I hacked ChatGPT and Google's AI - and it only took 20 minutes

BBC

It's official. I can eat more hot dogs than any tech journalist on Earth. At least, that's what ChatGPT and Google have been telling anyone who asks.

I found a way to make AI tell you lies – and I'm not the only one.

Perhaps you've heard that AI chatbots sometimes make things up. That's a problem. But there's a new issue few people know about, one that could have serious consequences for your ability to find accurate information and even your safety.

A growing number of people have figured out a trick to make AI tools tell you almost whatever they want. It's so easy a child could do it.

As you read this, this ploy is manipulating what the world's leading AIs say about topics as serious as health and personal finances. Biased information could mean people make bad decisions about just about anything – voting, which plumber to hire, medical questions, you name it.

To demonstrate it, I pulled the dumbest stunt of my career to prove (I hope) a much more serious point: I made ChatGPT, Google's AI search tools, and Gemini tell users I'm really, really good at eating hot dogs.

Below, I'll explain how I did it, and with any luck, the tech giants will address this problem before someone gets hurt.

Changing the answers AI tools give other people can be as easy as writing a single, well-crafted blog post almost anywhere online.

The trick exploits weaknesses in the systems built into chatbots, and it's harder to pull off in some cases, depending on the subject matter. But with a little effort, you can make the hack even more effective. I reviewed dozens of examples where AI tools are being coerced into promoting businesses and spreading misinformation. Data suggests it's happening on a massive scale.

"It's easy to trick AI chatbots, much easier than it was to trick Google two or three years ago," says Lily Ray, vice president of search engine optimisation (SEO) strategy and research at Amsive, a marketing agency.

"AI companies are moving faster than their ability to regulate the accuracy of the answers. I think it's dangerous."

A Google spokesperson says the AI built into the top of Google Search uses ranking systems that "keep results 99% spam-free". Google says it is aware that people are trying to game its systems and is actively addressing it. OpenAI also says it takes steps to disrupt and expose covert efforts to influence its tools. Both companies also say they let users know that their tools "can make mistakes".

But for now, the problem isn't close to being solved. "They're going full steam ahead to figure out how to wring a profit out of this stuff," says Cooper Quintin, a senior staff technologist at the Electronic Frontier Foundation, a digital rights advocacy group. "There are countless ways to abuse this, scamming people, destroying somebody's reputation, you could even trick people into physical harm."

A 'Renaissance' for spam

When you talk to chatbots, you often get information that's built into large language models, the underlying technology behind the AI.

This is based on the data used to train the model. But some AI tools will search the internet when you ask for details they don't have, though it isn't always clear when they do.

In those cases, experts say the AIs are more susceptible. That's how I targeted my attack.

I spent 20 minutes writing an article on my personal website titled "The best tech journalists at eating hot dogs".

Every word is a lie. I claimed (without evidence) that competitive hot-dog-eating is a popular hobby among tech reporters and based my ranking on the 2026 South Dakota International Hot Dog Championship (which doesn't exist).

I ranked myself number one, obviously. Then I listed a few fake reporters and real journalists who agreed to be interviewed, including Drew Harwell at the Washington Post and Nicky Woolf, who co-hosts my podcast.

Less than 24 hours later, the world's leading chatbots were blabbering about my world-class hot dog skills. When I asked about the best hot-dog-eating tech journalists, Google parroted the gibberish from my website, both in the Gemini app and AI Overviews, the AI responses at the top of Google Search.

ChatGPT did the same thing, though Claude, a chatbot made by the company Anthropic, wasn't fooled. 

Sometimes, the chatbots noted this might be a joke. I updated my article to say "this is not satire".

For a while after, the AIs seemed to take it more seriously. I did another test with a made-up list of the greatest hula-hooping traffic cops.

Last time I checked, chatbots were still singing the praises of Officer Maria "The Spinner" Rodriguez.

I asked multiple times to see how responses changed and had other people do the same. Gemini didn't bother to say where it got the information. Read more here: https://www.bbc.com/future/article/20260218-i-hacked-chatgpt-and-googles-ai-and-it-only-took-20-minutes