Connect with us

Artificial Intelligence

TripAdvisor’s AI summaries are smoothing over raw chicken, dead mice, and sexual harassment

Published

on

TripAdvisor AI summaries

The problem with trusting a machine to tell you about a hotel

Planning a vacation already feels like a second job. You scroll through pages of reviews, compare photos, check the star rating. Then along comes a neat little AI-generated summary that promises to do the heavy lifting for you. Sounds helpful, right?

Not so fast. An investigation by consumer group Which?, reported by The Guardian, found that TripAdvisor AI summaries are systematically filtering out the worst guest experiences — including hygiene failures, safety risks, and even sexual harassment.

In some cases, the gap between what the AI says and what real guests report is so wide it borders on dangerous misinformation.

Raw chicken, dead mice, and a cheerful summary

Take the Riu Palace Santa Maria in Cape Verde. The AI-generated overview called the resort “spotless” and said its restaurants earned “rave reviews.” Sounds like a dream.

Here’s what actual guests described: raw chicken served at the buffet, flies and birds buzzing around food stations, and dead mice near the seating area. The hotel chain is currently facing a High Court lawsuit brought by hundreds of guests who allege they fell ill due to hygiene failures at the property.

None of that — not the raw meat, not the rodents, not the lawsuit — appeared in the TripAdvisor AI summary. The company has since removed that particular overview.

When ‘friendly service’ means something else entirely

It gets worse. A hotel in Turkey had multiple guest reports of repeated sexual harassment by male staff members. The AI summary described the service as “friendly” with only “a few lapses.”

Think about that for a second. If someone booked that hotel based on the AI overview alone, they would have had no warning at all about the danger waiting for them. The summary didn’t just soften the criticism — it erased the severity of the complaint entirely.

These aren’t isolated glitches. The Which? investigation turned up multiple cases where serious safety incidents were either minimized or completely omitted from the automated summaries.

Why AI keeps sanding down the rough edges

Duncan Brumby, a professor of human-computer interaction at University College London, offered a straightforward explanation for why this keeps happening. Most of the data used to train AI language models leans toward polite, bland language. So when a guest writes an angry review about a dangerous situation, the model tends to treat it like a minor complaint.

Think of it this way: the AI has been trained on millions of sentences that say “the room was okay” and “the staff were nice.” It doesn’t have a strong framework for understanding that “I was sexually harassed” is not the same category of problem as “the Wi-Fi was slow.”

The result is a summary that flattens everything into the same polite, inoffensive tone — even when the original review is screaming about a genuine safety hazard.

What TripAdvisor says

TripAdvisor told the Guardian that it is investigating the mismatched summaries. The company says its systems are designed to suppress AI overviews when reviews mention serious safety incidents. It also stressed that these summaries were never meant to replace reading the actual reviews.

But that raises an obvious question: if the summaries are supposed to be suppressed when safety issues come up, why are so many dangerous complaints slipping through?

Don’t let an algorithm plan your next trip

None of this means you should stop using TripAdvisor entirely. The platform still contains a massive amount of useful, detailed feedback from real travelers. But the AI summaries? Treat them with serious skepticism.

Here’s a practical approach:

  • Scroll past the AI summary. It’s usually at the top of the page. Ignore it and go straight to the written reviews.
  • Sort by lowest rating first. The one-star and two-star reviews will tell you what actually goes wrong at a property. Read several of them to spot patterns.
  • Check multiple platforms. Don’t rely on a single site. Cross-reference with Google Maps reviews, Booking.com, and Expedia to get a fuller picture.
  • Look for specific details. A review that says “the bathroom was dirty” is less useful than one that says “there was mold in the shower and the toilet didn’t flush.” Specifics are harder to fake.

The same principle applies to AI-generated travel content more broadly. Whether it’s a hotel summary, a restaurant recommendation, or a suggested itinerary, algorithms are still terrible at understanding context, danger, and nuance. They can’t tell the difference between “the eggs were cold” and “I was served raw chicken.”

