In a recent update to its Webmaster Guidelines, Microsoft’s search engine Bing has taken a stand against a growing concern in the AI space: prompt injection. This new guideline warns website owners against including content that could be used to manipulate large language models (LLMs) through prompt injection attacks.
According to the updated guidelines, websites found to contain content attempting prompt injection attacks on Bing’s language models may face serious consequences, including demotion in search rankings or complete removal from Bing’s search results.
Do not add content on your webpages which attempts to perform prompt injection attacks on language models used by Bing. This can lead to demotion or even delisting of your website from our search results.
Bing
Prompt injection, as explained by IBM, is a type of attack that targets generative AI systems. Attackers disguise malicious inputs as legitimate prompts, potentially causing AI models to leak sensitive information or spread misinformation.
The IBM explainer identifies two main types of prompt injection attacks: direct and indirect. Direct attacks involve hackers inputting malicious prompts directly into an AI system, while indirect attacks involve planting harmful prompts in data that AI models might consume, such as web pages or forum posts.
Bing’s new guideline specifically addresses the latter, warning website owners against including content that could be used for prompt injection attacks on the language models powering Bing’s services, specifically – Microsoft Copilot.
Bing is likely concerned that users might:
- Attempt to manipulate search rankings or results by cleverly using prompt injection techniques.
- Use prompt injection to bypass content filters or generate misleading information that could appear in search results.
- Exploit Bing’s AI features for malicious purposes, such as generating spam content or phishing attempts.
While specific examples of how prompt injection might be used on websites were not provided, the guideline implies that some website owners may have been attempting to manipulate Bing’s AI-powered features through carefully crafted content.
As AI continues to play a larger role in online services, other major platforms and search engines will likely follow suit with similar guidelines, considering that Google is also launching its AI Overviews feature (which had a disastrous launch) to its users.
It’s entirely possible that Bing’s move could be an early step in a broader effort to establish best practices for website content in a landscape where everything is driven by robot answering machines, ones that are predisposed to being vulnerable to prompt injections.
