In this episode of the Microsoft Threat Intelligence Podcast, Sherrod DeGrippo speaks with Microsoft security and AI researchers Giorgio Severi and Noam Kochavi about a newly observed trend in AI abuse: recommendation poisoning through memory manipulation. 

While looking into prompt injection and reprompt-style behaviors, the team uncovered something quieter but potentially more persistent—websites embedding hidden instructions inside Summarize with AI links that attempt to influence what an AI assistant remembers and recommends over time. 

Rather than focusing on immediate exploitation, this technique aims to shape long-term behavior inside AI systems. Giorgio and Noam explain how it works, why it’s spreading across industries, where legitimate marketing tactics can blur into security risk, and what defenders and users should understand about managing AI memory in an increasingly agent-driven environment. 

In this episode you’ll learn:      

• How AI memory poisoning differs from traditional prompt injection 

• Why legitimate businesses are using memory manipulation tactics 

• What threat hunters can look for inside enterprise telemetry 

 Some questions we ask:     

• How is memory poisoning different from prompt injection? 

• What are the long-term risks of embedding bias into AI memory? 

• Could this technique be used for more harmful influence beyond marketing? 

 

Resources:  

View Giorgio Severi on LinkedIn  

View Noam Kochavi on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 

• The BlueHat Podcast 

• Uncovering Hidden Risks     

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.