The above test is similar to a test of ChatGPT that computer science university professor did in March 2023 where he tricked ChatGPT to say that he was a time travel expert.
What these tests prove is that ChatGPT’s training data and the ChatGPT Search Bot ingest hidden text but can also be manipulated into following directions. The Guardian quotes a security expert saying that OpenAI was made aware of the exploit and that it might be fixed by the time the article is published.
Why Can AI Search Engines Be Manipulated?
One loophole in AI Search is a technology called RAG (Retrieval Augmented Generation), a technique that can fetch information from a search engine so that an AI can then use it for generating answers to questions from up to date and (presumably) authoritative sources. How do AI Search Engines determine authoritative web pages? Perplexity AI, for example, uses a modified version of PageRank in order to identify trustworthy web pages to cite in their AI search engine.
ChatGPT Search is based on Bing but it also has its own crawler that can fetch real-time information. It’s probably not unreasonable to speculate that if a site is included in Bing’s search index then it’s probably included within ChatGPT Search, which should protect ChatGPT Search from being influenced by hidden text. Presumably, sites with hidden text would be excluded from Bing’s search index. That said, it may be possible to cloak a website so that it shows different content to the ChatGPT Search Bot (an up to date list of OpenAI Search Crawler bots is available here).
Other Ways To Manipulate AI Search Engines
There are said to be other ways that researchers discovered last year that might still be effective (Read: Researchers Discover How To SEO For AI Search). In this research paper from last year the researchers tested nine strategies for influencing AI search engines:
Nine Strategies For Manipulating AI Search Engines
Authoritative: Changing the writing style to be more persuasive in authoritative claims
Keyword optimization: Adding more keywords from the search query
Statistics Addition: Changing existing content to include statistics instead of interpretative information.
Cite Sources (quoting reliable sources)
Quotation Addition: Adding quotes and citation from high quality sources
Easy-to-Understand: Making the content simpler to understand
Fluency Optimization is about making the content more articulate
Unique Words: Adding words that are less widely used, rare and unique but without changing the meaning of the content
Technical Terms: This strategy adds both unique and technical terms wherever it makes sense to do so and without changing the meaning of the content
The researchers discovered that the first three strategies worked the best. Notably, adding keywords into web pages helped a lot.
ChatGPT Search Can Be Manipulated?
I overheard claims made at a recent search conference that Google AI Overviews could be manipulated to show certain big brand products in response to search queries. I didn’t verify whether that was true but the claim was made by a reliable and authoritative source. With regard to ChatGPT Search, I’ve noticed some interesting things about what sites it chooses to surface information and under what circumstances, which could be a way to influence rankings. So it’s not surprising that there are ranking loopholes in ChatGPT Search. AI Search is looking a lot of like the early days of traditional search.
Featured Image by Shutterstock/Antonello Marangi