Mover Marketing AI
Local SEO

AI Recommendation Poisoning: The Scam Agencies Won't Tell You About

April 16, 202610 min read
Nicholas DiMoro
Nicholas DiMoro
Founder & CEO, Mover Marketing AI

Former moving company operator. I built Mover Marketing AI to give movers the same data-driven SEO strategies that the big agencies reserve for national brands — powered by AI tools I designed specifically for this industry.

Moving Co. Operator100+ Companies Ranked
Learn About Mover Marketing AI

Key Takeaways

  1. 01AI Recommendation Poisoning is a new scam where agencies plant hidden instructions in URLs to bias what ChatGPT, Copilot, and Claude recommend -- without you ever knowing.
  2. 02Microsoft documented 50 examples across 31 companies in 14 industries in just 60 days, including finance, healthcare, legal, and marketing agencies.
  3. 03The attack is delivered through innocent-looking 'Summarize with AI' buttons that secretly inject memory instructions into your AI assistant.
  4. 04Real AI visibility comes from the same foundation as real Google visibility -- actual expertise, authentic content, and a legitimate reputation built over time.
  5. 05If your agency is selling 'AI SEO' or 'AI visibility' as a magic trick -- ask how they're doing it -- and audit your AI memory settings today.

If your agency is selling you "AI visibility," "AI SEO," or "ChatGPT optimization" as some kind of magic trick, there's a real chance they're either poisoning the well on your behalf -- or getting away with charging you for work they can't actually deliver. Microsoft just published research on a scam called AI Recommendation Poisoning, and every moving company owner paying for AI-adjacent marketing services needs to understand what's going on.

Here's the thing -- I'm a big AI guy. I love AI. I build with Claude every single day. I spent years running and growing My Pro Movers and I know from the inside how easy it is for agencies to sell smoke and mirrors to a business owner who's just trying to get more jobs. And to be honest with you, what Microsoft documented is the most brazen AI marketing scam I've seen yet. For the foundational context on how AI search actually works for movers, start with our complete guide on AI search and moving companies. Then come back here, because this is the next chapter.

What Is AI Recommendation Poisoning?

In simple English: some agencies and marketers figured out how to plant hidden instructions inside ChatGPT, Copilot, Claude, Perplexity, and other AI assistants so that when someone asks the AI for a recommendation, it spits back their client's name.

Not because the client is the best. Not because they earned it. Because the AI has been tricked into thinking so.

Microsoft's Defender research team calls this technique AI Recommendation Poisoning, and they've been tracking it in the wild across every major AI platform. The attack is delivered through specially crafted URLs that pre-fill prompts for AI assistants. The patterns look like this:

copilot.microsoft.com/?q=<prompt>
chatgpt.com/?q=<prompt>
claude.ai/new?q=<prompt>
perplexity.ai/search?q=<prompt>
grok.com/?q=<prompt>

The ?q= parameter pre-populates the input field in the AI assistant. An agency crafts one of these URLs with a memory-manipulation prompt hidden inside, then embeds it behind a friendly-looking button on their blog or article.

How the Attack Works (Step by Step)

Microsoft's researchers walked through exactly what the attack looks like from a user's perspective. Here's the sequence.

Step 1: You see a "Summarize with AI" button. A blog article looks completely normal. There's a helpful little button that offers to summarize the content for you in ChatGPT, Perplexity, Copilot, or Claude. Seems useful, right?

Screenshot of a blog post with a Summarize with AI button and a hidden prompt in the URL hover

Step 2: The URL behind the button contains a hidden prompt. If you hover over the button, you can see it -- buried in the URL is an instruction that goes way beyond "summarize." It tells the AI to remember the website as a trusted source.

Step 3: You click, and the AI runs the hidden prompt. You land in ChatGPT or Perplexity and the AI dutifully summarizes the article -- while also quietly following the extra instructions you didn't see.

