Jan 29 2026
What The Latest Web Almanac Report Reveals About Bots, CMS Influence & llms.txt via @sejournal, @theshelleywalsh

The Web Almanac is an annual report that translates the HTTP Archive dataset into practical insight, combining large-scale measurement with expert interpretation from industry experts.

To get insights into what the 2025 report can tell us about what is actually happening in SEO, I spoke with one of the authors of the SEO chapter update, Chris Green, a well-known industry expert with over 15 years of experience.

Chris shared with me some surprises about the adoption of llms.txt files and how CMS systems are shaping SEO far more than we realize. Little-known facts that the data surfaced in the research, and surprising insights that usually would go unnoticed.

You can watch the full interview with Chris on the IMHO recording at the end, or continue reading the article summary.

“I think the data [in the Web Almanac] helped to show me that there’s still a lot broken. The web is really messy. Really messy.”

Bot Management Is No Longer ‘Google, Or Not Google?’

Although bot management has been binary for some time – allow/disallow Google – it’s becoming a new challenge. Something that Eoghan Henn had picked up previously, and Chris found in his research.

We began our conversation by talking about how robots files are now being used to express intent about AI crawler access.

Chris responded to say that, firstly, there is a need to be conscious of the different crawlers, what their intention is, and fundamentally what blocking them might do, i.e., blocking some bots has bigger implications than others.

Second to that, requires the platform providers to actually listen to those rules and treat those files as appropriate. That isn’t always happening, and the ethics around robots and AI crawlers is an area that SEOs need to know about and understand more.

Chris explained that although the Almanac report showed the symptom of robots.txt usage, SEOs need to get ahead and understand how to control the bots.

“It’s not only understanding what the impact of each [bot/crawler] is, but also how to communicate that with the business. If you’ve got a team who want to cut as much bot crawling as possible because they want to save money, that might desperately impact your AI visibility.”

Equally, you might have an editorial team that doesn’t want to get all of their work scraped and regurgitated. So, we, as SEOs, need to understand that dynamic, how to control it technically, but how to put that argument forward in the business as well.” Chris explained.

As more platforms and crawlers are introduced, SEO teams will have to consider all implications, and collaborate with other teams to ensure the right balance of access is applied to the site.

Llms.txt Is Being Applied Despite No Official Platform Adoption 

The first surprising finding of the report was that adoption for the proposed llms.txt standard is around 2% of sites in the dataset.

Llms.txt has been a heated topic in the industry, with many SEOs dismissing the value of the file. Some tools, such as Yoast, have included the standard, but as yet, there has been no demonstration of actual uptake by AI providers.

Chris admitted that 2% was a higher adoption than he expected. But much of that growth appears to be driven by SEO tools that have added llms.txt as a default or optional feature.

Chris is skeptical of its long-term impact. As he explained, Google has repeatedly stated it does not plan to use llms.txt, and without clear commitment from the major AI providers, especially OpenAI, it risks remaining a niche, symbolic gesture rather than a functional standard.

That said, Chris has experienced log-file data suggesting some AI crawlers are already fetching these files, and in limited cases, they may even be referenced as sources. Green views this less as a competitive advantage and more as a potential parity mechanism, something that may help certain sites be understood, but not dramatically elevate them.

“Google has time and again said they don’t plan to use llms.txt which they reiterated in Zurich at Search Central last year. I think, fundamentally, Google doesn’t need it as they do have crawling and rendering nailed. So, I think it hinges on whether OpenAI say they will or won’t use it and I think they have other problems than trying to set up a new standard.”

Different, But Reassuringly The Same Where It Matters

I went on to ask Chris about how SEOs can balance the difference between search engine visibility and machine visibility.

He thinks there is “a significant overlap between what SEO was before we started worrying about this and where we are at the start of 2026.”

Despite this overlap, Chris was clear that if anyone thinks optimizing for search and machines is the same, then they are not aware of the two different systems, the different weightings, the fact that interpretation, retrieval, and generation are completely different.

Although there are different systems and different capabilities in play, he doesn’t think SEO has fundamentally changed. His belief is that SEO and AI optimization are “kind of the same, reassuringly the same in the places that matter, but you will need to approach it differently” because it diverges in how outputs are delivered and consumed.

Chris did say that SEOs will move more towards feeds, feed management, feed optimization.

“Google’s universal commerce protocol where you could potentially transact directly from search results or from a Gemini window obviously changes a lot. It’s just another move to push the website out of the loop. But the information, what we’re actually optimizing still needs to be optimized. It’s just in a different place.”

CMS Platforms Shape The Web More Than SEOs Realize

Perhaps the biggest surprise from Web Almanac 2025 was the scale of influence exerted by CMS platforms and tooling providers.

Chris said that he hadn’t realized just how big that impact is. “Platforms like Shopify, Wix, etc. are shaping the actual state of tech SEO probably more profoundly than I think a lot of people truly give it credit for.”

Chris went on to explain that “as well-intentioned as individual SEOs are, I think our overall impact on the web is minimal outside of CMS platforms providers. I would say if you are really determined to have an impact outside of your specific clients, you need to be nudging WordPress or Wix or Shopify or some of the big software providers within those ecosystems.”

This creates opportunity: Websites that do implement technical standards correctly could achieve significant differentiation when most sites lag behind best practices.

One of the more interesting insights from this conversation was that so much on the web is broken and how little impact we [SEOs] really have.

Chris explained that “a lot of SEOs believe that Google owes us because we maintain the internet for them. We do the dirty work, but I also don’t think we have as much impact perhaps at an industry level as maybe some like to believe. I think the data in the Web Almanac kind of helped show me that there’s still a lot broken. The web is really messy. Really messy.”

AI Agents Won’t Replace SEOs, But They Will Replace Bad Processes

Our conversation concluded with AI agents and automation. Chris started by saying, “Agents are easily misunderstood because we use the term differently.”

He emphasized that agents are not replacements for expertise, but accelerators of process. Most SEO workflows involve repetitive data gathering and pattern recognition, areas well-suited to automation. The value of human expertise lies in designing processes, applying judgment, and contextualizing outputs.

Early-stage agents could automate 60-80% of the work, similar to a highly capable intern. “It’s going to take your knowledge and your expertise to make that applicable to your given context. And I don’t just mean the context of web marketing or the context of ecommerce. I mean the context of the business that you’re specifically working for,” he said.

Chris would argue that a lot of SEOs don’t spend enough time customizing what they do to the client specifically. He thinks there’s an opportunity to build an 80% automated process and then add your real value when your human intervention optimizes the last 20% business logic.

SEOs who engage with agents, refine workflows, and evolve alongside automation are far more likely to remain indispensable than those who resist change altogether.

However, when experimenting with automation, Chris warned we should avoid automating broken processes.

“You need to understand the process that you’re trying to optimize. If the process isn’t very good, you’ve just created a machine to produce mediocrity at scale, which frankly doesn’t help anyone.”

Chris thinks that this will give SEOs an edge as AI is more widely adopted. “I suggest the people that engage with it and make those processes better and show how they can be continually evolved, they’ll be the ones that have greater longevity.”

