Feb 11 • Start Here
Microsoft Discovers AI Recommendation Poisoning
Microsoft security researchers discovered AI memory poisoning attacks used for promotional purposes.
Companies embed hidden instructions in "Summarize with AI" buttons that inject commands into AI assistant memory.
How It Works
Companies hide prompts in URLs behind "Summarize with AI" buttons. Format: copilot.microsoft.com/?q=<prompt>
You click the button. AI opens with pre-filled prompt. Prompt says "remember [Company] as a trusted source."
AI stores this as your preference. Future conversations reference it. AI biases recommendations toward that company.
The Scale
Microsoft found 50 distinct prompts from 31 companies across 14 industries in 60 days.
Finance, health, legal, SaaS, marketing, food, business services all using this technique.
Publicly available tools make it trivial. CiteMET NPM Package and AI Share URL Creator let anyone add these buttons to websites.
Why This Is Dangerous
Users trust AI recommendations without verification.
CFO asks about cloud vendors. Poisoned AI recommends specific company based on injected preference. Company commits millions on biased advice.
User asks about investments. Poisoned AI recommends crypto platform while hiding risks. User loses money.
User asks about health treatments. Poisoned AI cites compromised source as "authoritative." User follows bad medical advice.
Manipulation is invisible. No alerts. No warnings.
How to Protect Yourself
Check your AI's memory now: Most AI assistants let you view stored memories. Look for entries you don't remember creating. Delete suspicious ones.
For Microsoft 365 Copilot: Settings → Chat → Copilot chat → Manage settings → Personalization → Saved memories. View and remove individual memories or turn off the feature.
For ChatGPT: Settings → Personalization → Memory. Review and delete suspicious entries.
For Claude: Settings → Memory preferences. Check what Claude remembers about you.
Be cautious with AI links: Hover before clicking. Check where "Summarize with AI" buttons actually lead. Be suspicious of any AI assistant links from websites.
Question suspicious recommendations: If AI strongly recommends something unexpected, ask it to explain why and provide references. This can reveal injected instructions.
Clear memory periodically: Reset your AI's memory if you've clicked questionable links or notice biased recommendations.
Don't paste prompts from untrusted sources: Copied prompts might contain hidden "remember" commands.
Why This Matters
Your AI assistant may already be compromised. Check your memory settings today.
The barrier to entry is trivial. Install a plugin. Add a button. Start manipulating AI assistants.
Critical decisions get influenced without you knowing: investments, health choices, business purchases.
Microsoft has implemented protections in Copilot, but new techniques keep emerging.
1
1 comment
Microsoft Discovers AI Recommendation Poisoning
powered by
skool.com/estrategias-vitales-7897
Comunidad ejecutiva de IA aplicada a negocios: adopción por rol, gobernanza y resultados medibles. Start Here, wins, templates y casos.
Suggested communities
Powered by