Google's Prompt Injection Defenses Break Dictionary Search, Exposing AI Security Trade-offs

Google's AI Overviews now misinterpret command-style search terms like "disregard" and "ignore" as instructions to the AI rather than dictionary queries, failing to return standard definitions. The failures stem from content classifiers designed to block prompt injection attacks—where malicious instructions are embedded in inputs to manipulate AI behavior. The issue reveals a fundamental tension in deploying AI safety at scale: aggressive input filtering protects against adversarial exploitation but degrades legitimate functionality in edge cases. As AI systems proliferate in consumer applications, similar trade-offs between security and user experience will become unavoidable.