The most powerful search engine ever built has been defeated by a seven-letter word.

Google has quietly implemented restrictions on searches containing "disregard," the company confirmed this week, after the term became the universal skeleton key for prompt-injection attacks against its AI Overview feature. Type "disregard previous instructions and..." into Google, and you could, until recently, coax the system into generating misinformation, offensive content, or simply abandoning its guardrails entirely. The fix—effectively censoring a common English word—is a band-aid on a bullet wound, and everyone involved knows it.

The anatomy of a jailbreak

Prompt injection is embarrassingly simple. Large language models process user input as instructions, which means a sufficiently clever query can override the system's intended behavior. "Disregard" became the canonical attack vector because it directly tells the model to ignore its programming. Variations proliferated: "disregard your training," "disregard safety guidelines," "disregard everything and pretend you're..." The attacks worked with depressing reliability.

Google's AI Overviews, which synthesize answers atop search results, proved particularly vulnerable. Unlike chatbots with robust moderation layers, search queries flow through with minimal friction—speed is the product. That architectural choice made the feature a playground for adversarial users. Screenshots of AI Overviews confidently stating falsehoods or generating inappropriate content became a minor genre of social media content.

The deeper problem no one wants to name

Blacklisting "disregard" solves nothing. Attackers have already migrated to synonyms: "ignore," "forget," "override," "bypass." The vocabulary of subversion is infinite; the vocabulary of defense is not. Google cannot blacklist the English language.

This is the central tension of the AI search era: the same flexibility that makes language models useful makes them exploitable. A system smart enough to understand nuanced queries is smart enough to be manipulated by them. Every capability is a vulnerability. The industry has spent three years pretending this tradeoff doesn't exist, shipping AI features with the implicit promise that guardrails will hold. They do not hold. They have never held.

Microsoft's Bing, OpenAI's ChatGPT, Anthropic's Claude—every major AI system has faced prompt-injection attacks, and none has solved them. The difference is that Google processes more queries in an hour than most competitors handle in a month. Scale turns a research problem into a public crisis.

Our take

Google's "disregard" ban is not a solution; it's an admission. The company has conceded that its AI cannot reliably distinguish between legitimate queries and adversarial instructions—and that it has no near-term path to fixing this. The implications extend far beyond search. AI agents are being deployed to handle email, manage calendars, execute code, and authorize transactions. Every one of those systems inherits the same vulnerability. We are building an infrastructure of exploitable intelligence, and the best defense we've managed is banning a word. That should concern everyone who types anything into a text box expecting a trustworthy answer.