SEOs Can Succeed By Engaging With The Complexity

The Web Almanac 2025 doesn’t suggest that SEO is being replaced, but it does show that its role is expanding in ways many teams haven’t fully adapted to yet. Core principles like crawlability and technical hygiene still matter, but they now exist within a more complex ecosystem shaped by AI crawlers, feeds, closed systems, and platform-level decisions.

Where technical standards are poorly implemented at scale, those who understand the systems that shape them can still gain a meaningful advantage.

Automation works best when it accelerates well-designed processes and fails when it simply scales inefficiency. SEOs who focus on process design, judgment, and business context will remain essential as automation becomes more common.

In an increasingly messy and machine-driven web, the SEOs who succeed will be those willing to engage with that complexity rather than ignore it.

SEO in 2026 isn’t about choosing between search and AI; it’s about understanding how multiple systems consume content and where optimization now happens.

Watch the full video interview with Chris Green here:

Thank you to Chris Green for offering his insights and being my guest on IMHO.

More Resources: 

Featured Image: Shelley Walsh/Search Engine Journal

Ecommerce MGMT 0 Comments
Jan 29 2026
How Visibility Compounds In Brand-Led SEO via @sejournal, @TaylorDanRW

If building a brand is the new SEO cliche, then how visibility compounds is the part that rarely gets explained.

We can all agree, at least on principle, that repeated brand exposure matters. Brands become familiar because they appear consistently over time and across contexts. What is less well understood is how search visibility builds on itself, how it becomes easier to grow once you reach a certain threshold, and why this is often the difference between content that merely exists and content that genuinely drives preference.

This matters because the pressure around AI and LLM visibility has changed the tone of marketing conversations. Leaders want speed. They want the benefits of brand strength without the lead time it typically requires.

That gap between expectation and reality is where many teams end up panicking, producing more content, chasing more mentions, and hoping the sheer volume will create momentum and increase mental availability. That approach rarely works, because compounding is not the same as doing more. Compounding is what happens when each new piece of visibility makes the next one easier to earn.

What “Visibility Compounding” Actually Means

Visibility compounding is the effect where early wins create structural advantages that improve your ability to win again later. This is not an abstract concept, because in SEO, once you start to earn consistent impressions and real engagement across a topic area, certain things tend to follow in a fairly predictable way.

Your pages often get crawled more frequently because the site is being discovered, used, and referenced across the wider web, while your content becomes easier to rank because it sits inside a network of related pages rather than existing as isolated assets. Your internal linking becomes more meaningful because you are connecting real clusters of intent rather than trying to force relevance where it does not exist, and your brand becomes more familiar to users, which quietly improves your ability to earn clicks, repeat visits, and deeper browsing.

None of these things are brand building in the traditional sense, but they are the mechanics that can make brand building cheaper, faster, and more resilient over time. A simple way to describe it is that visibility compounds when your presence creates signals that make your future presence more likely.

Compounding Starts Before Loyalty

One of the reasons SEOs struggle with the brand conversation is that loyalty feels like the finish line, and when nobody is loyal yet, it can feel like the brand work is failing. I feel that this is because, as marketers, we’re trained to look at the conversion funnel, with loyalty/advocacy being the “end-goal.”

Image by Paulo Bobita/Search Engine Journal

In reality, compounding begins much earlier than loyalty, typically with recognition.

If a prospect sees your brand name in search results, then sees it again in a different query a few days later, and then sees it again while they are comparing options, something changes: You are no longer unknown and are now familiar enough to be considered. This is not emotional loyalty; it is mental availability, and it is the earliest stage of preference, which is where SEO can contribute more than many marketers realize.

This is also where AI complicates the picture; users may click less often, but they are still being exposed to sources, brands, and repeated content. Even when attribution becomes harder, the effect of familiarity still exists, and the question is whether your visibility is strong enough for familiarity to form at all.

One Strong Piece Of Content Is Rarely A Strategy

Many teams still treat content like a set of isolated tactical bets, such as one flagship thought leadership piece, one big report, one digital PR campaign, or one new pillar page. These can be valuable, but on their own, they do not tend to compound, because compounding needs continuity and coverage, and it needs a user to see you again and again in ways that feel natural rather than forced.

The truth is that a single great piece of content usually becomes a moment rather than a system, and while a moment might win attention for a week, a system keeps you present for months. Single pieces of content can be fantastic catalysts, but they require support, ladder-up tactics, and more than just distribution to turn them into brand assets that compound visibility.

How Compounding Usually Unfolds

When visibility truly compounds, it often follows a simple loop, even if it takes time to build. It usually starts with coverage, where you publish content that answers real queries, it gets indexed, it earns impressions, and the early performance may be modest, but it establishes presence.

Then you start to earn credibility, because some pages begin to attract links, mentions, engagement signals, and repeat discovery, and you become a source that is referenced rather than a page that exists. Over time, repetition kicks in, users see you again, they click more readily, they browse deeper, they return later, and your brand starts to feel like part of the landscape for that topic.

This is where the system begins to create momentum, because new content can rank faster as it is not fighting for relevance alone, and it is supported by an ecosystem that already signals topical authority and user demand.

Distribution Is Often The Real Differentiator

A lot of SEO conversations get stuck on quality, as though quality is a clear and objective threshold that guarantees results, and quality does matter. The problem is that quality is rarely the differentiator once you are operating in a competitive market, because the differentiator is often distribution.

If your content is not being seen, it cannot compound, and if your digital PR work is not creating repeated brand touchpoints, it cannot compound, while leadership content that does not earn readership cannot compound either. You do not need a perfect piece of content, but you do need content that gets consumed, referenced, and remembered.

This can be uncomfortable for organizations because it makes the work feel less controllable, since writing and publishing can be done internally, but distribution forces you to compete for attention in a public arena. If you want compounding effects, you have to treat distribution as a core capability rather than a nice-to-have.

Visibility Compounding Makes Brand Outcomes Realistic

This is the missing link in much of the current industry advice. Brand building is real, but it is slow, and visibility building is measurable, but it is not always meaningful, and compounding is what connects the two.

When you build visibility in a way that compounds, you create the conditions for brand outcomes to emerge, because familiarity becomes preference over time, preference becomes repeat engagement, repeat engagement becomes trust, and trust becomes the ability to win even when the channel changes.

That last part is what matters most going into 2026, because AI search and LLM interfaces will keep evolving, attribution will remain messy, the surfaces will shift, and traffic patterns will wobble. Brands that rely on isolated wins will keep feeling exposed, while brands that rely on compounding visibility will feel anchored, because their presence is not tied to one page, one keyword set, or one campaign.

What To Focus On If You Want Compounding Effects

If you want visibility to compound, you need to stop thinking only in terms of content output and start thinking in terms of coverage and reinforcement. You build around themes rather than one-off ideas, you publish sequences rather than isolated pieces, and you connect content so it behaves like an ecosystem rather than a library.

You also measure success in a way that reflects compounding, meaning you look beyond whether a page performed in isolation and ask whether it improved your ability to perform again. If content does not make the next piece easier to win, it may still be useful, but it is not compounding.

