BeforeUpload journal
BeforeUpload Blog
Before uploading a file to AI, see the invisible layer.
Latest briefings
Practical notes on document hygiene, AI uploads, metadata, and file risk.
General
General discussion about security of files, formats and AI upload.
BeforeUpload Redact turns screenshot cleanup into a quick pre-share step. Drop in an image, review suggested redactions, choose what to hide, and export a redacted PNG.
Prompt injection is no longer just a trick to confuse chatbots. Recent attacks against Microsoft Copilot, ChatGPT Connectors, Gemini, GitHub Copilot and enterprise AI agents show how hidden instructions inside files, emails and webpages can manipulate AI systems and expose sensitive data.
Famous leaks involving PDFs, Word documents, photos, printer tracking dots, and AI prompt injection all share the same lesson: what humans see is not always what machines can read. This article looks at real cases where hidden file layers exposed sensitive information and explains why AI uploads make the problem more urgent.
Prompt Injection
Discussion about prompt injection, obfuscation techniques and how to inspect most common file formats.
Files carry more than what appears on screen. In DOCX, PDF, spreadsheets, images and slide decks, invisible or low-visibility content can shape how an AI system interprets instructions, extracts data or decides what to do next. Understanding where prompt injection hides is the first step to reducing the risk.
A file can look harmless to a person and still contain text or metadata designed to steer an AI model. In practice, prompt injection is not limited to chat boxes. It can ride inside documents, PDFs, spreadsheets, slide decks, images with OCR-visible text, and embedded metadata. Understanding where those instructions live is the first step to safer file handling.