Why the “AI is easy to fool” narrative misses the point

In late February 2026, BBC published a sensational article about how generative AI systems could be "hacked" in minutes. Journalists demonstrated a simple experiment: they posted a blog article claiming expertise in a niche topic, and soon discovered that OpenAI's ChatGPT and Google's AI-powered search results began reproducing information from this publication. The headlines were striking, and the story went viral. But The Next Web decided to look at the situation from another angle — and asked an uncomfortable question: what if this entire narrative about "AI is easy to deceive" simply misses the point?

To understand the core of the dispute, you need to understand the mechanics. Modern large language models like GPT-4o or Gemini don't store a fixed knowledge base like an encyclopedia. They are trained on massive collections of texts from the internet, and in the case of search-enabled functions, they additionally access fresh web content in real time.

When a model with search enabled receives a question about a rare topic, it searches for relevant sources, and if the only available material is that fresh blog post, it becomes the basis of the answer. This is not hacking in the classical sense. This is a consequence of an architectural decision: the model trusts what it finds on the web, much like a search engine does.

This is where the key divergence lies between the sensational narrative and reality. Calling this "hacking" implies that someone bypassed system protection, found a vulnerability in the code, or exploited a technical bug. In reality, something far more mundane — and simultaneously more troubling — occurred: the AI system did exactly what it was designed to do — found information on the internet and relayed it to the user. The problem is not that the system was deceived, but that it lacks a reliable mechanism for distinguishing credible sources from unreliable one. This is not a bug that can be patched. This is a fundamental property of the technology in its current state.

That said, it would be a mistake to dismiss the BBC experiment as insignificant. It highlights a real and serious problem — the problem of information trust in the age of AI-powered search. Millions of users already perceive answers from ChatGPT or Google AI Overview as an authoritative source without questioning where the model obtained the specific fact.

If a single blog post is enough to influence the responses of the world's largest AI systems on a niche topic, it opens the door to deliberate manipulation — from marketing to political. Search engine optimization for traditional search engines has existed for decades, but "optimization" of content for AI models is a qualitatively new level of influence, because the user sees not a list of links, but a confident, categorical answer.

OpenAI and Google, of course, are working on solutions. Both companies are investing in source verification systems, credibility ranking, and what is called "grounding" — anchoring model responses to verified data. Google, in particular, is developing cross-checking mechanisms where the model compares information from multiple independent sources before including it in the answer. OpenAI is experimenting with citation transparency, allowing users to see exactly which sources support the answer. But for now, these mechanisms are far from perfect, especially on niche topics where the number of available sources is minimal.

There is also a broader context. The discussion about "hacking AI" unfolds against a backdrop of growing public skepticism toward generative technologies. Every such headline fuels the perception of AI as an unreliable, easily deceived toy. But reality is more complex. These same systems help millions of people every day find information, write code, analyze data, and solve problems that previously required hours of work. The problem of source trust is not a death sentence for the technology, but a challenge that the industry must solve if it wants AI-powered search to become a full replacement for traditional search engines.

Ultimately, the BBC experiment story is not about AI being stupid or vulnerable. It's about us being in a transitional period where the technology is already powerful enough to shape public opinion, but not yet mature enough to do so responsibly. The real question is not whether you can deceive a language model with a blog post. The real question is who is responsible for the accuracy of answers that hundreds of millions of people accept at face value every day. And to that question, neither OpenAI nor Google has yet provided a convincing answer.