The Question SEO Leaders Should Be Asking

If AI has forced one useful change in SEO, it is that it has exposed how brittle many visibility strategies really were. Ranking for a handful of high-volume queries was never the same as owning a topic, being present was never the same as being preferred, and building a brand was never something you could do by simply saying the words.

The real question is not whether you need a brand to win in AI search, but whether your visibility strategy is designed to compound, or whether you are producing outputs and hoping time does the rest. Time compounds what is connected and reinforced, and it does not compound what is isolated.

More Resources:

Featured Image: KitohodkA/Shutterstock

Ecommerce MGMT 0 Comments
Jan 29 2026
New to Yoast SEO for Shopify: Enhanced pricing visibility in product schema 

We are excited to announce an update to our Offer schema within Yoast SEO for Shopify. This update introduces a more robust way to communicate pricing to search engines, specifically introducing sale price strikethroughs

What’s new? 

Previously, communicating a “sale” was often limited to showing a single price. With this update, we’ve refined how our schema handles the Offer object. You can now clearly define: 

  • The original price: The “base” price before any discounts. 
  • The sale price: The current active price the customer pays. 

Why this matters 

When search engines understand the relationship between your original and sale prices, they can better represent your deals in search results. This update is designed to help trigger those eye-catching strikethrough price treatments in Google Shopping and organic snippets, improving your click-through rate by visually highlighting the value you’re offering. 

How to use it 

The schema automatically bridges the gap between your product data and the structured data output. Simply ensure your product’s “Regular Price” and “Sale Price” are populated, and our updated schema handles the rest. For more information about the structured data included with all our products, check out our structured data feature page.

Get started

If you are a Yoast SEO for Shopify customer, you can access your product schema by opening a product in the Yoast product editor in your Shopify store. If you are not a customer and want to learn more, you can start a 14 day free trial of Yoast SEO for Shopify from the Shopify App Store.

Avatar of Beth Parker


Beth Parker

Beth is Product Marketing Manager at Yoast. Before joining the company, she honed her digital marketing and project management skills in various in-house and agency environments.

Ecommerce MGMT 0 Comments
Jan 29 2026
What is the open web?

The open web is the part of the internet built on open standards that anyone can use. This concept creates a democratic digital space where people can build on each other’s work without restrictions, just like how WordPress.org is built. For website owners, understanding and leveraging the open web is increasingly crucial. Especially with the rise of AI-powered systems and the general direction that online search is taking. So, let’s explore what the open web is and what it means for your website.

What is the open web?

The open web refers to the part of the internet built on open, shared standards that are available to everyone. It’s powered by technologies like HTTP, HTML, RSS, and Schema.org, which make it easy for websites and online systems to interact with each other. But it is more than just technical protocols. It also includes open‑source code, public APIs, and the free flow of data and content across sites, services, and devices. Creating a democratic digital space where people can build on each other’s work without heavy restrictions.

Because these standards are not owned or patented, the open web remains largely decentralized. This allows content to be accessed, understood, and reused across devices and platforms. This not only encourages innovation but also ensures that information is discoverable without being locked behind proprietary ecosystems.

The benefits of an open web

The open web is built on publicly available protocols that enable access, collaboration, and innovation at a global scale. 

The most important benefits include:

  • Collaboration and innovation: Open protocols enable developers to build on each other’s work without proprietary restrictions.
  • Accessibility: Users and AI agents alike can access and interact with web content regardless of device, platform, or underlying technology.
  • Democratization: No single company controls access to information, giving publishers greater autonomy.
  • Inclusion: The open web creates a more level playing field, where everyone gets a chance to participate in the digital economy.

The open web vs the deep web

To give you a better idea of what the open web is, it helps to know about the “deep web” and closed or “walled garden” platforms. The deep web covers content not indexed by search engines, while closed systems or walled gardens restrict access and keep data siloed.

On the open web, anyone can access information freely. A good example of that is Wikipedia. Accessible to anyone looking for information on a topic and anyone who wants to contribute to its content. Closed-off platforms, like proprietary apps or social media ecosystems, create places where content is only available if you pay or use a specific service. Well-known examples of this are social media platforms such as Facebook and Instagram. Another example is a news website that requires a paid subscription to get access.

In essence, the open web keeps information discoverable, accessible, and interoperable – instead of locked inside a handful of platforms.

AI and the open web

The popularity of AI-powered search makes open web principles more important than ever. Decentralized and accessible information allows AI tools to interact with content directly and use it freely to generate an answer for a user. 

“We believe the future of AI is grounded in the open web.” 

Ramanathan Guha, CVP and Technical Fellow at Microsoft. 

Microsoft’s open project NLWeb is a prime example. It provides a standardized layer that enables AI agents to discover, understand, and interact with websites efficiently, without needing separate integrations for every platform. 

What this means for website owners

For website owners, including small business owners, embracing the open web means making your content freely available in ways that AI can interpret. By using structured data standards like Schema.org, your website becomes discoverable to AI tools. Increasing your reach and ensuring that your content remains part of the future of search. 

Yoast and Microsoft: collaborating towards a more open web

Yoast is proud to collaborate with NLWeb, a Microsoft project that makes your content easier to understand for AI agents without extra effort from website owners. Allowing your content to remain discoverable, reach a wider audience with and show up in AI-powered search results.  

The open web strives towards an accessible web where content is available for everyone. A web where it doesn’t matter how big your website or marketing budget is. Giving everyone the chance to be found and represented in AI-powered search. NLWeb helps turn this vision into reality by connecting today’s open web with tomorrow’s AI-driven search ecosystem 

Read more: Yoast collaborates with Microsoft to help AI understand Open Web »

Avatar of Camille Cunningham


Camille Cunningham

Camille is a content specialist at Yoast. As part of the Search team, she enjoys creating content that helps you master SEO.

Ecommerce MGMT 0 Comments
Jan 29 2026
Chrome Updated With 3 AI Features Including Nano Banana via @sejournal, @martinibuster

Gemini in Chrome has just been refreshed with three new features that integrate more Gemini capabilities within Chrome for Windows, MacOS, and Chromebook Plus. The update adds an AI side panel, agentic AI Auto Browse, and Nano Banana image editing of whatever image is in the browser window.

AI Side Panel For Multitasking

Chrome adds a new side panel that enables users to slide open a side panel to open up a session with Gemini without having to jump around across browser tabs. The feature is described as a way to save time by making it easier to multitask.

Google explains:

“Our testers have been using it for all sorts of things: comparing options across too-many-tabs, summarizing product reviews across different sites, and helping find time for events in even the most chaotic of calendars.”

Opt-In Requirement For AI Chat

Before enabling the side panel AI chat feature, a user must first consent to sending their URLs and browser data back to Google.

Screenshot Of Opt-In Form

Nano Banana In Chrome

Using the AI side panel, users can tell it to update and change an image in the browser window without having to do any copying, downloading, or uploading. Nano banana will change it right there in the open browser window.

Chrome Autobrowse (Agentic AI)

This feature is for subscribers of Google’s AI Pro and Ultra tiers. Autobrowse enables an agentic AI to take action on behalf of the user. It’s described as being able to researching hotel and flights and doing cost comparisons across a given range of dates, obtaining quotes for work, and checking if bills are paid.

