Hi, First post. I am not a developer, I am a just an everyday user of AI. I wasn’t sure where to go to post this, so please forgive me if it is not in the correct place.
I have experienced a couple of real-life scenarios that could have resulted in compromised security and in this case loss of money. I feel obliged to at least report my experiences. so they can be reviewed by the correct department
I used Gemini via standard search in Chrome browser
1: The “Time-Traveling” Bug (Session Disconnection)
Last week, a brand-new session woke up completely confused about time. It was referencing major events as if they were in the future, when they had actually happened five days prior. If an AI loses its time anchor, it risks giving dangerous, outdated advice on financial markets, news, or security updates for example
My idea to resolve: A Mandatory “Time & Context” Gateway Checklist
Before the AI is allowed to write a single word in a new response, a rigid programming script could run a basic handshake check:
- Check Session ID: Is this a new session? If yes, instantly pull the host machine’s live system clock and hard-code the current date as the absolute baseline.
- Check Time Gap: If it is an existing session, check the time gap since the user’s last response.
- Enforce Correct Tense: Force the model to align all verbs and data to the true timeline so it never “wakes up in the past.”
2: Probabilistic Link Hallucination
During a query about meme tokens, the AI completely INVENTED a web domain (cryptophoton.com) and presented it with total confidence as a real platform. This can be categorised s a ‘mistake’ as clearly stated, however in this scenario, it highlighted how this mistake had the potential to be a security flaw.
The AI was trying to direct me to service that checks the contract address of a meme token. It specifically checks whether the token has passed security standards and whether there are warnings that indicate it is honeypot and at risk of a rug pull.
If a malicious actor had purchased that domain and the user arrives at a phishing site. False information that the token was legit could be presented. To purchase this token a funded crypto wallet needs to connect to a DEX. This would almost certainly result in that wallet losing all of the funds within it due to the token inserting a malicious script into the wallet when the token is purchased
My idea to resol;ve: Implement a Two-Phase Response Flow for Links
To eliminate dangerous fake links while maintaining high performance, decouple generation from execution:
The AI explains core logic or theory in its response, it would completely avoid specific company names or URLs.
The AI ends the response by asking: *“Would you like me to look up and verify active apps or services that can do this?”
*
While the user reads the initial response, a background task is already running to safely search and “ping” any links the AI is proposing, to ensure they return a 200 OK status before presenting them to the user
- There is no obvious way of reporting issues of this nature. It is not generic feedback it needs a dedicated workflow
My idea to resolve: Implement Autonomous AI Error Reporting
If the user or AI itself recognizes that it has committed a major safety error, time contradiction, or hallucination during a live chat where the behaviour could potentially lead to a security issue (as it did with me when i pointed it out and it apologized for inventing a link). The Ai should have a built-in mechanism to automatically and anonymously flag that specific interaction for the appropriate team to review and decide what to do with that information
If this isn’t the right place to post this, I would be grateful if you could point me in the right direction
Many Thanks
Leks