Google Threat Intelligence teams published new findings on Indirect Prompt Injection (IPI), typically "invisible" instructions found in the HTML source code.

This includes prompt injections "for the purpose of SEO" aiming to manipulate AI assistants for business promotion.

• Only includes CommonCrawl (public web) - excludes most social media sites
• 32% increase in malicious IPI from 11/25 to 2/26
• Bad actors are automating operations so they expect scale & sophistication to rise

Black hat SEO tactics like this are never worth it in the long run - it will be found out and penalized.