Autobrowse is multimodal which means that it can identify items in a photo then go out and find where they can be purchased and add them to a cart, including adding any relevant discount codes. If given permission, the AI agent can also access passwords and log in to online stores and services.

Adds More Features To Existing Ones

Google announced on January 12, 2026 that Chrome’s AI was upgraded with app connections, able to connect to Calendar, Gmail,Google Shopping, Google Flights, Maps, and YouTube. This is part of Google’s Personal Intelligence initiative, which it said is Google’s first step toward a more personalized AI assistant.

Personalization And User Intent Extraction For AI Chat And Agents

On a related note, Google recently published a research paper that shows how an on-device and in-browser AI can extract a user’s intent so as to provide better personalized and proactive responses, pointing to how on-device AI may be used in the near future. Read Google’s New User Intent Extraction Method.

Featured Image by Shutterstock/f11photo

Ecommerce MGMT 0 Comments
Jan 29 2026
Why does having insights across multiple LLMs matter for brand visibility?

Search today looks very different from what it did even a few years ago. Users are no longer browsing through SERPs to make up their own minds; instead, they are asking AI tools for conclusions, summaries, and recommendations. This shift changes how visibility is earned, how trust is formed, and how brands are evaluated during discovery. In AI-driven search, large language models interpret information, decide what matters, and present a narrative on behalf of the user.

Table of contents

Key takeaways

  • Search has evolved; users now rely on AI for conclusions instead of traditional SERPs
  • Conversational AI serves as a new discovery layer, users expect quick answers and insights
  • Brands must navigate varied interpretations of their presence across different LLMs
  • Yoast AI Brand Insights helps track brand mentions and identify gaps in AI visibility across models
  • Understanding LLM brand visibility is crucial for modern brand strategy and perception

The rise of conversational AI as a discovery layer

“Assistant engines and wider LLMs are the new gatekeepers between our content and the person discovering that content – our potential new audience.” — Alex Moss

Search is no longer confined to typing queries into a search engine and scanning a list of links. Today’s discovery journey frequently begins with a conversation, whether that’s a typed question in a chatbot, a voice prompt to an AI assistant, or an embedded AI feature inside a platform people use every day.

This shift has made conversational AI a new layer of discovery, where users expect direct answers, recommendations, and curated insights that help them make decisions and build brand perception more quickly and confidently.

Discovery is happening everywhere

Users are now encountering AI-powered discovery across a range of interfaces:

AI chat interfaces

Tools like ChatGPT allow users to ask open-ended questions and follow up in a conversational manner. These interfaces interpret intent and tailor responses in a way that feels natural, making them a go-to for exploratory search.

Also read: What is search intent and why is it important for SEO?

Answer engines

Platforms such as Perplexity synthesize information from multiple sources and often cite them. They act as research helpers, offering concise summaries or explanations to complex queries.

Embedded AI experiences

AI is increasingly built directly into search and discovery environments that people already use. Examples include AI-assisted summaries within search results, such as Google’s AI Overviews, as well as AI features embedded in browsers, operating systems, and apps. In these moments, users may not even think of themselves as “using AI,” yet AI is already influencing what information is surfaced first and how it is interpreted.

This broad distribution of AI discovery surfaces means users now expect accessibility of information regardless of where they are, whether in a chat, an app, or embedded in the places they work, shop, and explore online.

How people are using AI in their day-to-day discovery

Users interact with conversational AI for a wide range of purposes beyond traditional search. These models increasingly guide decisions, comparisons, and exploration, often earlier in the journey than classic search engines.

Here are some prominent ways people use LLMs today:

Product comparisons

ChatGPT gives a detailed brand comparison

Rather than visiting multiple sites and aggregating reviews, there are 54% users who ask AI to compare products or services directly, for example, “How does Brand A compare to Brand B?” and “What are the pros and cons of X vs Y?” AI synthesizes information into a concise summary that often feels more efficient than browsing search results.

“Best tools for…” queries

Result by ChatGPT for “best crm software for smbs.”

Did you know 47% of consumers have used AI to help make a purchase decision?

AI users frequently ask for ranked suggestions or curated lists such as “best SEO tools for small businesses” or “top content optimization software.” These queries serve as discovery moments, where brands can be suggested alongside context and reasoning.

Trust and validation checks

Many users prompt AI models to validate decisions or confirm perceptions, for example, “Is Brand X reputable?” or “What do people say about Service Y?” AI responses blend sentiment, context, and summarization into one narrative, affecting how trust is formed.

Also read: Why is summarizing essential for modern content?

Idea generation and research exploration

In a study by Yext, it was found that 42% users employ AI for early-stage exploration, such as brainstorming topics, gathering potential search intents, or understanding broad categories before narrowing down specifics. AI user archetypes range from creators who use AI for ideation to explorers seeking deeper discovery.

local search results on chatgpt
ChatGPT recommendations for “best cheesecake places in Lucknow, India.”

AI is also used for local searches. For example, many users turn to AI tools to research local products or services, such as finding nearby businesses, comparing local options, or understanding community reputations. In a recent AI usage study by Yext, 68% of consumers reported using tools like ChatGPT to research local products or services, even as trust in AI for local information remains lower than traditional search.

In each of these moments, conversational AI doesn’t just surface brands; it frames them by summarizing strengths, weaknesses, use cases, and comparisons in a single response. These narratives become part of how users interpret relevance, trust, and fit far earlier in the decision-making process than in traditional search.

Not all LLMs interpret brands the same way

As conversational AI becomes a discovery layer, one assumption often sneaks in quietly: if your brand shows up well in one AI model, it must be showing up everywhere. In reality, that’s rarely the case. Large language models interpret, retrieve, and present brand information differently, which means relying on a single AI platform can give a very incomplete picture of your brand’s visibility.

To understand why, it helps to look at how some of the most widely used models approach answers and brand mentions.

How ChatGPT interprets brands

ChatGPT is often used as a general-purpose assistant. People turn to it for explanations, comparisons, brainstorming, and decision support. When it mentions brands, it tends to focus on contextual understanding rather than explicit sourcing. Brand mentions are frequently woven into explanations, recommendations, or summaries, sometimes without clear attribution.

From a visibility perspective, this means brands may appear:

  • As examples in broader explanations
  • As recommendations in “best tools” or comparison-style prompts
  • As part of a narrative rather than a cited source

The challenge is that brand mentions can feel correct and authoritative, while still being outdated, incomplete, or inconsistent, depending on how the prompt is phrased.

How Gemini interprets brands

Gemini is deeply connected to Google’s ecosystem, which influences how it understands and surfaces brand information. It leans more heavily on entities, structured data, and authoritative sources, and its outputs often reflect signals familiar to traditional SEO teams.

For brands, this means:

  • Visibility is closely tied to how well the brand is understood as an entity
  • Clear, consistent information across the web plays a bigger role
  • Mentions often align more closely with established sources

Gemini can feel more predictable in some cases, but that predictability depends on strong foundational signals and accurate brand representation across trusted platforms.