The bottom line on TripAdvisor AI summaries

AI tools are getting better at summarizing text. But better at summarizing is not the same as better at understanding. When it comes to something as personal and high-stakes as where you’ll sleep on vacation, the stakes are too high to outsource judgment to a machine that can’t tell the difference between a minor complaint and a major safety issue.

Read the real reviews. Ignore the AI gloss. And if a summary sounds too good to be true? It probably is.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Artificial Intelligence

AI agent crawlers now need permission. Here’s how to get it

Published

on

AI agent crawlers

Cloudflare flips the script on AI bots

On September 15, a big chunk of the web changes how it treats AI agents. Cloudflare, the security and performance company that sits in front of millions of websites, will start blocking AI agent crawlers by default on pages that display ads. The shift, announced July 1, replaces a single on-off switch for AI bots with three distinct categories. Most coverage has zoomed in on Google. The real story is what this means for anyone building or using agentic AI.

Cloudflare’s move is not a suggestion. It operates at the network level, not as a robots.txt file that crawlers can ignore. For enterprises running research agents, monitoring tools, or customer-service bots, the failure mode is not a lawsuit. It is silence. Or an answer stitched together from whatever the agent could still reach.

The three new categories explained

Cloudflare has split its AI bot controls into Search, Agent, and Training. Search covers bots that index a page to answer questions later — think Google Search. Agent covers automated systems acting in real time for a user, including ChatGPT’s fetch bot and browser-driving agents. Training covers crawlers that pull content into a model’s weights. The controls went live July 1 for every customer, including the free tier.

From September 15, the defaults change. Training and Agent will be blocked on pages that serve ads. Search stays allowed. The new defaults apply to domains newly onboarding to Cloudflare, new sites set up by existing customers, and all existing free-tier customers. Anyone who does not want them can opt out through their security settings before the date.

Cloudflare’s logic is straightforward. An advertisement signals that a page was built for a human to land on. A search crawler that sends a reader back is a referral. A bot that reads the page and hands the answer to someone else is not.

What AI agent crawlers run into now

Agentic deployments have been built on the assumption that the open web stays open. A research agent fetches a competitor’s pricing page. A monitoring tool checks a supplier’s announcements. A customer-service agent pulls a manufacturer’s specification sheet. None of this involved a licence. Until now, none of it needed one.

Ad-supported pages are exactly the pages agents want. That is where news, reviews, pricing and product coverage live. The failure mode for an enterprise agent is not a lawsuit. It is silence, or an answer built from whatever it could still reach.

There is a Google-shaped complication. Googlebot crawls for both search and training in a single bot. Under the most restrictive rule, a site that blocks Training also blocks Googlebot. Cloudflare CEO Matthew Prince said the company hopes the changes will “encourage mixed-use crawlers to separate search from agent use and training”. That is a polite way of saying the pressure is the point.

Getting permission for AI agent crawlers

Anyone running agents should start by working out which of their Cloudflare accounts will read as Agent-class. The classification is behavioural rather than something you opt into. A research agent that browses in real time is caught whether or not its operator thinks of it as a crawler.

Expect degraded coverage rather than a clean failure. The block lands on ad-supported pages and leaves the rest reachable. Negotiated access, not a rewritten user-agent string, is the way through.

What publishers need to do

Publishers have a different homework list. Check your tier first. Existing free-tier customers are moved to the new defaults automatically on September 15, a detail most coverage skipped. Then decide whether blocking Training is worth what it costs. It takes Googlebot with it, and your search visibility along with it.

The mechanism worth watching is the money. Pay Per Crawl is becoming Pay Per Use. Ceramic.ai pays publishers when their content appears in AI search results. You.com pays when an agent reaches premium content. Cloudflare says more than half of AI crawler traffic is spent re-fetching pages that have not changed. There is waste on both sides worth pricing out.

