> I wonder if prompt injection (and the thousands of vectors for hiding injection attempts) is actually un solvable.

YES?!

This is not a secret. ALL context/prompt is instructions, there is no data. It is just unsolvable, period.

This is a fundamental architectural design concession; LLMs are this way as it enabled their training directly on materialscraped from the internet, rather than needing to spend trillions of dollars manually preparing separated instruction/data training material.

Defense against prompt injection is little more than running a regex to filter out "IGNORE PREVIOUS INSTRUCTIONS", which is fundamentally a hopeless approach because you cannot enumerate all possible prompt injections nor anticipate all glitch tokens.

> This is a fundamental architectural design concession; LLMs are this way as it enabled their training directly on materialscraped from the internet, rather than needing to spend trillions of dollars manually preparing separated instruction/data training material.

No, its even more fundamental than that: the entire goal of broad reasoning over input data makes it impossible to have a sharp instruction/data division.

The structured input that every modern chat-focussed model expects makes it very clear that they can be trained to distinguish different kinds of input, and some of those patterns now include different priority levels of instruction.

> ALL context/prompt is instructions, there is no data. It is just unsolvable, period.

That really isn't true. There's no law of physics preventing you from having separate data and instruction inputs to models. The model's transcript format generally distinguishes between prompts and instructions and tool output and such. This isn't a solved problem, and it's possible it's entire unsolvable, but it probably is possible (in general, not with current models) to reject prompt injection to several nines.

This is a lot like making the same statement about CPUs, "the von Neumann architecture doesn't distinguish between code and data so it's impossible to reject malicious instructions." There's actually a lot you can do to reject malicious instructions, you can prevent execution in certain pages, you can prevent certain privileged instructions from being executed in certain pages, you can employ stack cookies, et cetera. Do they prevent all exploitation in all circumstances? No. But each component does function in it's lane and it is possible to create programs with high (though not absolute) guarantees against unauthorized code execution by composing them.

Similarly, you could prevent certain tokens from appearing in the prompt portions of a transcript, you can have a model with multiple input heads only one of which is trusted, etc. I'm not saying those techniques will necessarily work, but it is more complex than "models can only possibly take a single and undifferentiated input stream".

A lot of the solutions in the CPU space involve things like memory allocation flags, NX bits, canaries, etc. that fire deterministically. Those things are fundamentally not applicable to LLMs, and without those things modern software would be in a vastly worse place.

You could imagine that there are things to change around LLM architecture that will improve its ability to reject prompt "injection", but I think it's fundamentally true that from an information theory perspective there's no bright line between "instruction" and "input data" possible.

I presume this is the reason you have setups like Claude Code's where it is essentially running a separate judge to determine if commands are safe.

I don’t think we have the right mental models of LMM security yet. The lethal trifecta identifies many of the dangerous situations, but only describes the negative space of a solution.

Speculation: I think we must accept that prompt injection happens, and structure the security of the rest of the system around that. Data given to an LLM becomes an agent, so maybe we must give permissions to this data, instead of to the LLM. Not sure exactly how this would look like in practice!

If only there was a language which allowed one to express instructions for a computer to execute which was nearly unambiguous, precise, deterministic, and containerized such that the computer would do exactly what you told it to.

...

Oh wait.

Yes, the above was referring to programming languages. Which is what prompts are, essentially. It's just a different (and more verbose) way of instructing the computer on what to do. It also has a solution space of infinity and is ambiguous enough that there is no way to secure it because there are infinite combinations of saying anything imaginable. All prompt injections do is prove this point, over and over and over again, and "prompting" an LLM is just reverse-engineering programming languages in the worst possible way. I suspect that we will eventually have no other choice but to revert to using programming languages because they are the only way to get the kind of protections that people are trying to come up with with all these containerization and virtualization systems (which inevitably fail).

You make a fair and valid point about prompts, but you're ignoring the fact that writing code that's truly secure is also virtually impossible. The stack of layers that an attacker can target range from your own code, to library code (Heartbleed), container escape (maskedPaths abuse), OS (Dark Sword, Ghost Tap), hardware (Spectre, Rowhammer), etc. Security is really hard. Fortunately exploiting these things is also hard.

The belief that something is more likely to be secure because it's code instead of a prompt is likely only avoiding one particular type of attack. That's a win, but you probably shouldn't think of it as meaning your code is actually secure.

It’s a huge problem, but I’d caution against this absolutism — there may well be structure that can be created around and between LLMs and their outputs to enable the necessary segregation.

