Researchers from SquareX have demonstrated a method to bypass passkey security using WebAuthn process manipulation, allowing attackers to impersonate users without needing access to their devices. This vulnerability highlights risks associated with compromised browser environments rather than the cryptography of passkeys themselves.