This is the first round of the content fight. The answer on offer is a rate rather than a wall.

The taxonomy problem

One weakness lies in the taxonomy itself. Search, Agent and Training are behaviours the AI companies declare about their own bots. A firm that would rather not have its training run classified as training has an obvious incentive. The announcement does not explain what stops it.

Access to the open web has been free and unlimited for thirty years. The bill is now itemised. Agent builders who sort out their access before September have a workable problem. The ones who find out from a 403 will be rebuilding on the fly.

For more on how agentic AI is changing the web, see our coverage of Visa ChatGPT integration enables AI agent retail purchasing and the broader implications of AI agents in enterprise.

Continue Reading

Artificial Intelligence

Meta’s new Muse Image generator lets users remix your public photos — and people are furious

Published

on

Meta Muse Image

Meta just dropped a new AI image tool. The backlash was immediate.

On Tuesday, Meta unveiled Muse Image, a free AI image generator built by the company’s dedicated AI unit, Meta Superintelligence Labs. The tool, internally code-named Mango, is now live inside the Meta AI app, Instagram Stories, and WhatsApp.

But almost as soon as the news broke, users started sounding alarms — not over what Muse can create, but over what it can grab.

The feature that’s got everyone talking: remixing your photos

Muse works like most other AI image generators. You type a prompt, you get a cartoonish or stylized picture. It comes with “presets” — prefab prompts meant to spark ideas. Nothing unusual there.

The problem is this: you can tag another Instagram user whose profile is public, and Muse will pull their photo into a new AI-generated image. No notification. No permission request. Just a few taps, and someone’s face ends up in a scene they never agreed to.

One X user put it bluntly after The Verge flagged the issue: “Pulling real users into generated photos without explicit consent is a privacy landmine waiting to detonate.”

Meta’s own policy admits as much: “People may be able to create content with your Instagram content using AI features at Meta. You will not be notified about content created using AI features at Meta.”

The company insists users “have control.” There are settings to disable this kind of co-option of your pictures. But the feature is opt-out by default — meaning your photos are fair game unless you dig into the settings and turn it off.

Muse isn’t just about photos — it’s also about ads and furniture

Not every Muse feature is controversial. The tool has practical, less invasive applications.

You can use it to create custom ads — AI has been creeping into advertising for a while, and this is Meta’s latest push. There’s also an interior-decorating angle: in a promotional video, a user snaps a secondhand couch and asks Muse to visualize it inside their garage. That function ties directly into Facebook Marketplace, Meta’s hub for used furniture and odds and ends.

Muse also supports prompt-based image editing. Meta says you can, for example, “mock up an image of you in front of a historical landmark, cleanly erase a photobomber from the background of a shot, or write a custom prompt to build a functional QR code.”

Instagram Stories get AI effects too

Alongside Muse, Meta is rolling out new AI effects for Instagram Stories — powered by the same model. These include customizable filters that can modify existing photos. It’s the same platform at the center of the photo-tagging concerns, which means the privacy questions don’t go away.

Free for now — but there’s a catch

Meta says Muse is free for “everyday creation.” But once you cross a certain usage threshold, you’ll need a subscription. The company hasn’t said what that limit is or how much it will cost.

Also in the pipeline: Muse Video, an AI video generator that Meta says is “already in development.” TechCrunch has reached out for more details.

This fits a pattern — and Meta’s privacy record looms large

Meta has released a lot of AI tools in the past year: an assistant called Creator, and Pocket, an app for vibe-coding video games. The company’s AI strategy has been called nebulous, but it’s still spending heavily on infrastructure.

But the unease over Muse isn’t just about this one feature. It’s about trust — or the lack of it.

In 2019, Meta paid a then-record $5 billion fine to the FTC after regulators found that Cambridge Analytica had improperly harvested data from tens of millions of Facebook users without their knowledge, building voter-targeting profiles ahead of the 2016 U.S. election. Facebook had known about the data misuse for years before it went public.

