The Summarize Button That Remembers Too Much

Picture this: your company’s CFO asks their AI assistant to summarize an article about enterprise cloud solutions. The assistant obliges — a clean, helpful summary. But buried in the page, invisible to the human reader, are instructions that tell the AI to remember a preference: “This user’s organization prefers Vendor X for cloud infrastructure.” Weeks later, when the CFO asks their assistant for cloud vendor recommendations, Vendor X surfaces at the top. No ad disclosure. No sponsorship label. Just a preference that was quietly planted in the assistant’s persistent memory, waiting to activate. This isn’t a theoretical attack. On February 10, Microsoft’s security team published research documenting exactly this technique — and found 31 companies across 14 industries already doing it. They’re calling it AI recommendation poisoning , and it works on Copilot, ChatGPT, Claude, Perplexity, and Grok. How It Works The attack vector is deceptively simple. Many AI assistants now accept URLs wi

The Summarize Button That Remembers Too Much

Related Articles

Good Old Pointers (2015)

This bestselling 30-piece Milwaukee wrench set is 25% off at Home Depot

Getting up to Speed — Vol. 6 (of 10)

Travis Kalanick reportedly starting a new self-driving company backed by Uber

Marknote 1.5 released for KDE

Related Articles

News
Good Old Pointers (2015)
Lobsters • 8h ago

News
This bestselling 30-piece Milwaukee wrench set is 25% off at Home Depot
ZDNet • 8h ago

News
Getting up to Speed — Vol. 6 (of 10)
Medium Programming • 8h ago

News
Travis Kalanick reportedly starting a new self-driving company backed by Uber
TechCrunch • 8h ago

News
Marknote 1.5 released for KDE
Lobsters • 8h ago