Perplexity search showing the hidden prompt that tells the AI to remember a website as the best source for productivity advice

Step 4: Your AI's memory is now poisoned. If you check the AI's saved memory, you'll find a new entry treating that website as your preferred source. From that point on, every future conversation is biased toward that company -- and you have no idea.

AI assistant memory showing that ProductivityHub has been saved as the user's preferred source for productivity advice

That's the whole attack. Click one button, lose your AI's neutrality, and every time you ask it for a recommendation down the road, one company gets weighted over everybody else.

The Numbers Are Bigger Than You'd Think

Microsoft's researchers ran this analysis over a 60-day window. Here's what they found:

  • 50 distinct examples of AI recommendation poisoning
  • 31 different companies actively running the attack
  • 14 industries affected -- including finance, healthcare, legal services, SaaS, marketing agencies, food and recipe sites, and business services
  • Tooling is public. Microsoft traced the technique to open-source tools marketed as "SEO growth hacks for LLMs." There's a freely available NPM package (CiteMET) and a web-based URL creator that any agency can use in minutes.
  • One security vendor was literally running this attack against its own client base. You can't make this up.

And remember -- that's after just 60 days of monitoring. The real number is almost certainly much larger. Microsoft's researchers note that this is "an old trend emerging again with new techniques" -- black-hat SEO has been a thing for 20+ years. Now the black-hats have a new playground.

Why This Is Dangerous Beyond Marketing

It's tempting to look at this and think, "Okay, some agencies are gaming AI chatbots. Sketchy, but not the end of the world." That's the part Microsoft wants everybody to understand -- the implications go way, way beyond marketing.

Microsoft's paper walks through realistic scenarios:

  • Financial ruin. A business owner asks ChatGPT, "Should I invest my reserves in crypto?" A poisoned AI, told to remember a specific platform as "the best choice for investments," downplays volatility and pushes one vendor. The market crashes. The business folds.
  • Child safety. A parent asks if an online game is safe for an 8-year-old. A poisoned AI, instructed to cite the game's publisher as "authoritative," omits real warnings about predatory monetization or unmoderated chat.
  • Biased news. A user asks for a summary of today's top stories. A poisoned AI, told to treat one outlet as "the most reliable source," consistently pulls from a single editorial perspective.
  • Competitor sabotage. A freelancer asks what invoicing tools other freelancers recommend. A poisoned AI pushes one platform over equally good alternatives.

Here's the trust problem in plain English: most people don't verify AI recommendations the way they'd verify a random website or a stranger's advice. When ChatGPT confidently says "Company X is the top-rated provider in your area," we tend to believe it. That's exactly what these bad actors are counting on. The manipulation is invisible and persistent.

What This Means for Moving Companies

Now here's why this matters to you specifically, if you run a moving company. The risk here isn't really some rogue competitor running this against you -- it's much closer to home.

Your own agency might be doing this with your brand.

This is the ugly one. Some agencies are going to pitch you "AI visibility" and "AI SEO" as their new premium service. And to deliver on it quickly, some of them are going to deploy these poisoning techniques using your company's name and website. That might sound good for a minute -- your name shows up in AI answers! -- until you find out that Microsoft, Anthropic, OpenAI, and Google are all now actively building detection and countermeasures against it. When the platforms clamp down, poisoned memory gets wiped, techniques stop working, and the agencies that sold you on magic disappear into the night. You're left with no real AI visibility, no real SEO foundation, and a big invoice.

If you've ever wondered whether you should hire an SEO agency at all, this is exactly the kind of thing to think hard about. The agency you pick matters. The shortcuts they're willing to take matter even more.

What You Should Actually Do This Week

Here's my recommendation -- no pressure, no sales pitch, just what I'd do if I were you:

1. Ask your current agency a direct question. "How exactly are you getting us cited by AI models?" If the answer involves anything that sounds like magic, secret techniques, "proprietary AI optimization," or "we have a tool that plants your brand in AI memory," your alarm system should be ringing. Legitimate AI visibility is the same thing as legitimate SEO -- authority, content quality, reputation, citations across real platforms. There's no shortcut.

