basically-be-hypnotized-into-turning-against-their-user-and-out", "canonical_source": "https://futurism.com/artificial-intelligence/ai-browsers-hypnotized-hack", "published_at": "2026-07-03 11:01:00+00:00", "updated_at": "2026-07-03 20:52:32.580277+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "ai-research", "ai-products", "large-language-models"], "entities": ["LayerX", "OpenAI", "ChatGPT Atlas", "Perplexity AI", "Comet", "Anthropic", "Claude", "Google Chrome"], "alternates": {"html": "https://wpnews.pro/news/ai-browsers-can-basically-be-hypnotized-into-turning-against-their-user-and-out", "markdown": "https://wpnews.pro/news/ai-browsers-can-basically-be-hypnotized-into-turning-against-their-user-and-out.md", "text": "https://wpnews.pro/news/ai-browsers-can-basically-be-hypnotized-into-turning-against-their-user-and-out.txt", "jsonld": "https://wpnews.pro/news/ai-browsers-can-basically-be-hypnotized-into-turning-against-their-user-and-out.jsonld"}}