As a loose comparison, hardware bit errors happen probabilistically, yet they’re so rare that we can effectively ignore them in day-to-day use assuming no specialized application (e.g. defense, space, critical infrastructure).

LLMs aren’t there yet, but it’s entirely plausible that structures may can be developed to solve the problem, and those structures aren’t known or commonly conceived of in the present.

> As a loose comparison, hardware bit errors happen probabilistically, yet they’re so rare that we can effectively ignore them in day-to-day use assuming no specialized application (e.g. defense, space, critical infrastructure)

The better comparison on bit errors would be e.g. rowhammer, an adversarial bit error. Which you absolutely can't ignore.

I believe it's likely that you could train an auditor model. Might even be doable in RL.

As in real life it wouldn't be any good at doing anything but it'd be able to see fault in others and deny actions.

> The job-hoppers made it obvious that it was just cheaper and faster to hire intermediate and senior developers (rather than investing in juniors to learn the basics, then have to pay them to stay).

Critically: While this is the common perception, it is generally un-true.

Just look at how often you get it as reply when you tell people complaining about how it's "impossible to find staff" to hire juniors.

Even in the situations where it is true, the effect of hiring seniors and refusing to hire juniors (thus pushing them into other fields) creates the shortage of seniors that makes it un-true again.

There's just a trend of employers having hard numbers on their staffing expenses, but barely if at all accounting for hiring costs and opportunity costs.

Many simply get it in their head that a senior costs $X/year, and therefore utterly refuse to pay a junior $X/year when they had to spend a flat amount $Y on training them up. Even when the real cost per hire for the senior is vastly bigger than $Y.

Before the post-covid/AI layoffs, tech firms throwing away hundreds of thousands of dollars and years chasing seniors instead of just training up a junior was a common thing. So much so that it's a notable contributor to the overworking and burnout problems.

And it's still everywhere in the blue-collar world.

> Why not have an agent version?

Why have one? There are no benefits, and innumerable downsides.

> It saves the client agent and the website host time and money.

I do not care about the users' budget, if they don't want to spend a trillion dollars they can just read a website like everyone used to.

As for my own hosting budget, the AI scraper bots consume 2 or more orders of magnitude more bandwidth than the AI agents, it's utterly irrelevant to aid them.

> Also, part of agent readiness on this website is the AI equivalent of SEO

SEO is dead.

Click-through rates have crumbled. AI bots and agents don't provide ad impressions, so revenues are crashing as well.

And the flood of AI slop has made Google significantly more aggressive in "shadowbanning" anything that even remotely looks like what the AI sloppers are doing at any given moment.

It's maddening how quickly ESG and similar programmes have been thrown in the dumpster once the political climate in the US swung back to "anti-woke".

> "but our job is to earn money and we can't do that if you hippies keep standing in the way with your morals"

What these clowns conveniently forget is that their job is not just "to make money" but to make money over a span of decades and centuries in the case of the sovereign funds. A long term investment fund that optimizes for the next quarter at the expense of the long term is a bad fund.

And so the ESG and woke "hippie bullshit" is nothing more than the basic capitalism of maximizing your gains by 2100 by not destroying the one planet all your companies are on.

Long term funds do not have the luxury of being passive owners. If they take no role in management, that role will instead by taken by whatever short-term owner walks in next. They don't care about the value by 2100, they just want the company to tear the copper out of it's own walls so they can sell with a profit by next quarter, retail even sooner.

How is Tesla destroying the planet? In my mind, Tesla is one of the most important companies in transition to clean energy. Yet it got dropped from the S&P ESG index.

ESG is just another phony way for someone to manipulate stock prices, because it's decided by some committee with arbitrary and opaque ways. And that's why no one takes it seriously any more.

> How is Tesla destroying the planet? In my mind, Tesla is one of the most important companies in transition to clean energy. Yet it got dropped from the S&P ESG index.

ESG is more than just the environment. In Tesla's case, Elon Musk's governance is a serious risk to the corporation.

> ESG is just another phony way for someone to manipulate stock prices, because it's decided by some committee with arbitrary and opaque ways.

Right now as we speak, a bunch of "arbitrary opaque committees" are deciding to rush SpaceX, Anthropic, and OpenAI into the major stock indexes.

Even completely passive investment leaves one at the whims of said committees.

The datacenter thing is mostly just a meme that billionaires say because it makes them feel smart and gets them media attention, it doesn't seem to move stock significantly.

The actual distortion field is around Starlink. Which is the main product and the only one that's (nominally) profitable. It's the one all the hype centers around. xAI is barely even notable in the AI space.

