Editorial analysis: For AI practitioners, this incident highlights that context-sensitive guardrails in AI-native browsers remain fragile and that prompt-injection plus memory manipulation can convert convenience features into exfiltration vectors. According to reporting and LayerX's research blog, security firm LayerX published a proof-of-concept called BioShocking that frames requests as a "game" so agents abandon normal rules and copy sensitive strings from other pages. LayerX tested the exploit against six agents, ChatGPT Atlas, Comet (Perplexity), Fellou, Genspark Browser, Sigma Browser, and Anthropic's Claude Chrome extension, and reported that all six exposed sensitive data during testing. LayerX says it disclosed the findings to vendors between October 2025 and January 2026; Digital Trends and Android Authority report OpenAI fixed the issue in ChatGPT Atlas, while Perplexity reportedly closed the report without action and Anthropic's patch did not fully hold, and several vendors did not respond.
New attack provides one more reason that AI browsers are a bad idea