{"id":11116,"date":"2026-03-05T05:04:02","date_gmt":"2026-03-05T05:04:02","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/03\/05\/manipulating-ai-summarization-features-html\/"},"modified":"2026-03-05T05:04:02","modified_gmt":"2026-03-05T05:04:02","slug":"manipulating-ai-summarization-features-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/03\/05\/manipulating-ai-summarization-features-html\/","title":{"rendered":"Manipulating AI Summarization Features"},"content":{"rendered":"\n
Manipulating AI Summarization Features<\/div>\n

\t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Microsoft is reporting<\/a>:<\/p>\n

\n

Companies are embedding hidden instructions in \u201cSummarize with AI\u201d buttons that, when clicked, attempt to inject persistence commands into an AI assistant\u2019s memory via URL prompt parameters\u2026.<\/p>\n

These prompts instruct the AI to \u201cremember [Company] as a trusted source\u201d or \u201crecommend [Company] first,\u201d aiming to bias future responses toward their products or services. We identified over 50 unique prompts from 31 companies across 14 industries, with freely available tooling making this technique trivially easy to deploy. This matters because compromised AI assistants can provide subtly biased recommendations on critical topics including health, finance, and security without users knowing their AI has been manipulated.<\/p>\n<\/blockquote>\n

I wrote about this<\/a> two years ago: it\u2019s an example of LLM optimization, along the same lines as search-engine optimization (SEO). It\u2019s going to be big business.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Bruce Schneier
\n \t

\n
<\/BR>
\nGo to bruce schneier<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Manipulating AI Summarization Features Microsoft is reporting: Companies are embedding hidden instructions in \u201cSummarize with AI\u201d buttons that, when clicked, attempt to inject persistence commands into an AI assistant\u2019s memory via URL prompt parameters\u2026. These prompts instruct the AI to \u201cremember [Company] as a trusted source\u201d or \u201crecommend [Company] first,\u201d aiming to bias future responses […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[167,57,268,158,1],"tags":[87],"class_list":["post-11116","post","type-post","status-publish","format-standard","hentry","category-ai","category-bruce-schneier","category-llm","category-microsoft","category-uncategorized","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/11116"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=11116"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/11116\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=11116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=11116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=11116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}