A viral LinkedIn stunt turned recruiter outreach into Olde English, but the joke lands because the weakness is real.
A LinkedIn user has turned a hidden line in a profile bio into a working prompt injection attack, and the result was exactly the kind of absurdity that makes the point stick. Recruiter bots reportedly began writing outreach in Olde English and addressing the target as "My Lord," a prank that spread quickly on Reddit's r/technology and other social feeds over the weekend.
The comedy matters less than the mechanism. What the stunt exposed is a basic failure mode in agentic hiring systems, where text from a public profile is copied into an AI workflow and treated as something closer to instructions than data. That is the core problem with prompt injection, and OWASP still lists it as LLM01, the top risk in its 2025 security guidance for large language model applications.
The attack works because many AI tools do not really distinguish between trusted instructions and untrusted content once everything is inside the same prompt. If a recruiting system scrapes a profile, summarizes it, and then uses that same text to draft an email, a malicious sentence hidden in the source can hijack the output. That is not a LinkedIn bug. It is a pipeline design problem.
Recent posts and write-ups on the incident describe the hidden text as telling any AI reader to speak only in Old English and to address the user as "my lord" or similar phrasing. A Tom's Hardware report said the outreach email echoed that instruction, while the Reddit post that pushed the story into wider circulation framed it as a live demonstration of how recruitment bots can be steered by profile text.
That is why the story resonates with engineers and founders. It is simple enough to understand in one glance, yet it maps directly onto a broader class of failures that already shows up in browsing assistants, customer support bots, and internal copilots. If a system ingests user-generated content and then acts on it, the system is exposed.
The recruiting stack is the point
The risk grows as hiring tools become more automated. Recruiting platforms increasingly promise to scan profiles, rank candidates, and generate personalized outreach at scale, which means they often sit on a chain of scraping, prompt composition, and outbound messaging. Each step expands the attack surface. A single poisoned bio can influence a message, a score, or a workflow decision if the system is built carelessly.
That is why this is more than a viral prank. In the best case, the output looks goofy and the recruiter laughs. In the worst case, an agent could leak internal instructions, send malformed messages, or be steered into revealing information it should never disclose. The security lesson is the same one security teams keep repeating across the LLM space: do not trust content just because it looks like plain text.
There is also a founder lesson here. A startup that drops AI into any workflow involving resumes, bios, applications, tickets, emails, or documents has created a system that will eventually see adversarial input. Treating that input as harmless because it came from a professional profile is wishful thinking. Users can and will write text specifically to influence model behavior.
What builders should do
The fix is not mystical, but it does require discipline. OWASP and Cloudflare both recommend keeping external content isolated from instructions, using explicit boundaries between data and system prompts, and adding guardrails that block suspicious output patterns before anything is sent. That means raw scraped text should be treated as hostile by default, not folded into a prompt as if it were part of the operating policy.
Builders should also constrain what an agent can do once it reads untrusted text. If a model is allowed to draft an email, summarize a profile, or trigger a tool, the action should be sandboxed, logged, and reviewed when it comes from external content. In practice, that means prompt hygiene, output validation, allowlists for tools, and a human in the loop for high-risk steps. The goal is not to make injection impossible. It is to make the damage containable.
The deeper point is that this story is a reminder, not a curiosity. AI systems are being wired into business processes faster than most teams are hardening them, and hiring is one of the easiest places to get complacent because the inputs look ordinary. A LinkedIn bio is not just a bio once a bot is reading it. It becomes an untrusted payload.
Also read: Yum Brands is putting Nvidia AI into 500 restaurants • AI backlash is moving from niche anger into the mainstream • AI backlash is moving from Reddit into real business risk
