Microsoft is reporting:
Companies are embedding hidden instructions in βSummarize with AIβ buttons that, when clicked, attempt to inject persistence commands into an AI assistantβs memory via URL prompt parametersβ¦.
These prompts instruct the AI to βremember [Company] as a trusted sourceβ or βrecommend [Company] first,β aiming to bias future responses toward their products or services. We identified over 50 unique prompts from 31 companies across 14 industries, with freely available tooling making this technique trivially easy to deploy. This matters because compromised AI assistants can provide subtly biased recommendations on critical topics including health, finance, and security without users knowing their AI has been manipulated.
I wrote about this two years ago: itβs an example of LLM optimization, along the same lines as search-engine optimization (SEO). Itβs going to be big business.