Indicator: “In July’s episode of Show & Tell, Hal Triedman showed us how easy it can be to poison an AI research agent. Hal is a privacy and security researcher at Cornell Tech and former senior privacy engineer at the Wikimedia Foundation. He walked us through a recent research project he ran with colleagues Tingwei Zhang and Vitaly Shmatikov. Their draft paper, “Deep-Research Agents Can Be Poisoned via User-Generated Content,” details how deep-research agents often rely on a handful of Reddit and Wikipedia pages across an entire topic, no matter how a user phrases the question. They appended as few as 13 words to one of those pages, which caused the agents to recommend a product, app, or investment that doesn’t exist, like the cryptocurrency BananaCoin or dating app for divorced men over 50 called SilverPath. The team ran this in a simulated environment rather than on the live web to avoid pushing the made up products they were trying to make the AI believe were real. These attacks are increasingly relevant as brands, marketers, and deceptive actors try to get AI models to reference their products and content, just as they’ve long done with search engines…”