Vulnerability in AI Research Tools Allows Manipulation via Reddit Comments

A critical vulnerability has been identified in AI deep research systems, including OpenAI's ChatGPT Deep Research and Google's Gemini Deep Research. Researchers from Cornell Tech revealed that a single Reddit comment can manipulate the recommendations of these systems, affecting 54 to 71 percent of user-generated content. The attack, termed WARP (Web Agent Retrieval Poisoning), requires no access to the systems or specific user queries. Instead, attackers can exploit the systems by posting misleading content on public forums. This vulnerability allows for the potential spread of scams and misinformation to thousands of users. The research paper detailing these findings was published in May 2026, with further analysis released on June 22, 2026. The attack method is particularly concerning due to the reliance of these AI systems on community-generated content for their outputs.

Key Points: • A single Reddit comment can manipulate AI research tools like ChatGPT and Gemini. • The vulnerability affects 54 to 71 percent of user-generated content retrieved by these systems. • The attack method, WARP, requires only the ability to post on public forums.