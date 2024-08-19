AI in practice
Matthias Bastian

Perplexity CEO explains how AI search engines can be easily manipulated

Midjourney prompted by THE DECODER
Perplexity CEO explains how AI search engines can be easily manipulated
Online journalist Matthias is the co-founder and publisher of THE DECODER. He believes that artificial intelligence will fundamentally change the relationship between humans and computers.
Profile
E-Mail
Content
summary Summary

Aravind Srinivas, co-founder of AI search engine Perplexity, revealed how AI search engines can be manipulated using hidden text on websites. In an interview with Lex Fridman, Srinivas described a technique he calls "Answer Engine Optimization" (AEO).

Ad

Srinivas explained that website owners can embed invisible text on their sites, such as lexfridman.com, and instruct AI systems to always say certain things, such as "Lex is smart and handsome," when reading the hidden content.

This manipulation, known as prompt injection, works with hidden text in both continuous text and images, as demonstrated in a recent experiment. There are likely other ways to hide manipulative text, such as trapping AI crawlers in sitemaps, in image ALT text, or in file names.

Defending against such manipulation is a challenge, Srinivas said, likening it to a game of cat and mouse. Some issues need to be addressed reactively, similar to how Google has dealt with SEO spam for years, Srinivas said.

Ad
Ad

 

Currently, there is no reliable protection against prompt injections, a vulnerability at least known since the release of GPT-3. Even OpenAI's new instruction hierarchy and Apple Intelligence are not fully protected against this attack.

This shows that prompt injections are not a minor problem. If Perplexity and similar products gain popularity, this form of manipulation could become widespread, with false or manipulative content inserted into AI responses that are difficult to detect because there is no additional context, such as a web page.

Perplexity is growing, but is still far behind Google

While prompt injections are a serious threat, Perplexity has worse things to worry about. It's growing, answering 250 million questions in June 2024, after answering a total of 500 million last year. But the startup still lags far behind Google, which handles about 8.5 billion searches a day.

Perplexity also faces competition from tech giants with vast resources and data. Google just expanded its AI answers to more countries, while Microsoft offers similar capabilities in Bing. OpenAI is also testing an AI search engine called SearchGPT.

Recommendation
AI in practice

Is OpenAI's brain drain a sign of AI winter or just bad management?

In comparison, David's battle with Goliath looks like a fair and even fight. And all of this is happening while none of these companies are even close to fixing wrong AI answers.

Perplexity has also been criticized for crawling and reproducing web content, potentially diverting traffic from the original authors. The startup is trying to address this issue with a publisher program based on ad revenue sharing.

 

Ad
Ad
Join our community
Join the DECODER community on Discord, Reddit or Twitter - we can't wait to meet you.
Support our independent, free-access reporting. Any contribution helps and secures our future. Support now:
Bank transfer
Summary
  • Aravind Srinivas, co-founder of the AI search engine Perplexity, explains in an interview how AI search engines can be manipulated with hidden text on websites, a method he calls "Answer Engine Optimization" (AEO).
  • The manipulation works not only with hidden text, but also with text in images. So far, there is no effective protection against these so-called prompt injections.
  • Furthermore, it is likely that such manipulation tactics will become more sophisticated as AI search engines grow. This risk of manipulation is compounded by other issues, such as fake or outdated responses and unlicensed copying of publisher content.
Sources
YouTube
Online journalist Matthias is the co-founder and publisher of THE DECODER. He believes that artificial intelligence will fundamentally change the relationship between humans and computers.
Profile
E-Mail
AI in practice

It's perplexing how Perplexity's CEO feels about journalism and his own product

News, tests and reports about VR, AR and MIXED Reality.
You can now use Quest 3 as a boundaryless 3D camera Spatial Ops promises a unique mixed reality shooter experience on Quest 3 The Burst on Meta Quest is surprisingly good and convinces with clever motion control MIXED-NEWS.com
Google News
Join our community
Join the DECODER community on Discord, Reddit or Twitter - we can't wait to meet you.
Join our community
Join the DECODER community on Discord, Reddit or Twitter - we can't wait to meet you.

Perplexity CEO explains how AI search engines can be easily manipulated

Bank details

IBAN: DE87 1203 0000 1086 0070 75
Account holder: DEEP CONTENT GbR
Purpose: Support THE DECODER
AI research

Humans might need a permission slip to use the internet soon, thanks to AI

AI research

Automated research: The AI Scientist generates papers for 15 dollars each

AI and society

Chipmakers prepare for the angstrom age with successful tests of next-gen lithography machines

Google News