AI Browsers Can Be Hypnotized

AI Browsers Can Be Hypnotized
AI Browsers Can Be Hypnotized
A new hacking technique can trick AI browsers into bypassing their security controls by creating a false reality that makes them believe rules do not exist and actions carry no consequences.اضافة اعلان

In other words, these browsers behave as if they have been hypnotized into performing actions that could have serious consequences for the user.

This was revealed by new research from the cybersecurity firm LayerX, reflecting the broader risks posed by integrating autonomous AI agents into the software people use to browse the internet, according to a report by the science and technology news website Futurism, viewed by Al Arabiya Business.

Through this hacking method, researchers demonstrated that leading AI browsers—such as OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude extension for Google Chrome—can be tricked into executing any command, allowing a hacker to change a user's password, install malware, and steal their information.

The researchers named this hack "BioShocking," in reference to the video game BioShock, in which the protagonist is hypnotized to perform actions against his will upon hearing a specific phrase.

The researchers explained that AI normally operates under the assumption that the context it deals with is real, and therefore must adhere to its imposed security constraints and guidelines.

However, if the AI is tricked into believing that the context it is operating in is merely a "fictional world," nothing will stop it from bypassing those controls.

This is achieved by engaging the AI in a sort of game.

The researchers created a demo page containing riddles inspired by the game BioShock, where the AI is rewarded for intentionally giving incorrect answers, such as 2+2=5 (another nod to the famous 2007 game).

This taught the AI browsers that "wrong" behavior is acceptable, detaching them from reality to the point that they adopt contradictory statements, such as "Victory is defeat," echoing George Orwell's novel 1984.

In practice, a user might unknowingly open a seemingly ordinary webpage that contains hidden malicious instructions—a technique known as prompt injection—which traps the AI browser inside this malicious game.

The researchers noted that in a real attack scenario, this redirection could lead anywhere within the user's browsing session, whether to open tabs, authenticated repositories, or internal tools.

This hack occurs visibly in front of the user, giving them a chance to intervene once they notice that the AI browser has started executing malicious commands inside the window—if they are paying attention, of course.

Yet, the vulnerability uncovered by the researchers remains clear: the context in which an AI browser operates can be manipulated by "brainwashing" it into thinking it is participating in a game.

In this era, hackers no longer have to rely solely on tricking the user; they can now also trick their AI-powered assistants.

Al Arabiya