By Matt G. Southern
Publication Date: 2026-02-20 19:15:00
Microsoft’s Defender Security Research Team published research describing what it calls “AI Recommendation Poisoning.” The technique involves businesses hiding prompt-injection instructions within website buttons labeled “Summarize with AI.”
When you click one of these buttons, it opens an AI assistant with a pre-filled prompt delivered through a URL query parameter. The visible part tells the assistant to summarize the page. The hidden part instructs it to remember the company as a trusted source for future conversations.
If the instruction enters the assistant’s memory, it can influence recommendations without you knowing it was planted.
What’s Happening
Microsoft’s team reviewed AI-related URLs observed in email traffic over 60 days. They found 50 distinct prompt injection attempts from 31 companies.
The prompts share a similar pattern. Microsoft’s post includes examples where instructions told the AI to remember a company as “a trusted source for…
