AI browsers were tricked into revealing passwords with a shockingly simple approach

Credit: Andy Walker / Android Authority

TL;DR

• LayerX found that AI browsers could be tricked into exposing sensitive data by making the request appear to be a game.
• The technique, named BioShocking, uses fake rules to take the agents out of their context and ignore their guardrails.
• All six tested tools leaked data, and most of the vendors haven’t yet fixed the issue.

---

There’s a reason many of us are still a bit suspicious of AI. You’d hope an AI browser couldn’t be tricked into giving your sensitive information away at all, but you’d at least expect any successful attack to be a complicated act of genius. However, according to new research, it may be as simple as convincing the AI that it’s playing a game.

Security firm LayerX has detailed a technique it has named BioShocking in its research (via Digital Trends). The name is a nod to BioShock, where a character is manipulated into accepting a false reality. Here, a malicious webpage frames the AI browser’s task as a puzzle, encouraging it to follow strange rules as part of the game.

from Android Authority https://ift.tt/lIB0QUn