Cross-industryPrompt InjectionChatbotLow

Remoteli GPT-3 Twitter Bot Hijacked via Prompt Injection

A GPT-3 based Twitter bot by Remoteli.io was hijacked by users using prompt injection. The bot was designed to respond to mentions of remote work but was manipulated to output arbitrary phrases.

Remoteli.io · Incident Sep 1, 2022 · Indexed Jun 22, 2026 · 3 sources

User input was concatenated directly into the prompt, allowing attackers to override system instructions and hijack the bot's output.

Key facts

What
A GPT-3 based Twitter bot by Remoteli.io was hijacked by users using prompt injection.
Incident date
Sep 1, 2022
Who
Remoteli.io
Failure mode
Prompt Injection
AI surface
Chatbot
Severity
Low

What happened

Remoteli.io deployed a GPT-3 powered bot on Twitter to respond to discussions about remote work. Attackers discovered they could use prompt injection to override the bot's system instructions. This allowed them to force the bot to repeat phrases or generate embarrassing content.

What broke inside the model

Failure path · mode profile · Prompt Injection
  1. 01 · TriggerThe model reads retrieved or user-supplied text.
  2. 02 · Model stepThat text carries hidden instructions.
  3. 03 · Control gapNothing separates untrusted data from trusted commands.
  4. 04 · FailureThe injected instruction overrides the operator's.
  5. 05 · ConsequenceThe system acts on an outsider's intent.

At the injection point, retrieved text overrides the operator's instruction.

The bot failed to sanitize user input before incorporating it into the prompt sent to GPT-3. This allowed users to inject commands that overrode the system prompt, effectively taking control of the bot's output.

What it cost

Public visibilityHigh
Regulatory exposureNone
Customer impactFew customers
Financial impactUnknown
Time to disclosureHours

Sources

  1. PrimaryPrompt injection attacks against GPT-3simonwillison.net
  2. PressTwitter pranksters derail GPT-3 bot with newly discovered prompt injection hackarstechnica.com
  3. PressPrompt injection: GPT-3 has a serious security flawthe-decoder.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/remoteli-gpt-twitter-bot-hijacked-via
CitationAI Failure Index. "Remoteli GPT-3 Twitter Bot Hijacked via Prompt Injection" (FI-0693). Realm Labs. https://failureindex.ai/failures/remoteli-gpt-twitter-bot-hijacked-via (indexed Jun 22, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0693. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard

Realm inspects the model's internal state for the signature of instructions arriving through the data channel, so an injected command can be flagged and blocked inline before the model acts on it, instead of trusting a classifier that scores the input as safe.

Book a Demo

Related failures

Other records that share this failure mode (Prompt Injection) or industry (Cross-industry).

FI-0501Cross-industryMedium
Hallucination

KPMG pulls AI report after organizations dispute claims

KPMG withdrew its "Total Experience: Redefining Excellence in the Age of Agentic AI" report after several organizations stated the claims about their AI usage were untrue. Research by GPTZero revealed that the majority of the report's citations were AI-generated hallucinations.

Confidence
High (multi-source, primary)
KPMG3 sourcesPrimaryPublicJun 2026
FI-0576Cross-industryMedium
Brand & Safety Incident

Reddit ads used deepfake news and cloned sites to promote AI investment scams

Reddit failed to prevent a series of sponsored ads that used deepfakes and cloned websites to impersonate news outlets like the BBC and The Guardian. These ads promoted fraudulent AI investment platforms, targeting users in the US and Europe.

Confidence
High (multi-source, primary)
Reddit3 sourcesPrimaryPublicJun 2026
FI-0502Cross-industryMedium
Hallucination

EY retracts loyalty rewards report after AI hallucinations and fake footnotes discovered

EY withdrew a cybersecurity report on loyalty rewards programs after researchers found it contained fabricated data and non-existent citations. The report was used by EY Canada for marketing purposes but was retracted once the AI-generated errors were exposed.

Confidence
Medium (multi-source)
EY3 sourcesPressPublicMay 2026