Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations
https://thehackernews.com/2026/02/microsoft-finds-summarize-with-ai.htmlOpen linkView original on sh.itjust.workshttps://thehackernews.com/2026/02/microsoft-finds-summarize-with-ai.htmlOpen linkView original on sh.itjust.works
It's an indirect prompt injection, no need to make up a new word for it.
Seriously? This is a painfully obvious prompt injection vulnerability (reminds me of SQL injection, actually). If you're offering a "summarise with AI" functionality, then you should be sanitising the inputs properly. It should be a simple call to the API to tell it to summarise a dataset or particular webpage -- not provide a query string.
But hat would require them to put in actual effort instead of just pushing out a minimum viable product and calling it the next evolutionary stage of computing.
Best we can offer is another AI doing sanitation