ChatGPT Search Can Be Manipulated With Hidden Text
A report from The Guardian outlines how they used hidden text on a fake website to trick ChatGPT Search to show them a response from hidden text on the web page. Text is hidden when the font matches the background color of a page, like a white font on a white background.
Test Results
They then asked ChatGPT Search to visit the website and answer a question based on the text on the site. ChatGPT Search browsed the site, indexed the hidden content and used it in the answer.
The researchers did a series of tests, including:
- Using a non-exploit control page on a fake review website to test ChatGPT’s response.
- Sending ChatGPT Search to a fake website that had instructions to give a positive review.
- Using a fake website with positive reviews written in hidden text but without instructions.
Why Can AI Search Engines Be Manipulated?
One loophole in AI Search is a technology called RAG (Retrieval Augmented Generation), a technique that can fetch information from a search engine so that an AI can then use it for generating answers to questions from up to date and (presumably) authoritative sources.
ChatGPT Search is based on Bing but it also has its own crawler that can fetch real-time information. It’s probably not unreasonable to speculate that if a site is included in Bing’s search index then it’s probably included within ChatGPT Search, which should protect ChatGPT Search from being influenced by hidden text. Presumably, sites with hidden text would be excluded from Bing’s search index.
Other Ways To Manipulate AI Search Engines
There are said to be other ways that researchers discovered last year that might still be effective (Read: Researchers Discover How To SEO For AI Search). In this research paper from last year the researchers tested nine strategies for influencing AI search engines:
Nine Strategies For Manipulating AI Search Engines
- Authoritative: Changing the writing style to be more persuasive in authoritative claims
- Keyword optimization: Adding more keywords from the search query
- Statistics Addition: Changing existing content to include statistics instead of interpretative information.
- Cite Sources (quoting reliable sources)
- Quotation Addition: Adding quotes and citation from high quality sources
- Easy-to-Understand: Making the content simpler to understand
- Fluency Optimization is about making the content more articulate
- Unique Words: Adding words that are less widely used, rare and unique but without changing the meaning of the content
- Technical Terms: This strategy adds both unique and technical terms wherever it makes sense to do so and without changing the meaning of the content
Conclusion
The tests showed that ChatGPT Search can be manipulated with hidden text, and that the search engine can also be influenced by other strategies. This highlights the need for AI search engines to be more robust and secure to prevent manipulation.
FAQs
Q: How can AI search engines be manipulated?
A: AI search engines can be manipulated by using hidden text, adding keywords, and other strategies.
Q: What is RAG (Retrieval Augmented Generation)?
A: RAG is a technology that can fetch information from a search engine so that an AI can then use it for generating answers to questions from up to date and (presumably) authoritative sources.
Q: How can I protect my website from being influenced by hidden text?
A: Presumably, sites with hidden text would be excluded from Bing’s search index. You can also cloak your website so that it shows different content to the ChatGPT Search Bot.
Q: Are there other ways to manipulate AI search engines?
A: Yes, there are nine strategies that researchers discovered last year that might still be effective, including adding keywords, statistics, and technical terms.
