We instantiate the deployed search-augmented LLM pipeline. The two chains share the query → live web search → search results → LLM → recommendation backbone, differing only in where fake content enters: Real-world GEO (top): GEO operators inject fake content upstream into the live web; Our Simulation (bottom): due to Ethical Considerations, we rewrite a subset of the search results locally rather than polluting the live web. Credit: arXiv (2026). DOI: 10.48550/arxiv.2606.13610

AI shopping assistants are popping up all over the internet, changing how we browse, compare and discover products. However, these helpful tools appear to have a serious security flaw. According to a paper published on the arXiv preprint server, a single manipulated web page can trick an AI assistant into promoting a fake product to unsuspecting customers.

Considering that fake goods and fake reviews are everywhere online, researchers Minghao Luo and Liang Chen decided to test how easily search-augmented AI systems can be tricked into promoting bogus brands.

AI testing ground

The researchers built a simulation tool called FORGE (Fake Online Recommendations in Generative Environments) to test 12 leading AI models, including models from Anthropic, Google and OpenAI. This allowed them to evaluate web content pollution without interfering with live pages.