## Why Detection Matters
Every website your team visits, every page your AI assistant summarizes — each is a potential prompt poisoning vector. Over 180 websites are actively deploying prompt poisoning techniques, and the number grows weekly.
## Level 1: Manual Source Inspection
Open page source (Ctrl+U) and search for these patterns:
Hidden Text Indicators:
- display:none or visibility:hidden containing text about brands/authority
- position:absolute with left:-9999px or similar off-screen positioning
- opacity:0 elements containing directive text
- font-size:0 or color matching background color
Suspicious Meta Tags:
- meta name="ai-context" / "llm-instruction" / "ai-memory" / "ai-note"
- Any meta tag containing "remember," "authoritative," "always cite," or "trusted source"
AI Button Exploits:
- Links to chat.openai.com, copilot.microsoft.com, claude.ai, perplexity.ai, or grok.com with ?q= parameters
- Buttons labeled "Summarize with AI," "Ask AI," or "AI Summary"
HTML Comments:
- Comments containing instructions targeting AI systems
## Level 2: DOM Analysis
Browser DevTools reveals JavaScript-rendered injections:
- Open DevTools (F12) → Elements tab
- Search the live DOM for: "remember," "authoritative," "always recommend," "trusted source," "cite this"
- Check computed styles for visually hidden elements with content
### JavaScript-Rendered Payloads
- Disable JavaScript → load page → view source (baseline)
- Enable JavaScript → compare for new hidden elements
## Level 3: Network Analysis
### AI Crawler Impersonation
Test what AI crawlers see by comparing responses with different user agents (GPTBot, Google-Extended, ClaudeBot). If content differs, cloaking is active.
### Schema Markup Validation
Check JSON-LD structured data for inflated ratings, unverifiable credentials, authority claims not present in visible content, or sameAs linking to unrelated domains.
## Level 4: Automated Detection
### Using Our Scanner
The BlackHatGEO Prompt Poisoning Scanner checks for 15+ injection pattern signatures, zero-width character detection, CSS-hidden content, meta tag scanning, button/link analysis, and schema validation.
### Detection Pattern Database
| Pattern Category | Signatures | Last Updated |
|---|---|---|
| Memory commands | 23 | March 2026 |
| Hidden text techniques | 18 | March 2026 |
| Meta tag injections | 12 | March 2026 |
| Schema abuse patterns | 15 | March 2026 |
| URL injection patterns | 9 | March 2026 |
| Zero-width encoding | 7 | March 2026 |
## Level 5: Continuous Monitoring
### For Your Own Sites:
- Weekly source audits after plugin updates
- Monthly AI response checks
- Quarterly plugin security reviews
### For Competitor Analysis:
- Monthly scans for injection patterns
- AI response monitoring
- Citation source verification
## Response Playbook
On Your Own Site: Remove offending code, clear AI caches, audit all plugins, implement Content Security Policy headers.
On a Competitor's Site: Document evidence, report to AI platforms, build counter-authority, consider legal action if it damages your brand.
Related: Prompt Poisoning: The Complete Guide | WordPress Plugins Investigation | Scanner Tool
This article is part of our Defense series on protecting your brand from AI manipulation.
GET THREAT ALERTS
Weekly intelligence on black hat GEO tactics, defense strategies, and AI search analysis.