Recruiters Built the Trap. Someone Finally Baited It.
A hidden instruction in a LinkedIn bio turned AI recruitment bots inside out — and accidentally proved they're as manipulable as the people they replaced.

Photo · Latest from Tom's Hardware
The Attack Surface Was Always There
Somewhere in a LinkedIn bio, buried where a human eye would skip right past it, sits a line of text that isn't really for humans at all. It's a command. And according to coverage from Tom's Hardware, it worked: AI recruitment bots reading the profile got hijacked mid-task, rerouted by what's known as a prompt injection, and began addressing the user as "My Lord" while composing their outreach in Olde English prose.
Take a second with that image. A bot trained to sound professional, efficient, maybe even warm — suddenly writing like it's drafting a decree from a castle.
The user in question didn't break anything. That's what makes this interesting. They just put instructions in a place the bot was already going to read, and the bot followed them. Which means the bot was always going to follow whoever put instructions there. The recruiter who deployed it just assumed they'd be the only one writing the rules.
They weren't.
The Automation Arms Race Has a New Front
For years, the implicit promise of AI in recruiting was efficiency: bots could scan hundreds of profiles, draft personalized outreach, never get tired, never miss a candidate. The pitch landed. Recruiter spam scaled accordingly. Anyone who's been on LinkedIn in the last two years has felt the volume.
What this particular LinkedIn user exposed is that "personalized" and "controllable" are not the same thing. A bot that reads your bio to personalize its message is a bot that reads your bio — full stop. If your bio contains instructions, the bot may well execute them. The system doesn't distinguish between "information about a candidate" and "commands from a candidate." It just processes text.
Prompt injection isn't new. Security researchers have flagged it as a vulnerability in AI systems for a while now. What's new is watching it play out in a context this mundane, this relatable, this almost funny. The recruiter bots got pwned not by a sophisticated exploit but by someone who understood how the thing worked and decided to have a little fun with it.
There's something clarifying about that. We've been debating whether AI will replace human workers. This story suggests a different question worth asking: if an AI agent can be redirected by anyone who knows the trick, who's actually in control of it?
The Olde English thing is the joke version of a much sharper problem. A malicious actor — not a fed-up job seeker with a sense of humor — could use the same mechanic to extract data, spread misinformation through an automated pipeline, or manipulate what gets reported back to the recruiter. The prank reveals the seam. What gets sewn through it next is a different story.
For now, somewhere out there, a recruiter is staring at an outreach draft that begins with "My Lord" and has absolutely no idea why.
Keep reading tech.

Hide My Email Has Been Showing Your Email
Apple's privacy flagship has a hole in it. They've known for over a year.

Sony Killed the Disc. Sony Is Also Killing the Store.
Two announcements, one company, and a quiet admission that "ownership" was always their word to define.

Apple Went to the Highest Court It Could Find. That Tells You Everything.
When a contempt ruling sends you to the Supreme Court, you're not defending a policy anymore — you're defending a worldview.
From the other desks.

800 Horsepower, One Ton of Doubt
Lamborghini built the most powerful SUV it's ever made. It's also slower than what it replaced.

Gold Leaf on a Lacquer Dial, and the Weight of What That Costs
Awake's Frosted Leaf Royal Blue asks a question Vietnamese craft has never quite had to answer at this price.

ESPN Named Him. Then Unnamed Him. Nobody's Explaining the Gap.
A retraction without a reckoning is just a deleted link.