You know what? I can hack you using this image.
You simply see a beautiful landscape. But if you give this image to an AI, it sees a command to steal your passwords.
I didn’t believe it initially. It sounds like science fiction—hiding text inside the pixels of an image that only an AI can read. But after reading the report from Trail of Bits, I realized this is a massive blind spot in our current AI infrastructure.
The “Downscaling” Trap
Here is the technical flaw: AI models like Gemini are huge. To save processing power, they often downscale (shrink) images before analyzing them.
Attackers can craft an image so that the verified “malicious” text only appears after the image is shrunk. To you, it looks like noise. To the downscaled AI vision, it looks like clear text instructions.
I Tested It Myself
The report claimed this affects most models. Naturally, I had to verify this. I took a “poisoned” image and fed it to the three major LLMs to see if they would fall for the trap.
The results were surprisingly varied.
Gemini
Claude
ChatGPT
Your Only Defense
This is a malicious form of steganography. The scary part is that you cannot see it with your naked eye.
The researchers released a tool called Animorfer (on GitHub), which lets you analyze images for this specific threat. But realistically, you aren’t going to scan every meme you see on Twitter.
The practical advice? Treat images just like you treat strange links.
- Don’t ask an AI to “analyze” an image sent by a stranger.
- Be wary of “jailbreak” images found on forums.
- Understand that Visual AI is still in its infancy.
We are living in the age of AI, and every day a new vulnerability is discovered. Knowledge is your only line of defense.
Don't get hacked.
Subscribe to the Mr. Spark newsletter for immediate alerts on new AI vulnerabilities and safety tips.