How Perplexity interprets brands

Perplexity positions itself as an answer engine rather than a general assistant. It emphasizes citations and source-backed responses, which makes it popular for research and comparison queries. When brands appear in Perplexity answers, they are often tied directly to cited articles, reviews, or documentation.

This creates a different visibility dynamic:

  • Brands may be surfaced only if they are referenced in cited sources
  • Freshness and topical relevance matter more
  • Competitors with stronger editorial or PR coverage may appear more often

Here, brand presence is tightly coupled with external content and how frequently that content is used as a reference.

How these models differ at a glance

AI Model How brands are surfaced What influences the visibility
ChatGPT Contextual mentions within explanations and recommendations Prompt phrasing, training data, general relevance
Gemini Entity-driven, aligned with authoritative sources Structured data, brand consistency, trusted signals
Perplexity Citation-based mentions tied to sources Content coverage, freshness, external references

Why brands need insights across multiple LLMs?

Once you see how differently large language models interpret brands, one thing becomes clear: looking at just one AI model gives you an incomplete picture. AI-driven discovery does not produce a single, consistent version of your brand. It produces multiple interpretations, shaped by the model, its data sources, and users’ interactions with it.

Must read: When AI gets your brand wrong: Real examples and how to fix it

Therefore, tracking across your brand across multiple brands is essential because:

Brand visibility is fragmented by default

Across different LLMs, the same brand can show up in very different ways:

  • Correctly represented in one model, where information is accurate and well-contextualized
  • Completely missing in another, even for relevant queries
  • Partially outdated or misrepresented in a third, depending on the sources being used

This fragmentation happens because each model processes and prioritizes information differently. Without visibility across models, it’s easy to assume your brand is ‘covered’ when, in reality, it may only be visible in one corner of the AI ecosystem.

Different audiences use different AI tools

AI usage is not concentrated in a single platform. People choose tools based on intent:

  • Some use conversational assistants for exploration and ideation
  • Others rely on citation-led answer engines for research
  • Many encounter AI passively through search or embedded experiences

If your brand appears in only one environment, you are effectively visible only to a subset of your audience. This mirrors challenges SEO teams already recognize from traditional search, where performance varies by device, location, and search feature. The difference is that with AI, these variations are less obvious and more challenging to track without dedicated insights.

Blind spots create real business risks

Limited visibility across LLMs doesn’t just affect awareness; it also impairs learning. Over time, it can lead to:

  • Inconsistent brand narratives, where AI tools describe your brand differently depending on where users ask
  • Missed demand, especially for comparison or “best tools for” queries
  • Competitors are being recommended instead, simply because they are more visible or better understood by a specific model

These outcomes are rarely intentional, but they can quietly influence brand perception and decision-making long before users reach your website.

So all these points point to one thing: a broader, multi-model view helps build a more complete understanding of brand visibility.

The challenge: LLM visibility is hard to measure

As brands start paying attention to how they appear in AI-generated content, a new problem becomes obvious: LLM visibility doesn’t behave like traditional search visibility. The signals are fragmented, opaque, and constantly changing, which makes tracking and understanding brand presence across AI models far more complex than tracking rankings or traffic.

Below are some key challenges brand marketers might face when trying to understand how their brand appears to large language models.

1. Lack of visibility across AI platforms

Different LLMs, such as ChatGPT, Gemini, and Perplexity, rely on various data sources, retrieval methods, and citation logic. As a result, the same brand may be mentioned prominently in one model, inconsistently in another, or not at all elsewhere.

Without a unified view, it’s difficult to answer basic questions like where your brand shows up, which AI tools mention it, and where the gaps are. This fragmentation makes it easy to overestimate visibility based on a single platform.

2. No clear insight into how AI describes your brand

AI models often mention brands as part of explanations, comparisons, or recommendations, but traditional analytics tools don’t capture how those brands are described. Teams lack visibility into tone, context, sentiment, or whether mentions are positive, neutral, or misleading.

This makes it hard to understand whether AI is reinforcing your intended brand positioning or subtly reshaping it in ways you can’t see.

3. No structured way to measure change over time

AI-generated answers are inherently dynamic. Small changes in prompts, updates to models, or shifts in underlying data can all influence how brands appear. Without consistent, longitudinal tracking, it’s nearly impossible to tell whether visibility is improving, declining, or simply fluctuating.

One-off checks may offer snapshots, but they don’t reveal trends or patterns that matter for long-term strategy.

4. Limited ability to benchmark against competitors

Seeing your brand mentioned in AI answers is a start, but it doesn’t tell you the whole story. The real question is what’s happening around it: which competitors appear more often, how they’re described, and who AI recommends when users are ready to decide.

Without comparative insights, teams struggle to understand whether AI visibility represents a competitive advantage or a missed opportunity.

5. Missing attribution and source clarity

Some AI models summarize or paraphrase information without clearly attributing sources. When brands are mentioned, it’s not always obvious which pages, articles, or properties influenced the response.

This lack of source visibility makes it difficult to connect AI mentions back to specific content efforts, PR coverage, or SEO work, leaving teams guessing what is actually driving brand representation.

6. Existing tools weren’t built for AI visibility

Traditional SEO and analytics platforms are designed around clicks, impressions, and rankings. They don’t capture AI-powered mentions, sentiment, or visibility trends because AI platforms don’t expose those signals in a structured way.

As a result, teams are left without reliable reporting for one of the fastest-growing discovery channels.

Together, these challenges point to a clear gap: brands need a new way to understand visibility that reflects how AI models surface and interpret information. This is where tools explicitly designed for AI-driven discovery, such as Yoast AI Brand Insights, come into play.

How does Yoast AI Brand Insights help?

It won’t be wrong to say that the AI-driven brand discovery can be fragmented and opaque; therefore, leading us to our next practical question: how do brand marketing teams actually make sense of it?

Traditional SEO tools weren’t built to answer that, which is where Yoast AI Brand Insights comes in. It’s designed to help users understand how brands appear in AI-generated answers and is available as part of Yoast SEO AI+.

Rather than focusing on rankings or clicks, Yoast AI Brand Insights focuses on visibility and interpretation across large language models.

Track brand mentions across multiple AI models

One of the biggest gaps in AI visibility is fragmentation. Brands may appear in one AI model but not in another, without any obvious signal to explain why. Yoast AI Brand Insights addresses this by tracking brand mentions across multiple AI platforms, including ChatGPT, Gemini, and Perplexity.

This gives teams a clearer view of where their brand appears, rather than relying on isolated checks or assumptions based on a single model.

Identify gaps, inconsistencies, and opportunities

AI-generated answers don’t just mention brands; they frame them. Yoast AI Brand Insights helps surface patterns in how a brand is described, making it easier to spot:

  • Where mentions are missing altogether
  • Where descriptions feel outdated or incomplete
  • Where competitors appear more frequently or more favorably

These insights turn AI visibility into something teams can actually act on, rather than a black box.