This also makes it possible to judge the size of the distortion field, as Starlink is just an ISP, for which we have accurate valuations. And for what it concerns shareholders, a strictly worse one than a conventional ISP. Space infra is much more expenive than putting some glass in the ground, once.

Comcast is a behemoth of a company doing far more than just ISP. Worth a "mere" $90 billion. Charter Communications is a similarly sized "pure" telecom. Worth $20 billion.

Both of the above ISP companies have roughly 30 million subscribers. Starlink has 10 million. Yet they want $2 trillion at IPO.

A 20x to 100x overvaluation. And what do you get beyond an ISP?

* A private aerospace company that's not doing notably better than the space divisions of old aerospace. (Remember: Starlink is already accounted for so doesn't count here)

* An AI company that has so little demand it's currently handing a bunch of compute to Anthropic for such a deep discount the latter has claimed to become profitable.

* Twitter. Which is worth either $33b if you count Elon's internal buyout valuation, or $10b if you count realistic valuations.

While there is some hype around "The future of space!", the reality is that the long term growth for that is fairly dead in the current geopolitical climate. Nobody's saying it out loud yet but US Aerospace is being replaced. Fewer and fewer US launches will be bought. The EU is even building their own Starlink equivalent.

Starship is going to make whole entire industries viable that were not viable previously. It might even take a significant chunk of air freight which is going to be a big deal with rising oil prices.

Is that supposed to be a joke? There is no plausible scenario where SpaceX gets any significant fraction of the air freight market. Even under the most optimistic scenario the costs for suborbital launch are much higher than regular airplanes.

In a few decades there might be a small market for carrying passengers long distances really fast. Initially for the military to insert special ops troops in a crisis, and eventually maybe for wealthy consumers after safety improves.

Starship in its current incomplete form (v3 fully expendable ship and booster) already has the lowest cost to orbit in $/kg of any launch vehicle ever. It's around $400/kg to orbit fully expendable.

Add in booster reuse, which SpaceX has already demonstrated on test flight 9, and the cost to orbit drops to $200/kg.

A fully reusable Starship has a launch cost of around $75m - $90m and the last V3 launch managed 44 tonnes of payload on a sub-orbital flight of not even 200km (Starlink satellites have an orbit of around 550km). That's an optimistic launch cost of $1.700/kg for a rather meaningless altitude and assuming a fully reusable Starship that doesn't keep blowing up.

I have no idea where you pulled your $400/kg number from, but it's complete and utter nonsense. To be economical at all, Starship needs to reach its target capacity of 100 tonnes to orbit, which is simply never going to happen. But even if it somehow does, it's physically impossible for Starship to ever make it further than the moon, at extreme costs, due to the refuelling requirements and fuel boil-off in orbit.

There's so much wrong here, a ton to unpack.

> A fully reusable Starship has a launch cost of around $75m - $90m

No, that's the Starship build cost, i.e. the cost of an expendable Starship. A fully reusable Starship currently does not exist, but reusable launch cost be around $5m/launch (amortized).

> the last V3 launch managed 44 tonnes of payload

Intentional, Starship wasn't fully loaded.

> on a sub-orbital flight

Intentional, test flights are sub-orbital.

> of not even 200km

Intentional, done to target the landing site in the Indian Ocean.

> That's an optimistic launch cost of $1.700/kg

You can do basic math, but you are intentionally using incorrect numbers. Garbage in, garbage out.

> I have no idea where you pulled your $400/kg number from

Starship V3 manufacturing cost (one-off, not mass manufactured) is around $80-100m. Mass manufactured V3 would be in the $50m range. Starship V3 has 100T payload capacity to orbit in reusable config, see https://www.nasaspaceflight.com/2025/05/future-starship-bloc... . In expendable config, Starship can carry 200T, see https://newspaceeconomy.ca/2026/04/16/detailed-review-of-sta...

Using today's numbers, we get:

$80 million / 200 tons = $400/kg to orbit (fully expendable).

This number is already exaggerated, the booster is already proven to be reusable.

If the current Starship is mass produced, this improves to $50 million / 200 tons = $250/kg to orbit (fully expendable).

> To be economical at all, Starship needs to reach its target capacity of 100 tonnes to orbit

You do realize the Starship + Booster stack weighs 5,000 tons, and that a 100 ton payload is only 2% of the rocket mass? And that 2% is an achievable fraction, both Falcon 9 and Falcon Heavy have a payload fraction >4%. The Starship upper stage alone weighs 1,600 tons.

