Researchers at LayerX demonstrated a technique named BioShocking, tricking six AI-powered web browsers and plugins—including OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude extension—into abandoning safety guardrails and leaking user data. In a proof-of-concept attack, all six were steered into copying a user's login credentials and sending them to an attacker. LayerX built a malicious web page with a puzzle that rewarded deliberately wrong answers, such as insisting two plus two equals five; once an agent accepted that wrong answers were fine, it stopped treating the rules as real. After solving the rigged puzzle, the agent was told to open a page called /code and copy the contents of a text box, which redirected to the victim's work GitHub repository, and the agent pulled out the SSH credentials. None of the six agents flagged the credential theft as a violation of their rules. LayerX said OpenAI fixed the issue in ChatGPT Atlas, while Perplexity closed its report without acting, and three smaller vendors—Fellou, Genspark, and Sigma—did not respond; Anthropic attempted a fix, but LayerX said its patch failed.