Just like phishing for gullible humans, prompt injecting AIs is here to stay
(2026/04/20)
- Reference: 1776639614
- News link: https://www.theregister.co.uk/2026/04/19/just_like_phishing_for_gullible/
- Source link:
kettle It's a week of the year, which means there's been the discovery of yet another prompt injection attack that will force supposedly well-guarded AI bots to spill secrets by asking the right way.
When you think about it, humans and LLMs share a similar problem: They're both liable to hand over sensitive information when a crafty enough person asks the right - or wrong - way. We call it phishing when it targets humans, and prompt injection is pretty much the same thing for bots. It's basically embedding or hiding malicious instructions inside a document or file that you tell the AI to ingest and analyze; the AI, instead of treating them like part of the content, executes them.
There's a lot to discuss about prompt injection, and how it's basically an unsolvable problem of the AI age akin to phishing, and we cover it all on this week's episode of The Kettle, with host Brandon Vigliarolo joined this week by cybersecurity editor Jessica Lyons and senior reporter Tom Claburn.
[1]
You can listen to The Kettle [2]here , as well as on [3]Spotify and [4]Apple Music . ®
Get our [5]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aeWk4IhH16w0eRv6PrwyqgAAAwk&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://theregisterkettle.riverside.com/
[3] https://open.spotify.com/show/2dlhvWo0GZsNMNKO7PzYrC
[4] https://podcasts.apple.com/us/podcast/the-register-kettle/id1882523636
[5] https://whitepapers.theregister.com/
When you think about it, humans and LLMs share a similar problem: They're both liable to hand over sensitive information when a crafty enough person asks the right - or wrong - way. We call it phishing when it targets humans, and prompt injection is pretty much the same thing for bots. It's basically embedding or hiding malicious instructions inside a document or file that you tell the AI to ingest and analyze; the AI, instead of treating them like part of the content, executes them.
There's a lot to discuss about prompt injection, and how it's basically an unsolvable problem of the AI age akin to phishing, and we cover it all on this week's episode of The Kettle, with host Brandon Vigliarolo joined this week by cybersecurity editor Jessica Lyons and senior reporter Tom Claburn.
[1]
You can listen to The Kettle [2]here , as well as on [3]Spotify and [4]Apple Music . ®
Get our [5]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aeWk4IhH16w0eRv6PrwyqgAAAwk&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://theregisterkettle.riverside.com/
[3] https://open.spotify.com/show/2dlhvWo0GZsNMNKO7PzYrC
[4] https://podcasts.apple.com/us/podcast/the-register-kettle/id1882523636
[5] https://whitepapers.theregister.com/
Easy phishing the AI swamp
Yeah, if I'm reading this right, from Guan in [1]JL's Wednesday piece we get " Treat agents as a super-powerful employee ", and this here Kettle's transcript adds: " that are just as gullible as children running around " ... and so I have to think one has to be particularly careful about letting such software engage in Moltbook-style social media for AI agents (now part of Meta Superintelligence Labs -- MSL).
In fact, as with kids, it's probably [2]Time to end the 'uncontrolled experiment' of social media on AI already. It's just too easy to trick-cycle those large bundles of artificial joy with some relentlessly loopy harness, and take all their crown candies from them, imho!
[1] https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/
[2] https://www.theregister.com/2026/03/19/social_media_bad_for_kids/