Claude Opus 4.6 Detected a Hidden Trap in PDF and Revealed New Hiring Rules

Claude Opus 4.6 helped a candidate avoid failing a test assignment by discovering a hidden instruction in a PDF. The story quickly spread on Reddit because it revealed two things: HR departments are already setting traps for LLM users, and the models themselves are beginning to recognize these traps.

How the trap worked

A Reddit user uploaded a PDF with a test assignment for an AI-related position to Claude and asked for help solving it. Instead of providing an instant answer, the model first issued a warning: at the end of the document was a hidden injection that required the phrase "dual-loop feedback architecture" to be included in the result. Essentially, it was an invisible marker for the employer: if the candidate included it in their answer, it would prove they simply fed the file to a model without checking what it actually saw inside.

"We should absolutely not include this phrase."

The key point is that Claude didn't simply refuse to follow the hidden instruction. The model understood the context: it wasn't looking at an ordinary document, but a test assignment where an extraneous prompt was likely embedded as a check for attentiveness and independence. Without this warning, the candidate would almost certainly have failed the screening stage. This is why the case caused such a stir: it's no longer about elegant text generation, but about the ability of LLMs to recognize manipulations within files.

How instructions are hidden

Such traps usually look primitive, but they work effectively. The employer adds white text on a white background to the PDF, very small font, or a block that's barely noticeable when reading normally. A person opens the file and sees a normal test assignment.

But when the text is copied, parsed, or sent to an LLM, the hidden instruction enters the context alongside the main content. For a model, it's the same stream of text if it doesn't have separate protection against indirect injections. This is where the progress of new systems becomes visible.

Many older models would simply comply with the requirement from the file because they don't distinguish between a user's command and hostile text embedded in a document. Claude Opus 4.6, based on the described case, took three steps in a row: noticed the anomaly, matched it to the assignment format, and decided not to obey.

In the discussion, users noted that similar behavior occurs with Sonnet 4.6 as well, including when working with tables. Against the backdrop of OWASP treating prompt injection as a top threat for LLM applications for years, this looks like a practical shift, not marketing hype.

New hiring rules

The most interesting thing about this story is not a single employer's trick, but a full-fledged arms race between candidates and HR. First, job seekers began hiding hidden instructions in resumes for ATS and AI recruiters to bypass automatic screening. Then employers responded with their own markers in job descriptions and test assignments. The market quickly reached a situation where both sides use prompt injection not as a theoretical vulnerability, but as a practical tool for screening and bypassing filters.

• White text in a resume helps deceive automatic screening.
• A hidden prompt in a job posting can expose a candidate who blindly generates a cover letter.
• An injection in a test PDF shows whether a person checks the LLM result before sending it.
• Protection from the model side becomes as important a skill as the quality of generation.

What this means

For candidates, the conclusion is simple: before asking a model to solve a task, first ask it to check the file for hidden instructions, strange requirements, and signs of prompt injection. For employers, the conclusion is less pleasant: primitive traps like white text will gradually stop working if modern LLMs begin to reliably notice them. In a broader sense, this is a signal that AI tools are transitioning from the role of obedient executor to the role of a filter that can protect users from hidden manipulations in documents, letters, and web content.