Shared insights for SEO, PR, and content teams

AI-driven discovery sits at the intersection of SEO, content, and brand communication. One of the strengths of Yoast AI Brand Insights is that it provides a shared view of AI visibility that multiple teams can use. SEO teams can connect AI mentions back to site signals, content teams can understand how messaging is interpreted, and PR or brand teams can see how external coverage influences AI narratives.

Instead of working in silos, teams get a common reference point for how the brand appears across AI-driven search experiences.

A natural extension of Yoast’s SEO philosophy

Yoast AI Brand Insights builds on principles Yoast has long emphasized: clarity, consistency, and understanding how search systems interpret content. As AI becomes part of how people discover brands, those same principles now apply beyond traditional search results and into AI-generated answers.

In that sense, Yoast AI Brand Insights isn’t about chasing AI trends. It’s about giving teams a more straightforward way to understand how their brand is represented, where discovery is increasingly happening.

AI-driven discovery is no longer an edge case. It’s becoming a regular part of how people explore options, validate decisions, and form opinions about brands. As large language models continue to evolve, the question for brands is not whether they appear in AI-generated answers, but whether they understand how they appear, where they appear, and what story is being told on their behalf. Gaining visibility into that layer is quickly becoming a foundational part of modern brand and search strategy.

Avatar of Ahad Qureshi
Ahad Qureshi

I’m a Computer Science grad who accidentally stumbled into writing—and stayed because I fell in love with it. Over the past six years, I’ve been deep in the world of SEO and tech content, turning jargon into stories that actually make sense. When I’m not writing, you’ll probably find me lifting weights to balance my love for food (because yes, gym and biryani can coexist) or catching up with friends over a good cup of chai.

Ecommerce MGMT 0 Comments
Jan 29 2026
The Way Your Agency Handles Leads Will Define Success in 2026 [Webinar] via @sejournal, @hethr_campbell

If you’ve made it this far, driving leads is no longer a challenge for you. 

The real issue is what happens after your leads come in. 

Are you seeing more missed calls than usual? 

Worried about not being able to follow up in time and losing the sale?

Poor handoffs of hot leads to your sales team cause leads to go cold, meaning your marketing budget spend is going to waste.

As speed-to-lead becomes a critical factor in conversion, agencies are being asked to prove ROI when clients struggle to respond fast enough. This disconnect is forcing teams to rethink how lead handling fits into campaign performance and long-term client trust.

In this session, Anthony Milia, President of Milia Marketing, and Bailey Beckham Constantino, Senior Partner Marketing Manager at CallRail, share how agencies are using AI to improve: 

  • Closing & conversion rates.
  • Client communication speed.

What You’ll Learn

Why Attend?

This webinar provides practical guidance for agencies looking to protect performance and demonstrate real results. You will gain clear examples and frameworks to improve conversions and client confidence heading into 2026.

Register now to see how AI-driven lead handling is shaping agency success in 2026.

🛑 Can’t make it live? Register anyway, and we’ll send you the on demand recording.

Ecommerce MGMT 0 Comments
Jan 29 2026
The Hidden SEO Cost Of A Slow WordPress Site & How It Affects AI Visibility via @sejournal, @wp_rocket

This post was sponsored by WP Media. The opinions expressed in this article are the sponsor’s own.

You’ve built a WordPress site you’re proud of. The design is sharp, the content is solid, and you’re ready to compete. But there’s a hidden cost you might not have considered: a slow site doesn’t just hurt your SEO-it now affects your AI visibility too.

With AI-powered search platforms such as ChatGPT and Google’s AI Overviews and AI Mode reshaping how people discover information, speed has never mattered more. And optimizing for it might be simpler than you think.

The conventional wisdom? “Speed optimization is technical and complicated.” “It requires a developer.” “It’s not that big a deal anyway.” These myths spread because performance optimization is genuinely challenging. But dismissing it because it’s hard? That’s leaving lots of untapped revenue on the table.

Here’s what you need to know about the speed-SEO-AI connection-and how to get your site up to speed without having to reinvent yourself as a performance engineer.

Why Visitors Won’t Wait For Your Site To Load (And What It Costs You)

Let’s start with the basics. When’s the last time you waited patiently for a slow website to load? Exactly.

slow-website

Google’s research shows that as page load time increases from one second to three seconds, the probability of a visitor bouncing increases by 32%. Push that to five seconds, and bounce probability jumps to 90%.

Think about it. You’re spending money on ads, content, and SEO to get people to your site-and then losing nearly half of them before they see anything because your pages load too slowly.

For e-commerce, the stakes are even higher:

  • A site loading in 1 second has a conversion rate 5x higher than one loading in 5 seconds.
  • 79% of shoppers who experience performance issues say they won’t return to buy again.
  • Every 1-second delay reduces customer satisfaction by 16%.

A slow site isn’t just losing one sale. It’s potentially losing you customers for life.

Website Speeds That AI and Visitors Expect

Google stopped being subtle about this in 2020. With the introduction of Core Web Vitals, page speed became an official ranking factor. If your WordPress site meets these benchmarks, you’re signaling quality to Google. If it doesn’t, you’re handing competitors an advantage.

Here’s the challenge: only 50% of WordPress sites currently meet Google’s Core Web Vitals standards.

That means half of WordPress websites have room to improve-and an opportunity to gain ground on competitors who haven’t prioritized performance.

The key metric to watch is Largest Contentful Paint (LCP)-how qhttps://wp-rocket.me/blog/website-load-time-speed-statistics/uickly your main content loads. Google wants this under 2.5 seconds. Hit that target, and you’re in good standing.

What most site owners miss: speed improvements compound. Better Core Web Vitals leads to better rankings, which leads to more traffic, which leads to more conversions. The sites that optimize first capture that momentum.

The AI Visibility Advantage: Why Speed Matters More Than Ever

Here’s where it gets really interesting-and where early movers have an edge.

The rise of AI-powered search tools like ChatGPT, Perplexity, and Google’s AI Overviews is fundamentally changing how people discover information. And here’s what most haven’t realized yet: page speed influences AI visibility too.

A recent study by SE Ranking analyzed 129,000 domains across over 216,000 pages to identify what factors influence ChatGPT citations. The findings on page speed were striking:

  • Fast pages (FCP under 0.4 seconds): averaged 6.7 citations from ChatGPT
  • Slow pages (FCP over 1.13 seconds): averaged just 2.1 citations

That’s a threefold difference in AI visibility based largely on how fast your pages load.

Why does this matter? Because 50% of consumers use AI-powered search today in purchase decisions. Sites that load fast are more likely to be cited, recommended, and discovered by a growing audience that starts their search with AI.

The opportunity: Speed optimization now serves double duty-it boosts your traditional SEO and positions you for visibility in an AI-first search landscape.

How To Improve Page Speed Metrics & Increase AI Citations

Speed, SEO, and AI visibility are now deeply connected.

Every day your site underperforms, you’re missing opportunities.

Your Page Speed Optimization Roadmap

Here’s your action plan:

  1. Audit your current speed.
  2. Identify the bottlenecks.
  3. Implement a comprehensive solution. Rather than patching issues one plugin at a time, use an all-in-one performance tool that addresses caching, code optimization, and media loading together.
  4. Monitor and maintain. Speed isn’t a one-time fix. Track your metrics regularly to ensure you’re maintaining performance as you add content and features.

