'Positive review only': Researchers hide AI prompts in papers

Original Article ↗ Hacker News Discussion ↗

Prompt injection, agents, and security concerns

  • Several commenters treat prompt injection as a fundamental architectural flaw, likening the current situation to pre–SQL-escaping days while people are already stacking “agents” on top.
  • Others argue we shouldn’t fix prompt injection so much as avoid relying on AI for serious tasks at all.
  • There’s anxiety about agents with shell access (“rm -rf” jokes, “yolo mode” agents provisioning infra) and recognition that this is no longer hypothetical. Some suggest sandboxing via VMs and backups.
  • A minority notes that models have become less gullible, and that “prompt engineering” has shifted from magic incantations to giving realistic context and goals.

Hidden prompts in papers: protest, honeypot, or fraud?

  • Core issue: authors embedding invisible instructions in manuscripts to force “positive review only” when run through LLMs.
  • Some see this as clever protest or a honeypot to expose prohibited AI use by “lazy reviewers,” analogous to Van Halen’s brown M&Ms or exam instruction traps.
  • Others consider it academic misconduct akin to biasing or bribing reviewers, arguing it unfairly advantages some submissions and should trigger formal sanctions.
  • Middle-ground view: purely diagnostic watermarks (“mention a cow,” or neutral tokens) are acceptable; anything that steers sentiment crosses an ethical line.

LLMs in peer review: capabilities and limits

  • Many commenters insist LLM-only peer review is unethical and epistemically unsound: models can’t truly assess novel findings, only echo corpus patterns.
  • Others note practical benefits: grammar/style fixes, spotting inconsistencies, checking policy compliance, or surfacing issues humans then verify.
  • Conferences often ban sharing submissions with external LLMs to prevent leaks into training data; local, air‑gapped models are discussed but policy applicability is unclear.
  • Reports from ML venues suggest AI-written reviews are already common, often over-focusing on self-declared “Limitations” sections.

Incentives and dysfunction in academic publishing

  • Several argue the peer-review system is overloaded and misused as a career gate, so low-effort and AI-driven reviews are predictable.
  • Journals are criticized as profiteering intermediaries: authors and reviewers are mostly unpaid while APCs and subscription fees are high. Others counter that editorial coordination, hosting, and copyediting are nontrivial work, though even supporters concede the prestige value (trust in rigorous review) is the main product.

AI beyond academia: hiring and detection

  • Parallel idea: job applicants hiding prompts in resumes to game AI screeners; experienced recruiters say such “resume hacks” are a negative human signal.
  • Cited research and anecdotal efforts embed invisible prompts or watermarks in text to statistically detect LLM-generated reviews; accuracy is above chance but far from perfect.