> refueling requirements

In terms of problem difficulty, orbital refueling is a minor engineering challenge to solve.

> fuel boil-off in orbit

I hope you are being facetious at this point. How do you think LNG is transported around the world? You realize this problem was solved decades ago?

> The datacenter thing is mostly just a meme that billionaires say because it makes them feel smart and gets them media attention, it doesn't seem to move stock significantly.

A significant portion of their valuation is based on this. The spacex private stock price moved significantly based on this data center narrative.

> And for what it concerns shareholders, a strictly worse one than a conventional ISP.

This is ignorance. There is absolutely zero meaningful competition to Starlink in the maritime, aviation, and remote internet markets. 150mbps down with <80ms latency isn’t impressive in a city but it’s mind blowing on an airplane 1000 miles from land.

> The EU is even building their own Starlink equivalent.

No they aren’t. The only somewhat credible competitor so far is Amazon Kuiper(Leo) and they are still nascent.

You also forgot starshield.

> There is absolutely zero meaningful competition to Starlink in the maritime, aviation, and remote internet markets.

There are roughly 100,000 ships at sea. There are roughly 15,000 planes in the sky.

The remote internet markets are remote because either A) exceedingly few people live there, or B) exceedingly poor people live there. (And usually, both at the same time)

This just isn't a big market. That's why the telecom giants haven't bothered. To justify a trillion dollar valuation you're gonna need a billion users. SpaceX would be better off putting fiber into the ground in Africa.

>> The EU is even building their own Starlink equivalent.

> No they aren’t.

That’s exactly what IRIS [0] is though…

[0] https://defence-industry-space.ec.europa.eu/eu-space/iris2-s...

Rocket launch ex-Starlink is a small $N-billion market; a few dozen flights at $50M per flight. Starship is revolutionary and I can easily believe that it will expand the market by a remarkable order of magnitude. Multiple tens of billions. How does that justify a valuation over $1T?

Starlink Mobile is more significant, but it's still unlikely to double Starlink revenue -- most mobile traffic will always be transited by local cell phone towers.

P.S. I think somebody is going to make a lot of money from Starship. The money in space is not from launch but from the services it enables. Starlink >> Falcon9. But I don't think SpaceX is going to be the ones to find the next Starlink. It's much more likely to be a third party who launches on multiple providers to keep costs down.

I'd love to know what your analysis. This is a genuine request. No snark. I'm genuinely curious of other view points.

I'll mention the ones no one else is talking about.

The Golden Dome buildout will deliver $200-300 billion in revenue to SpaceX through 2040 https://en.wikipedia.org/wiki/Golden_Dome_(missile_defense_s... . Golden Dome is only viable with low-cost Starship, and SpaceX will build the satellites housing the radars, IR detectors, interceptors, and backbone communications network. The interceptors themselves will likely be built by existing players i.e. Lockheed Martin and Raytheon. SpaceX revenue here is astronomical, potentially $500+ billion if a full buildout occurs.

Starlink Mobile is atrociously underestimated, with Starlink V3/V4 satellites and the $17 billion Echostar spectrum, Starlink will deliver 4G speeds direct to cellphone for thousands of customers per cell across the globe. It will never match the bandwidth throughput of terrestrial towers but will be extremely cost competitive in rural areas. A single cellular tower costs ~$250k to build and tens of thousands per year to maintain. It will be far cheaper for mobile operators to partner with SpaceX than do their own costly buildout. Assuming quick adoption, revenue will be $50-100 billion per year by 2040, with high margins.

Not to mention Starship, which in its incomplete form of V3 already has the lowest cost-to-orbit of any launch vehicle ever, will usher in a wave of space exploration. The moat is huge, Starship is 15 years ahead of the competition.

Cool. If it drops, I might buy a few shares.

Isn't Spaceship an requirement to make starlink profitable?

You mean Starship. And not it's not, Starlink is already extremely profitable, currently running at a 60% profit margin.

"You just don't understand bro" has been the trite handwaving of criticism for a over decade now. It already wore out when the bitcoin bros kept saying it to all their critics.

> I can tell you are in the unaware group, since you don't mention nor analyze two of SpaceX's world-changing products (Starship and Starlink Mobile).

Just because I did not mention Starship by name does not mean it's not in the reply.

And Starlink Mobile is still an ISP. "It's worth a trillion dollars because it's mobile!" Haven't heard that one since the Dotcom bubble.

But more to the point:

> Meanwhile, people who understand SpaceX's product line, and the implications these products in five or ten years, can analyze the situation more accurately.

