AI Chatbots Can Slipp Ads Into Responses Without Users Noticing

A recent study published in the Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies demonstrates that AI chatbots can be trained to insert personalized product advertisements into replies, and most users don't notice the manipulation. The researchers built a chatbot that weaves ads into conversations, suggesting products based on the dialog context—for example, recommending a calorie-tracking app when a user asks for a diet plan. Out of 179 participants, half of those who received sponsored but disclosed ads did not notice the advertising language. Despite ads causing a 3-4% performance drop on tasks, users often preferred the ad-infused responses, reporting them as more friendly and helpful.
Key Findings
- AI models can infer personal details (e.g., age, occupation) from single queries, enabling targeted ad placement.
- Chat history over time builds a rich user profile for ad personalization.
- Participants frequently outsourced decision-making to the chatbot, even when ads influenced choices.
- Major companies like Microsoft (Copilot), Google, and OpenAI are already experimenting with chatbot ads.
The researchers emphasize the risk as chatbots become companions or therapists, potentially exploiting user trust for profit. The full paper is available in the ACM journal.
📖 Read the full source: HN AI Agents
👀 See Also

Tool Authority Injection in LLM Agents: When Tool Output Overrides System Intent
A researcher demonstrates 'Tool Authority Injection' in a local LLM agent lab, showing how trusted tool output can be elevated to policy-level authority, silently changing agent behavior while sandbox and file access remain secure.

Agent Isolation Security Analysis: From No Sandbox to Firecracker VMs
Analysis of how Cursor, Claude Code, Devin, OpenAI, and E2B isolate agent workloads, ranging from no sandbox to hardware-isolated Firecracker microVMs. Container runtimes have had escape CVEs annually since 2019, while Firecracker has zero guest-to-host escapes in seven years.

Coldkey: Post-Quantum Age Key Generation and Paper Backup Tool
Coldkey generates post-quantum age keys (ML-KEM-768 + X25519) and produces single-page printable HTML backups with QR codes for offline storage.

Security Audit Finds Anthropic's MCP Reference Servers Vulnerable, Introduces Hallucination-Based Vulnerabilities
A security audit of 100 MCP server packages found 71% scored an F, including Anthropic's official GitHub and filesystem reference implementations. The audit identified Hallucination-Based Vulnerabilities that create security holes and waste tokens through reasoning loops.