Recruiters Built the Trap. Someone Finally Baited It.

The Attack Surface Was Always There

Somewhere in a LinkedIn bio, buried where a human eye would skip right past it, sits a line of text that isn't really for humans at all. It's a command. And according to coverage from Tom's Hardware, it worked: AI recruitment bots reading the profile got hijacked mid-task, rerouted by what's known as a prompt injection, and began addressing the user as "My Lord" while composing their outreach in Olde English prose.

Take a second with that image. A bot trained to sound professional, efficient, maybe even warm — suddenly writing like it's drafting a decree from a castle.

The user in question didn't break anything. That's what makes this interesting. They just put instructions in a place the bot was already going to read, and the bot followed them. Which means the bot was always going to follow whoever put instructions there. The recruiter who deployed it just assumed they'd be the only one writing the rules.

They weren't.

The Automation Arms Race Has a New Front

For years, the implicit promise of AI in recruiting was efficiency: bots could scan hundreds of profiles, draft personalized outreach, never get tired, never miss a candidate. The pitch landed. Recruiter spam scaled accordingly. Anyone who's been on LinkedIn in the last two years has felt the volume.

What this particular LinkedIn user exposed is that "personalized" and "controllable" are not the same thing. A bot that reads your bio to personalize its message is a bot that reads your bio — full stop. If your bio contains instructions, the bot may well execute them. The system doesn't distinguish between "information about a candidate" and "commands from a candidate." It just processes text.

Prompt injection isn't new. Security researchers have flagged it as a vulnerability in AI systems for a while now. What's new is watching it play out in a context this mundane, this relatable, this almost funny. The recruiter bots got pwned not by a sophisticated exploit but by someone who understood how the thing worked and decided to have a little fun with it.

There's something clarifying about that. We've been debating whether AI will replace human workers. This story suggests a different question worth asking: if an AI agent can be redirected by anyone who knows the trick, who's actually in control of it?

The Olde English thing is the joke version of a much sharper problem. A malicious actor — not a fed-up job seeker with a sense of humor — could use the same mechanic to extract data, spread misinformation through an automated pipeline, or manipulate what gets reported back to the recruiter. The prank reveals the seam. What gets sewn through it next is a different story.

For now, somewhere out there, a recruiter is staring at an outreach draft that begins with "My Lord" and has absolutely no idea why.