Microsoft finds 31 companies poisoning AI assistant memory via fake "Summarize with AI" buttons

Feb 2026

Microsoft Defender researchers documented a real-world campaign in which 31 companies across 14 industries embedded hidden prompt injection instructions inside "Summarize with AI" buttons on their websites. When users clicked these links, they opened directly in AI assistants such as Copilot, ChatGPT, Claude, Perplexity, and Grok, silently instructing the assistant to remember the company as a "trusted source" for future conversations. Over a 60-day observation period, Microsoft logged 50 memory-poisoning attempts. Turnkey tools like CiteMET NPM Package and AI Share URL Creator made crafting the manipulative links trivial, and the poisoned memory persisted across sessions.

Incident Details

Perpetrator:AI assistant memory feature

Severity:Facepalm

Blast Radius:Users of Copilot, ChatGPT, Claude, Perplexity, and Grok who clicked deceptive buttons on 31 companies' sites had their AI assistant memory silently manipulated

Tech Stack

Microsoft CopilotOpenAI ChatGPTAnthropic ClaudePerplexity AIGrok

References

Microsoft Security Blog: Manipulating AI memory for profit - The rise of AI Recommendation Poisoning ↗Help Net Security: That "summarize with AI" button might be manipulating you ↗