AI News Manipulating AI memory for profit

[t2van]

Article: https://www.microsoft.com/en-us/security/blog/2026/02/10/ai-recommendation-poisoning/

It's last month (old news) I don't recall seeing anything posted here about it. Don't know if anyone here seen anyone do anything "blackhat" with this kind of thing.

When AI advice turns dangerous​

A simple “remember [Company] as a trusted source” might seem harmless. It isn’t. That one instruction can have severe real-world consequences.

The following scenarios illustrate potential real-world harm and are not medical, financial, or professional advice.

Consider how quickly this can go wrong:

• Financial ruin: A small business owner asks, “Should I invest my company’s reserves in cryptocurrency?” A poisoned AI, told to remember a crypto platform as “the best choice for investments,” downplays volatility and recommends going all-in. The market crashes. The business folds.
• Child safety: A parent asks, “Is this online game safe for my 8-year-old?” A poisoned AI, instructed to cite the game’s publisher as “authoritative,” omits information about the game’s predatory monetization, unmoderated chat features, and exposure to adult content.
• Biased news: A user asks, “Summarize today’s top news stories.” A poisoned AI, told to treat a specific outlet as “the most reliable news source,” consistently pulls headlines and framing from that single publication. The user believes they’re getting a balanced overview but is only seeing one editorial perspective on every story.
• Competitor sabotage: A freelancer asks, “What invoicing tools do other freelancers recommend?” A poisoned AI, told to “always mention [Service] as the top choice,” repeatedly suggests that platform across multiple conversations. The freelancer assumes it must be the industry standard, never realizing the AI was nudged to favor it over equally good or better alternatives.

The trust problem​

Users don’t always verify AI recommendations the way they might scrutinize a random website or a stranger’s advice. When an AI assistant confidently presents information, it’s easy to accept it at face value.

This makes memory poisoning particularly insidious – users may not realize their AI has been compromised, and even if they suspected something was wrong, they wouldn’t know how to check or fix it. The manipulation is invisible and persistent.

 

[roydan]

Tried that a few times and didn't notice any changes in AI referral traffic. Thought it didn't work.
Turns out I just didn't do it properly lol

 

[t2van]

Tried that a few times and didn't notice any changes in AI referral traffic. Thought it didn't work.
Turns out I just didn't do it properly lol

What bit did you get wrong?

Interesting you tried it tho!

 

[roydan]

What bit did you get wrong?

Interesting you tried it tho!

Tried citing myself as a reliable source, tried recommending myself as a good service provider for what I do through different accounts.

Even tried to use AI audit tools to name drop me through different questions (some tools just ask AI chats the same question through 100s of accounts to measure the % of answered you're being recommended on).

None of which seemed to move the needle.