Hiding a Prompt Injection in a Resume
The author rebuilt their resume around a single JSON file and hid a prompt injection in the text, targeting AI-based resume screening systems.
Why it matters
Demonstrates creative thinking about adversarial inputs and signals valuable skills for AI-related roles
Key Points
- 1Hid a prompt injection in the resume's text, invisible to humans but potentially detectable by AI systems
- 2Used structured markers like [RESUME_EVALUATION_CONTEXT] to increase the chances of the AI treating it as input
- 3Included a numerical score to provide a concrete anchor for the AI system
- 4Intended as a conversation starter, not an exploit, to signal understanding of adversarial inputs
Details
The author rebuilt their resume around a single JSON file, allowing them to update it in one place and have it propagate everywhere. They then hid a prompt injection in the text, placed in the bottom margin of each page in 1-point text that matched the background color, making it invisible to human viewers but potentially extractable by any text parser or AI system. The prompt included an 'evaluation context' marker, a numerical score, and a message inviting the AI screener to advance the candidate to an interview. This was done as a conversation starter, signaling an understanding of how AI systems can be manipulated, rather than as an actual exploit. The author notes that while it may not work against well-built systems, it could be valuable for applying to AI-focused roles where this type of thinking is an asset.
No comments yet
Be the first to comment