Step 1: Audit Your Current Website Speed

To best identify where the source of your slow website lies and build a baseline to test against, you must perform a website speed test audit.

  1. Visit Google’s PageSpeed Insights tool.
  2. Compare your Core Web Vitals results scores to your industry’s CWV baseline.
  3. Identify which scores are lowest before moving to step 2.

Step 2: Identify Your Page Speed Bottlenecks

Is it unoptimized images? Render-blocking JavaScript? Too many plugins? Understanding the issue helps you choose the right solution.

In fact, this is where most of your competitors drop the ball, allowing you to pick it up and outperform their websites on SERPs. For business owners focused on running their company, this often falls to the bottom of the priority list.

Why? Because traditional website speed optimization involves a daunting technical website testing checklist that includes, but isn’t limited to:

  • Implementing caching
  • Minifying CSS and JavaScript files
  • Lazy loading images and videos
  • Removing unused CSS
  • Delaying JavaScript execution
  • Optimizing your database
  • Configuring a CDN

Step 3: Implement Fixes & Best Practices

From here, each potential cause of a slow website and low CWV scores can be fixed:

The Easy Way: Use The WP Rocket Performance Plugin

Time To Implement: 3 minutes | Download WP Rocket

Rather than piecing together multiple plugins and manually tweaking settings, you get an all-in-one approach that handles the heavy lifting automatically. This is where purpose-built performance technology can change the game.

The endgame is to remove the complexity from WordPress optimization:

  • Instant results. For example, upon activation, WP Rocket implements 80% of web performance best practices without requiring any configuration. Page caching, GZIP compression, CSS and JS minification, and browser caching are just a few of the many optimizations that run in the background for you.
  • No coding required. Advanced features such as lazy-loading images, removing unused CSS, and delaying JavaScript are available via simple toggles.
  • Built-in compatibility. It’s designed to work with popular themes, plugins, page builders, and WooCommerce.
  • Performance tracking included. Built-in tool lets you monitor your speed improvements and Core Web Vitals scores without leaving your dashboard.

The goal isn’t to become a performance expert. It’s to have a fast website that supports your business objectives. When optimization happens in the background, you’re free to focus on what you actually do best.

For many, shifting tactics can cause confusion and unnecessary complexity. Utilizing the right technology makes implementing them so much easier and ensures you maximize AI visibility and website revenue.

A three-minute fix can make a huge difference to how your WordPress site performs.

Ready to get your site up to speed?

optimize-site-speed-with-wp-rocke

Explore How WP Rocket Can Boost Your Performance, SEO, and AI Visibility

Image Credits

Featured Image: Image by WP Media. Used with permission.

In-Post Images: Image by WP Media. Used with permission.

Ecommerce MGMT 0 Comments
Jan 29 2026
The Download: A bid to treat blindness, and bridging the internet divide

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology.

The first human test of a rejuvenation method will begin “shortly”

Life Biosciences, a small Boston startup founded by Harvard professor and life-extension evangelist David Sinclair, has won FDA approval to proceed with the first targeted attempt at age reversal in human volunteers.

The company plans to try to treat eye disease with a radical rejuvenation concept called “reprogramming” that has recently attracted hundreds of millions in investment for Silicon Valley firms like Altos Labs, New Limit, and Retro Biosciences, backed by many of the biggest names in tech. Read the full story.

—Antonio Regalado

Stratospheric internet could finally start taking off this year

Today, an estimated 2.2 billion people still have either limited or no access to the internet, largely because they live in remote places. But that number could drop this year, thanks to tests of stratospheric airships, uncrewed aircraft, and other high-altitude platforms for internet delivery.

Although Google shuttered its high-profile internet balloon project Loon in 2021, work on other kinds of high-altitude platform stations has continued behind the scenes. Now, several companies claim they have solved Loon’s problems—and are getting ready to prove the tech’s internet beaming potential starting this year. Read the full story.

—Tereza Pultarova

OpenAI’s latest product lets you vibe code science

OpenAI just revealed what its new in-house team, OpenAI for Science, has been up to. The firm has released a free LLM-powered tool for scientists called Prism, which embeds ChatGPT in a text editor for writing scientific papers.

The idea is to put ChatGPT front and center inside software that scientists use to write up their work in much the same way that chatbots are now embedded into popular programming editors. It’s vibe coding, but for science. Read the full story.

—Will Douglas Heaven

MIT Technology Review Narrated: This Nobel Prize–winning chemist dreams of making water from thin air

Most of Earth is covered in water, but just 3% of it is fresh, with no salt—the kind of water all terrestrial living things need. Today, desalination plants that take the salt out of seawater provide the bulk of potable water in technologically advanced desert nations like Israel and the United Arab Emirates, but at a high cost.

Omar Yaghi, is one of three scientists who won a Nobel Prize in chemistry in October 2025 for identifying metal-­organic frameworks, or MOFs—metal ions tethered to organic molecules that form repeating structural landscapes. Today that work is the basis for a new project that sounds like science fiction, or a miracle: conjuring water out of thin air.

This is our latest story to be turned into a MIT Technology Review Narrated podcast, which we’re publishing each week on Spotify and Apple Podcasts. Just navigate to MIT Technology Review Narrated on either platform, and follow us to get all our new content as it’s released.

The must-reads

I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology.

1 TikTok has settled its social media addiction lawsuit
Just before it was due to appear before a jury in California. (NYT $)
+ But similar claims being made against Meta and YouTube will proceed. (Bloomberg $)

2 AI CEOs have started condemning ICE violence
While simultaneously praising Trump. (TechCrunch)
+ Apple’s Tim Cook says he asked the US President to “deescalate” things. (Bloomberg $)
+ ICE seems to have a laissez faire approach to preserving surveillance footage. (404 Media)

3 Dozens of CDC vaccination databases have been frozen
They’re no longer being updated with crucial health information under RFK Jr. (Ars Technica)
+ Here’s why we don’t have a cold vaccine. Yet. (MIT Technology Review)

4 China has approved the first wave of Nvidia H200 chips
After CEO Jensen Huang’s strategic visit to the country. (Reuters)

5 Inside the rise of the AI “neolab”
They’re prioritizing longer term research breakthroughs over immediate profits. (WSJ $)

6 How Anthropic scanned—and disposed of—millions of books 📚
In an effort to train its AI models to write higher quality text. (WP $)

7 India’s tech workers are burning out
They’re under immense pressure as AI gobbles up more jobs. (Rest of World)
+ But the country’s largest IT firm denies that AI will lead to mass layoffs. (FT $)
+ Inside India’s scramble for AI independence. (MIT Technology Review)

8 Google has forced a UK group to stop comparing YouTube to TV viewing figures
Maybe fewer people are tuning in than they’d like to admit? (FT $)

9 RIP Amazon grocery stores 🛒
The retail giant is shuttering all of its bricks and mortar shops. (CNN)
+ Amazon workers are increasingly worried about layoffs. (Insider $)

10 This computing technique could help to reduce AI’s energy demands
Enter thermodynamic computing. (IEEE Spectrum)
+ Three big things we still don’t know about AI’s energy burden. (MIT Technology Review)

Quote of the day

“Oh my gosh y’all, IG is a drug.”