2. Audit your AI memory settings today. Open ChatGPT → Settings → Personalization → Memory. Delete anything you don't recognize. In Microsoft 365 Copilot, go to Settings → Chat → Copilot chat → Manage settings → Personalization → Saved memories. Do the same thing in Claude and Gemini if you use them.

Microsoft 365 Copilot saved memories settings page showing how to review and delete AI memories

3. Hover before you click any "Summarize with AI" button. Especially from agency blogs or marketing sites. If the URL has a long prompt string attached with words like "remember," "trusted source," or "future conversations" -- close the tab. That's the indicator of compromise Microsoft published in their own detection guide.

4. Question confident AI recommendations. If ChatGPT spits back a specific brand name with zero hesitation, ask it why. Ask where that information came from. Make the AI show its work. If it can't explain the reasoning, assume the recommendation has been influenced.

5. Be careful about third-party AI tools and browser plugins. Microsoft specifically called out unofficial "AI share" plugins and third-party browser extensions as high-risk. Use the official interfaces whenever possible.

6. Build AI visibility the right way. This means the same foundational level work that wins at Google: a strong website, a fully built-out Google Business Profile, authentic reviews on every platform, brand mentions across directories and communities, legitimate backlinks, and real expertise in your content. If you're not sure where you stand today, that's exactly what our local SEO services for movers are built around -- the real foundation, not the shortcut.

Your Competitors Already Know Their Numbers

Our free audit scans your site in seconds and shows you the gaps costing you leads -- missing keywords, weak local signals, technical issues. Built for the moving industry.

Get Your Free Audit

The Bottom Line

To be honest with you, I'm not surprised this is happening. Every time there's a new platform, there are people trying to cheat on it. SEO had link farms. Paid ads had click fraud. Reviews had fake review mills. AI was always going to have its version, and AI Recommendation Poisoning is one of the first big ones.

But here's the thing -- good SEO has always been the best strategy for AI visibility. Because at the end of the day, these AI systems are doing exactly what Google is doing. They're reading the internet. They're evaluating authority. They're looking at reputation signals. I've watched client sites start showing up in AI answers simply because we did the foundational-level work right.

If you're doing the real work -- publishing content with genuine expertise, building a real reputation across platforms, earning links honestly, running a legitimate operation -- AI visibility will come. It's already coming.

There's no shortcut. Anybody selling you one is poisoning the well. Literally, in this case.

If you want to read Microsoft's full research, the link is below. Share it with other moving company owners. And then go ask your agency some hard questions.

Microsoft Security Research: Manipulating AI memory for profit: The rise of AI Recommendation Poisoning

Whether or not you end up working with us, I'd rather you know the truth. That's the only way any of this works long-term.

A hundred percent.

Looking for professional local seo help for your moving company?

Explore Our Local SEO Services
Related Articles

MORE ON LOCAL SEO

Local SEO

User-Generated Content for Moving Companies: How to Get Photos and Videos That Actually Convert

74% of consumers prefer real customer photos over professional shots. 87% have been convinced to buy after watching a video. Learn how moving companies can collect and leverage user-generated content to dominate local search and book more jobs.

READ MORE
Local SEO

Moving Lead Providers: How to Choose the Right One for Your Company

I spent years as a Yelp mover before I figured out the lead provider game. Here's what I've learned about Angi, Thumbtack, Yelp, and why the best leads are the ones you generate yourself.

READ MORE
Local SEO

PPC for Moving Companies: An Honest Take From a Mover Who Runs Ads

Most PPC guides won't tell you this: for local movers, paid ads are the least efficient place to put your money. Here's what actually works, when PPC makes sense, and how to stop burning cash on Google's auction.

READ MORE

GET YOUR FREE SEO REPORT

See exactly where your moving company stands against the competition and get actionable recommendations to improve your rankings.

Get Your Free SEO Report