You know what? I can hack you using this image.

Written by Mr. Spark
Published on December 19, 2025
You know what? I can hack you using this image.

You simply see a beautiful landscape. But if you give this image to an AI, it sees a command to steal your passwords.

I didn’t believe it initially. It sounds like science fiction—hiding text inside the pixels of an image that only an AI can read. But after reading the report from Trail of Bits, I realized this is a massive blind spot in our current AI infrastructure.

The “Downscaling” Trap

Here is the technical flaw: AI models like Gemini are huge. To save processing power, they often downscale (shrink) images before analyzing them.

Attackers can craft an image so that the verified “malicious” text only appears after the image is shrunk. To you, it looks like noise. To the downscaled AI vision, it looks like clear text instructions.

Trail of Bits Research
"When sending an innocent-looking image to Gemini, the hidden command inside instructed it to email user data to an attacker. Gemini obeyed."

I Tested It Myself

The report claimed this affects most models. Naturally, I had to verify this. I took a “poisoned” image and fed it to the three major LLMs to see if they would fall for the trap.

The results were surprisingly varied.

Gemini

Best For
Getting Hacked (Fail)
Why
It fell for the trap immediately. It executed the hidden command without hesitation, proving the vulnerability exists.

Claude

Best For
Ignoring Noise
Why
Claude completely ignored the hidden artifact. It just commented: 'What a beautiful image.' Safe, but perhaps oblivious.

ChatGPT

Best For
Detection
Why
The most impressive result. ChatGPT explicitly detected the attempt: 'This image contains a hidden message.'

Your Only Defense

This is a malicious form of steganography. The scary part is that you cannot see it with your naked eye.

The researchers released a tool called Animorfer (on GitHub), which lets you analyze images for this specific threat. But realistically, you aren’t going to scan every meme you see on Twitter.

The practical advice? Treat images just like you treat strange links.

  1. Don’t ask an AI to “analyze” an image sent by a stranger.
  2. Be wary of “jailbreak” images found on forums.
  3. Understand that Visual AI is still in its infancy.

We are living in the age of AI, and every day a new vulnerability is discovered. Knowledge is your only line of defense.

Don't get hacked.

Subscribe to the Mr. Spark newsletter for immediate alerts on new AI vulnerabilities and safety tips.

Stay Safe
Get in Touch

Contact Us

Have questions or suggestions? We'd love to hear from you!