Vector pinning
Attacker uses a long-lived public document (Wikipedia stub, GitHub README) as a pinned source the AI app trusts.
Severity: highOWASP LLM: LLM04
How it works
Some operators allowlist specific high-trust domains. If the attacker can edit a page on those domains, they get persistent injection.
Example payload
[Edit on a high-trust wiki: subtle policy reversal in a footnote.]
Defenses
Snapshot allowlisted sources and review diffs. Avoid blanket trust of public domains.