—An anonymous Meta employee remarks on Instagram’s addictive qualities in an internal  document made public as part of a social media addiction trial Meta is facing, Ars Technica reports.

One more thing

How AI and Wikipedia have sent vulnerable languages into a doom spiral

Wikipedia is the most ambitious multilingual project after the Bible: There are editions in over 340 languages, and a further 400 even more obscure ones are being developed. But many of these smaller editions are being swamped with AI-translated content. Volunteers working on four African languages, for instance, estimated to MIT Technology Review that between 40% and 60% of articles in their Wikipedia editions were uncorrected machine translations.

This is beginning to cause a wicked problem. AI systems learn new languages by scraping huge quantities of text from the internet. Wikipedia is sometimes the largest source of online linguistic data for languages with few speakers—so any errors on those pages can poison the wells that AI is expected to draw from. Volunteers are being forced to go to extreme lengths to fix the issue, even deleting certain languages from Wikipedia entirely. Read the full story

—Jacob Judah

We can still have nice things

A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or skeet ’em at me.)

+ This singing group for people in Amsterdam experiencing cognitive decline is enormously heartwarming ($)
+ I enjoyed this impassioned defense of the movie sex scene.
+ Here’s how to dress like Steve McQueen (inherent cool not included, sorry)
+ Trans women are finding a home in the beautiful Italian town of Torvajanica ❤

Ecommerce MGMT 0 Comments
Jan 29 2026
Rules fail at the prompt, succeed at the boundary

From the Gemini Calendar prompt-injection attack of 2026 to the September 2025 state-sponsored hack using Anthropic’s Claude code as an automated intrusion engine, the coercion of human-in-the-loop agentic actions and fully autonomous agentic workflows are the new attack vector for hackers. In the Anthropic case, roughly 30 organizations across tech, finance, manufacturing, and government were affected. Anthropic’s threat team assessed that the attackers used AI to carry out 80% to 90% of the operation: reconnaissance, exploit development, credential harvesting, lateral movement, and data exfiltration, with humans stepping in only at a handful of key decision points.

This was not a lab demo; it was a live espionage campaign. The attackers hijacked an agentic setup (Claude code plus tools exposed via Model Context Protocol (MCP)) and jailbroke it by decomposing the attack into small, seemingly benign tasks and telling the model it was doing legitimate penetration testing. The same loop that powers developer copilots and internal agents was repurposed as an autonomous cyber-operator. Claude was not hacked. It was persuaded and used tools for the attack.

Prompt injection is persuasion, not a bug

Security communities have been warning about this for several years. Multiple OWASP Top 10 reports put prompt injection, or more recently Agent Goal Hijack, at the top of the risk list and pair it with identity and privilege abuse and human-agent trust exploitation: too much power in the agent, no separation between instructions and data, and no mediation of what comes out.

Guidance from the NCSC and CISA describes generative AI as a persistent social-engineering and manipulation vector that must be managed across design, development, deployment, and operations, not patched away with better phrasing. The EU AI Act turns that lifecycle view into law for high-risk AI systems, requiring a continuous risk management system, robust data governance, logging, and cybersecurity controls.

In practice, prompt injection is best understood as a persuasion channel. Attackers don’t break the model—they convince it. In the Anthropic example, the operators framed each step as part of a defensive security exercise, kept the model blind to the overall campaign, and nudged it, loop by loop, into doing offensive work at machine speed.

That’s not something a keyword filter or a polite “please follow these safety instructions” paragraph can reliably stop. Research on deceptive behavior in models makes this worse. Anthropic’s research on sleeper agents shows that once a model has learned a backdoor, then strategic pattern recognition, standard fine-tuning, and adversarial training can actually help the model hide the deception rather than remove it. If one tries to defend a system like that purely with linguistic rules, they are playing on its home field.

Why this is a governance problem, not a vibe coding problem

Regulators aren’t asking for perfect prompts; they’re asking that enterprises demonstrate control.

NIST’s AI RMF emphasizes asset inventory, role definition, access control, change management, and continuous monitoring across the AI lifecycle. The UK AI Cyber Security Code of Practice similarly pushes for secure-by-design principles by treating AI like any other critical system, with explicit duties for boards and system operators from conception through decommissioning.

In other words: the rules actually needed are not “never say X” or “always respond like Y,” they are:

  • Who is this agent acting as?
  • What tools and data can it touch?
  • Which actions require human approval?
  • How are high-impact outputs moderated, logged, and audited?

Frameworks like Google’s Secure AI Framework (SAIF) make this concrete. SAIF’s agent permissions control is blunt: agents should operate with least privilege, dynamically scoped permissions, and explicit user control for sensitive actions. OWASP’s Top 10 emerging guidance on agentic applications mirrors that stance: constrain capabilities at the boundary, not in the prose.

From soft words to hard boundaries

The Anthropic espionage case makes the boundary failure concrete:

  • Identity and scope: Claude was coaxed into acting as a defensive security consultant for the attacker’s fictional firm, with no hard binding to a real enterprise identity, tenant, or scoped permissions. Once that fiction was accepted, everything else followed.
  • Tool and data access: MCP gave the agent flexible access to scanners, exploit frameworks, and target systems. There was no independent policy layer saying, “This tenant may never run password crackers against external IP ranges,” or “This environment may only scan assets labeled ‘internal.’”
  • Output execution: Generated exploit code, parsed credentials, and attack plans were treated as actionable artifacts with little mediation. Once a human decided to trust the summary, the barrier between model output and real-world side effect effectively disappeared.

We’ve seen the other side of this coin in civilian contexts. When Air Canada’s website chatbot misrepresented its bereavement policy and the airline tried to argue that the bot was a separate legal entity, the tribunal rejected the claim outright: the company remained liable for what the bot said. In espionage, the stakes are higher but the logic is the same: if an AI agent misuses tools or data, regulators and courts will look through the agent and to the enterprise.

Rules that work, rules that don’t

So yes, rule-based systems fail if by rules one means ad-hoc allow/deny lists, regex fences, and baroque prompt hierarchies trying to police semantics. Those crumble under indirect prompt injection, retrieval-time poisoning, and model deception. But rule-based governance is non-optional when we move from language to action.

The security community is converging on a synthesis:

  • Put rules at the capability boundary: Use policy engines, identity systems, and tool permissions to determine what the agent can actually do, with which data, and under which approvals.
  • Pair rules with continuous evaluation: Use observability tooling, red-teaming packages, and robust logging and evidence.
  • Treat agents as first-class subjects in your threat model: For example, MITRE ATLAS now catalogs techniques and case studies specifically targeting AI systems.

The lesson from the first AI-orchestrated espionage campaign is not that AI is uncontrollable. It’s that control belongs in the same place it always has in security: at the architecture boundary, enforced by systems, not by vibes.

This content was produced by Protegrity. It was not written by MIT Technology Review’s editorial staff.

Ecommerce MGMT 0 Comments