Hey there!

Why I’m Writing This

The past few month a lot of customers and lead are continuous asking to rank higher in AI search engines.

So, ofc we put hands in work to research all the techniques to rank high and create our own heavy “GEO checklist”. I’ve been geeking out over how AI answer engines (ChatGPT, Perplexity, Google AI Overviews, etc.) keep stealing the top of the page. But with my cyber mindset always on i found a lot of posible complications in the future when this type of searches arrive to the mainstream. Below I wrote some reflections in the perspective of trust, security and IP.

But wait… What is GEO?

GEO, Generative Engine Optimization = convincing large-language-model search to quote you first, not your competitors.

But here one thing in common is that LLMs love to hallucinate and overshare. A new study from Columbia Journalism Review showed that AI search engines and chatbots, such as OpenAI's ChatGPT Search, Perplexity, Deepseek Search, Microsoft Copilot, Grok and Google's Gemini, are just wrong, way too often.

If you want to learn of how SEO change to GEO and how companies are trying to rank higher in AI Search Engines, you can read this blog!

⚠️ Five Risk Vectors Hiding in AI Search

1. Hallucination Hype → Brand & Safety Damage

When Google’s AI told users to eat a rock a day for minerals (or and the pizza-glue fiasco) it scraped decade-old joke posts from Reddit and spat them back as culinary advice. Imagine if the source if your brand website...

Mitigation: Publish concise, up-to-date FAQ blocks that AI can lift verbatim. Monitor answers weekly with some AI Search Monitoring tools.

2. Prompt-Injection & Data Spill

Security researchers keep jail-breaking Bing and ChatGPT with crafty prompts, exposing hidden system messages and policy text.

Mitigation: Treat AI crawlers like untrusted users, rate-limit unknown referrers, sanitize user-generated content, and log GPTBot traffic for anomalies. Cloudfare have the Trapping misbehaving bots in an AI Labyrinth technique.

3. Malicious Link Poisoning

Cyber-crooks are already gaming answer engines: Malwarebytes found fake “AI video generators” ranking in LLM answers that redirect to info-stealers.

Mitigation:

• Enforce HTTPS and HSTS across all sub-domains.

• Run a real-time threat-intel feed against outbound links you publish.

• Set up Google Safe Browsing & Microsoft SmartScreen API checks before you ever embed a link.

4. Copyright & IP Minefields

The New York Times is suing OpenAI and Microsoft for training models on paywalled articles. Courts haven’t decided whether ingesting your content counts as “fair use” but we will see more like these issues in the future, and as one my friends says, once it is published in internet, you can not control what people is going to do with that…

Mitigation:

• Add llms.txt alongside robots.txt to spell out what parts of your site the bots may crawl.

• Watermark premium PDFs and hide them behind authentication (probably this is the only one that will mitigate and stop OpenAI).

• Pick clear licenses (e.g., CC-BY-NC) for any free resources.

5. Compliance (EU AI Act & Others)

From February 2025 the EU AI Act starts penalizing “high-risk” AI deployments fines up to €35 million or 7 % of global turnover. Even if you only use AI search widgets on-site, you’re a “deployer” with transparency duties.

Mitigation: Keep an AI-asset inventory, record which models touch personal data, and add a short disclosure banner for EU visitors.