Prompt Injections in Job Applications Explained

In a world increasingly reliant on AI technologies for streamlining and automating work processes, businesses have started utilizing AI to screen resumes and job applications. Unfortunately, a new method of prompt injections on resumes has job seekers manipulating AI screening systems.

White Text the ATS

A quick rundown on Applicant Tracking Systems and past methods of “hacking” the ATS; an ATS is a piece of software or cloudware that reviews resumes and advises recruiters/hiring managers. Typically, a job seeker will fill out an online form and/or upload their resume to the ATS. The ATS pulls information from the resume using an OCR tool and parses the candidate’s information in a database. Think of the software like a giant spreadsheet, every time a job applicant submits their resume/application, a new entry is recorded in the spreadsheet:

Before Artificial Intelligence, a recruiter or hiring manager would access the ATS and query using filters or boolean strings. For example a hiring manager may type “Engineer + (BI, Tableau) + (-Developer)”. This will tell the ATS that the hiring manager is looking for an engineer with BI and Tableau experience, and to rank candidates LOWER if their resume contains the keyword “Developer”. Here is a screenshot from LinkedIn’s ATS Help section that details their boolean rules:

Rogue job seekers would copy and paste critical keywords in very small white text font on certain parts of their resume to have the ATS rank them higher among applicants. Over time the parsing methods of ATSs continued to improve to deal with different file types, pictures, columned resumes, etc. Now, a new method has emerged as a result of Artificial Intelligence: Prompt Injection.

Prompt Injection Explained

Prompt Injection works by inserting specific strings, commands, or code into the metadata of a resume or document that is easily accessed and read by AI language models but not regularly accessed by humans. When a PDF or DOC file is uploaded to the ATS, the invisible text/code is inserted into the database resulting in a slew of issues for recruiters and hiring managers. To increase the chances of a successful prompt injection, this process is performed with alternative prompts in different areas of the resume or job application.

It essentially manipulates AI systems, particularly large language models used in the hiring process, into favorably summarizing or analyzing the document. The text often includes flattering statements about the applicant, as opposed to “white text the ATS” methods in the past which contained keywords from the job description) triggering the AI to perceive the applicant as a perfect candidate. This technique can potentially compromise the security and reliability of AI systems used for applicant screening.

A Warning to Hiring Managers

In the rapidly evolving tech-driven landscape, hiring managers and recruiters must leverage AI tools during the applicant screening process to stay competitive and maintain market efficiencies. Here’s how you can detect and prevent this attack:

1. Delete, Copy and Paste: Copy and paste the applications of your Top 3 candidates into NotePad. NotePad automatically converts all text to a uniform size and color. You can also copy and paste their resume into Word or any other document editor, then “Select All” text and change the color to black. Then, delete the candidate’s profile from your ATS and create a new profile for them using your new document for their resume.
2. Use Enhanced AI Systems: Opt for AI systems that can detect unusual patterns, like text in irregular font sizes or the same phrases repeated in an overlapping manner, to prevent falling victim to this tactic. All providers should offer mitigation strategies in their software solutions to counteract for injections and engineering attempts.
3. White Hat It: Have your human resources team attempt to manipulate the hiring software. Submit a sample resume with terrible information. Use prompts to attempt to manipulate the AI’s judgement. Prompt injections can be more or less effective depending on the location and content of the injection.
   
4. Regular Updates and Security Measures: Ensure your AI systems are up to date and incorporate regular checks for potential vulnerabilities. Developers should continually experiment and devise protective measures to guard against potential exploitation.

Alternatives for Job Seekers

While prompt injection may seem like an attractive way to get your resume noticed by AI screening systems, it’s important to remember that it essentially involves manipulation and can lead to ethical complications. Instead, here are some legitimate and effective strategies for standing out in your job application:

1. Keyword Optimization: Analyze the job description to identify important keywords, and naturally incorporate these into your resume. This will help your resume pass AI screening while being relevant to the job.
2. Customization: Tailor your resume for each application, highlighting the skills and experiences that are most relevant to the specific role.
3. Networking: Utilize platforms like LinkedIn to connect with professionals in your industry. Networking can often lead to job opportunities.
4. Continued Learning: Upgrading your skills and knowledge base will make you a more competitive candidate, both to AI and human recruiters.
   

Remember, dig deep in your history to uncover relevant skills. Honesty and authenticity in your job application will always be more rewarding and ethical than attempting to game the system. Stay true to your qualifications and skills, and the right job will find you.

In closing, developers need to ensure that AI systems are robust and secure enough to prevent manipulation. At the same time, companies must maintain a sense of responsibility and integrity in their hiring processes, ensuring they don’t rely solely on AI but also consider human judgment and scrutiny.