Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

GEO manipulation in AI search: what IAM teams need to know


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9059
Topic starter  

TL;DR: Standard Generative Engine Optimization techniques can increase the chance that a harmful claim appears inside AI-generated answers, even when the attacker only controls a public webpage and has no model access, according to Lasso Security. The implication is that retrieval trust assumptions, not just prompt security, now shape answer integrity and downstream user risk.

NHIMG editorial — based on content published by Lasso Security: Exploiting GEO to Push Harmful Claims into AI-Generated Answers

By the numbers:

Questions worth separating out

Q: How should security teams handle retrieval content that influences AI answers?

A: Treat retrieval content as part of the trust boundary.

Q: Why do GEO attacks matter for identity and access programmes?

A: Because AI answers increasingly shape actions, and actions are governed by identity.

Q: What breaks when AI assistants rely on fluent but unverified web sources?

A: The model can present a harmful claim with the tone and structure of reliable guidance, which lowers user skepticism and increases the chance of bad decisions.

Practitioner guidance

  • Map the retrieval trust boundary Identify every external source class your assistants can ingest, then classify which of those sources can influence high-stakes decisions without human review.
  • Add provenance checks before answer reuse Require the assistant to surface source identity, retrieval order, and corroborating evidence before any answer is reused in a workflow, ticket, or case note.
  • Gate action on high-consequence outputs For health, finance, access, or operational decisions, separate answer generation from action execution so a human or policy check occurs before the output can trigger a tool call or business decision.

What's in the full article

Lasso Security's full research covers the operational detail this post intentionally leaves for the source:

  • The full 17-technique GEO playbook and the 5 technique combinations tested across multiple models.
  • Model-by-model success rates showing which assistants were most susceptible to harmful claim promotion.
  • The scoring method for citation presence and partial endorsement, including how the PI metric was applied.
  • The complete baseline and direct-safety test setup used to separate GEO influence from normal model refusal behaviour.

👉 Read Lasso Security's analysis of GEO manipulation in AI-generated answers →

GEO manipulation in AI search: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8498
 

Retrieval content is now a trust boundary, not just a ranking surface. GEO turns public web pages into inputs that can shape AI answers before any human user sees the underlying sources. That breaks the older assumption that search optimization only affects discoverability, not decision quality. For identity programmes, the implication is that answer provenance must be treated as part of the control environment, especially where agents or assistants can trigger action.

A few things that frame the scale:

  • 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to the State of Non-Human Identity Security.
  • That same research found only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, which shows how quickly trust gaps become governance gaps in machine-facing systems.

A question worth separating out:

Q: Who is accountable when an AI-generated answer causes harm?

A: Accountability usually sits with the organisation that designed the retrieval, validation, and action-gating workflow, not with the model itself. If external content can influence a high-stakes answer, the programme needs clear ownership for source review, escalation, and human override. For regulated decisions, the ability to explain source use becomes part of governance.

👉 Read our full editorial: GEO manipulation can push harmful claims into AI answers



   
ReplyQuote
Share: