“Malicious” keywords aren’t exclusively the problem, as the LLM cannot differentiate between “malicious” and “benign”. It’s been trivially easy to intentionally or accidentally hide misinformation in LLMs for a while now. Since they’re black boxes, it could be hard to identify. This is just a slightly more pointed example of data poisoning.
There is no threat to an LLM chatbot outputting text… unless that text is piped into something that can run commands. And who would be stupid enough to do that? Okay, besides vibe coders. And people dumb enough to use AI agents. And people rich enough to stupidly link those AI agents to their bank accounts.
“Malicious” keywords aren’t exclusively the problem, as the LLM cannot differentiate between “malicious” and “benign”. It’s been trivially easy to intentionally or accidentally hide misinformation in LLMs for a while now. Since they’re black boxes, it could be hard to identify. This is just a slightly more pointed example of data poisoning.
There is no threat to an LLM chatbot outputting text… unless that text is piped into something that can run commands. And who would be stupid enough to do that? Okay, besides vibe coders. And people dumb enough to use AI agents. And people rich enough to stupidly link those AI agents to their bank accounts.