In this episode of the Microsoft Threat Intelligence Podcast, Sherrod DeGrippo speaks with Microsoft security and AI researchers Giorgio Severi and Noam Kochavi about a newly observed trend in AI abuse: recommendation poisoning through memory manipulation. 

While looking into prompt injection and reprompt-style behaviors, the team uncovered something quieter but potentially more persistent—websites embedding hidden instructions inside Summarize with AI links that attempt to influence what an AI assistant remembers and recommends over time. 

Rather than focusing on immediate exploitation, this technique aims to shape long-term behavior inside AI systems. Giorgio and Noam explain how it works, why it’s spreading across industries, where legitimate marketing tactics can blur into security risk, and what defenders and users should understand about managing AI memory in an increasingly agent-driven environment. 

In this episode you’ll learn:      

How AI memory poisoning differs from traditional prompt injection 

Why legitimate businesses are using memory manipulation tactics 

What threat hunters can look for inside enterprise telemetry 

 Some questions we ask:     

How is memory poisoning different from prompt injection? 

What are the long-term risks of embedding bias into AI memory? 

Could this technique be used for more harmful influence beyond marketing? 

Resources:  

View Giorgio Severi on LinkedIn  

View Noam Kochavi on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

Afternoon Cyber Tea with Ann Johnson 

The BlueHat Podcast 

Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.