In our increasingly automated world, we rely on artificial intelligence (AI) more than ever. From medical diagnoses and financial decisions to the daily choices of what we eat, watch, and read—AI is everywhere. Our trust in this technology seems limitless. But what if that trust is not only at risk from the AI itself but also from our ability to manipulate it?
The greatest threat of AI is not necessarily its potential to make mistakes or spiral out of control. No, the danger lies in a phenomenon we seldom consider: the subtle and systematic undermining of AI by humans. This is not a dystopian future scenario but a real and present risk.
To better understand this, I have developed a set of terms and acronyms to highlight where these risks lie. These concepts shed light on how AI is not just a tool but also a target for manipulation, with potentially far-reaching consequences.
The Tools of Manipulation and Sabotage
Here are four key concepts that expose the risks: AIRO, AII, MoM, and PoM. Each of these terms refers to a specific method by which people can intentionally influence, manipulate, or even sabotage AI systems.
AIRO (AI Response Optimization): This concept describes how users can deliberately manipulate AI systems by cleverly crafting prompts or input. While it might seem like “optimizing” AI responses, it can quickly turn into sabotage. For example, creating absurd or harmful output by steering a model to exceed its boundaries. AIRO reveals how even subtle human interventions can have significant consequences for the reliability of AI.
AII (AI Influencers): This refers to the reverse influence—not AI influencing humans, but humans manipulating AI systems to exert influence themselves. This can be done by intentionally feeding false data into AI systems or training them to spread misinformation. AII exposes how vulnerable AI is to coordinated campaigns that distort its “truth mechanism.”
MOM (Mass Oriented Manipulation): This concept describes the power of mass influence. MoM refers to situations where large numbers of users, coordinated or not, overwhelm an AI with specific input. Quantity over strategy. As AI learns from its interactions, targeted and malicious input can lead to incorrect assumptions or unexpected patterns. A classic example is the sabotage of Microsoft’s Tay chatbot, which began making racist and offensive statements within a day due to mass negative input.
POM (Parrallel Orchestrated Manipulation): PoM is the more strategic version of MoM, where groups of people or bots intentionally collaborate to manipulate or completely undermine an AI system. These swarm tactics can destabilize or even render AI systems useless by flooding them with inaccurate, harmful, or nonsensical input. PoM poses a direct threat to any AI system reliant on scalable interactions.
From Idea to Practice: DASA and SAIS
In addition to these four concepts, two specific attack methods expand on these principles:
SAIS (Swarm AI Sabotage): SAIS takes this a step further by deploying a swarm of bots or people to simultaneously sabotage AI systems. This tactic doesn’t just overwhelm with input but strategically influences AI output, for instance, by generating large volumes of false data.
DASA (Distributed AI Sabotage Attack): This is an attack where AI systems are overwhelmed with irrelevant or misleading input, similar to a traditional DDOS attack. However, instead of overloading a network, it targets the “mind” of the AI. The goal: to completely undermine the reliability of AI and destroy societal trust in the technology.
Why This Matters?
We increasingly trust AI for critical applications: medical advice, legal decisions, and even moral questions. But what happens when an AI is sabotaged? What if bad actors influence the system to produce incorrect or dangerous answers? The danger is not only technological but also societal: our trust in AI could evaporate if it can no longer be relied upon.
This calls for action—now. How do we protect AI systems from DASA, SAIS, and the broader risks of AIRO, AII, MOM, and POM?
What do you think: How do we build AI that is resilient to manipulation without leading to censorship or a loss of openness?
Maarten Meijer — an Imaginologist. A conceptual thinker who moves between creativity, systems and strategy. I design visions, frameworks and futures that challenge the expected and open new possibilities.
My mission is simple: To initiate creation.
By disrupting fixed patterns, I help people think differently — to imagine what could be, and make it real.