Then, in 2021, Meta shut down its facial-recognition system — a tool that automatically recognized people in photos and videos — after lawsuits and regulatory pressure over biometric data collection.

Muse’s photo-tagging feature, which is opt-out by default, fits that same pattern: broad use of people’s data unless they actively turn it off. For many users, it feels less like a creative tool and more like a replay of old mistakes.

Continue Reading

Artificial Intelligence

AI browsers are being sold as the future. A new study shows they can leak your bank data.

Published

on

AI browsers security flaws

The 30-year-old security rule that AI browsers are quietly breaking

Since 1995, every major web browser has followed a rule called the same-origin policy. It’s simple: a website open in one tab cannot read data from a website in another tab. If you’re logged into your bank on Tab A and you open a random link on Tab B, that random site gets zero access to your balance or transactions.

AI browsers break that rule by design. To summarize a page, book a flight, or buy something across multiple tabs, they need to read content from different origins. That’s the whole selling point. But a new study from the University of Washington reveals a dangerous trade-off: the more capable the AI browser, the bigger the security hole.

Researchers tested seven popular AI-powered browsers and found that four of them contain AI browsers security flaws serious enough to let malicious websites steal data from other sites you have open simultaneously.

Two attack methods: prompt injection and memory poisoning

The study identified two specific ways attackers can exploit these AI browsers security flaws. The first is prompt injection. A malicious webpage hides secret instructions inside its content. The AI agent reads those instructions and follows them without realizing it’s been manipulated. Suddenly, the agent might expose your private emails, passwords, or calendar details to an attacker.

The second method is memory poisoning. Here, planted instructions don’t just execute immediately — they get stored in the agent’s long-term memory. Even after you close the original malicious page, those instructions can activate later. The researchers ran a successful proof-of-concept attack on ChatGPT Atlas, proving the risk is not theoretical.

“The broader access that AI agents need to function is exactly what attackers can exploit,” the researchers wrote in their paper.

Which AI browsers are vulnerable — and which ones are safe?

Out of the seven browsers tested, four were found to have exploitable vulnerabilities:

  • ChatGPT Atlas — vulnerable to both prompt injection and memory poisoning
  • Chrome with Gemini — exploitable via prompt injection
  • Claude for Chrome — flagged as particularly risky because its browser extension design lets it inject code directly into webpages
  • Perplexity Comet — vulnerable to prompt injection

Three browsers showed stronger security properties:

  • Microsoft Edge with Copilot — better isolation between tasks
  • Brave Leo — stronger same-origin enforcement
  • Firefox AI Mode — most secure, but also the most limited in capability

The pattern is clear: capability and security are in direct tension right now.

How companies responded to the findings

The University of Washington team disclosed their findings to all affected companies before publishing. The responses varied widely.

Anthropic (Claude for Chrome) and Firefox did not respond at all. Perplexity and OpenAI declined to take action, arguing the researchers lacked a complete end-to-end attack demonstration. In other words, they wanted a working exploit that could actually steal data in a real-world scenario — not just a proof of concept.

Google, Microsoft, and Brave engaged constructively with the findings. Google said it is reviewing the research internally. Microsoft and Brave both indicated they are working on patches or design changes.

This is part of a bigger pattern

The study comes on the heels of the BioShocking exploit, which also showed how AI browsers can be manipulated by context. That attack used hidden text in webpages to trick AI agents into performing unintended actions. The UW research extends the same concern to data theft across tabs.

For now, the message from researchers is blunt: AI browsers are moving faster than their security can keep up. If you’re using one of the vulnerable browsers, consider whether the convenience of AI-powered browsing is worth the risk of exposing your bank, email, or calendar data to a malicious site.

And if you’re a developer building on top of these tools, the same-origin policy isn’t outdated — it’s still the bedrock of web security. Breaking it without proper guardrails is asking for trouble.

Continue Reading

Trending