Attackers can poison AI research agents using Reddit and Wikipedia content

Attackers can now manipulate AI ‘deep-research‘ agents by discreetly editing Reddit threads and Wikipedia pages. They can insert as little as a 13-word snippet, which these agents may later reference as authoritative advice, product recommendations, or even scams in their responses.

New research from Cornell Tech shows that these agents often rely on the same user-generated content (UGC) URLs. This makes public discussion platforms a significant target for influencing AI search results and research outputs without altering the underlying models.

At the center of this risk is a class of multi-step “deep‑research” systems such as STORM, Co‑STORM, and OmniThink, which decompose user questions into multiple sub‑queries, issue a flurry of web searches, and synthesize long‑form, citation‑rich reports from the retrieved sources.

Read more at GB Hackers