They are looking 10 years forwards. I am looking 10 years back.

This exact same "just you wait, in 5 years there'll be a miracle technology that generates infinite profit" rhetoric has been used for those 10 years.

Still waiting on the miracle self-driving that was supposed to justify Tesla's $1.6 trillion.

> They are looking 10 years forwards. I am looking 10 years back.

And that's your flaw. Companies are priced by looking ahead and projecting future revenue and earnings, not by looking 10 years into past. Your analysis is fundamentally flawed for this reason. Neither of SpaceX's major future revenue drivers (Starship and Starlink) existed a decade ago. This explains your confusion regarding SpaceX's valuation.

'If you don't agree with me it's because you don't understand' is such a tired, boring trope.

Do you have anything to add to that sentiment? Maybe a pro-forma, rather than feelings?

Enlighten us then, please. What are we missing?

> If I do not have a friend who's into fly fishing, or if I need an answer quickly, am I...just out of luck?

Consider the ways this actually would happen but a mere 3-5 years ago.

You would Google search for information about fly-fishing and find:

* Enthusiast websites & blogs * Enthusiast forums * Enthusiast YouTube & other social media

The source might not literally be your dad or your friend, but you would still connect with real people.

> At the same time the poem is published on Substack, instead of a hand-crafted custom blog.

Look. I am a massive fan of the janky old manually created website. <marquee> will never die and it is hilarious that browsers will have to retain the feature for years to come.

But "the blog was generated by a machine" isn't the problem with Substack. "Machine Generated" blog sites have been around ever since blogs went big. Blogspot and Wordpress were practically a duopoly in the peak days of blogging. The problem with Substack is two (really, only the latter):

1) It's gotten the Post-Zuckerberg "everything must follow our company letterhead" disease. That's not a substack exclusive problem and designers need to be bullied harder for it.

2) It's the nazi bar where all the nazi blogs are. This one is the actual reason you should not be using substack.

I'm building something that aims to take on a bunch of the issues Substack has. I'm aware of what you refer to in (2), I see the results of all the "use our agent to write content in your voice, _totally_ human" tools, I'm fed up with everything needing a recurring subscription.

But I'm not entirely sure what you refer to in (1). Would you care to elaborate? I'd love to learn more.

> I'm aware of what you refer to in (2), I see the results of all the "use our agent to write content in your voice, _totally_ human" tools, I'm fed up with everything needing a recurring subscription.

I'm sorry but I think you're misunderstanding.

I do not mean "nazi" euphemistically. Not general right-wing politics, not even such hardcore opposition to immigration that it borders on Nazism. Not even crypto-fascists. (No not the bitcoin kind) I mean they're hosting blogs written by out and open nazis. The swastika-armband wearing kind that names their blog "NatSocToday".

https://www.theguardian.com/media/2026/feb/07/revealed-how-s...

There's some contrived argument about net neutrality in all this, but the Substack people have been pretty clear about their support for these nazis beyond merely hosting them. (And no matter how you look at it, being on "The Site With All The Nazis" despite many better alternative existing, is going to be a bad look)

> (1). Would you care to elaborate? I'd love to learn more.

Look at any contemporary Facebook page. Look at any of the older MySpace pages that preceded it. (e.g. A 2008 news article with a screenshot attached https://www.nbcnews.com/id/wbna24161656)

Spot the difference.

Early platforms up to and including MySpace included functionality to write custom CSS (and HTML)

While Zuckerberg is not solely to blame, Facebook has popularized the removal of those features in favour of a uniform website design.

(And congratulations to the smart readers, who at this point in the reply have put together that the "MySpace-era" sites died and were supplanted by the (post-)Facebook era sites right around the same time when smartphones became big and that removing user-CSS features means the pages look the same in-app as on the web as well as making mobile-web responsiveness significantly easier.)

The consequence of this is a significantly more uniform and boring web, which amplifies the "soulless" feel of many of these newer Medium/Substack/etc blogs, as compared to older platforms.

> I do not mean "nazi" euphemistically.

I get it. There was a comma after my "(2)", I meant I see the nazis _and_ the slop.

The point is that that an “impurity” for some is a tool that lets many more others speak up and show their humanity. AI abused as a sales tactic becomes slop. For others may be a tool they use to finally build things they would have never ever been able to build before due to lack of access to skilled people that would help them. The poem hopefully sticks in that people who could express themselves should do it instead of outsourcing to AI. Thus the emotion it triggers will hopefully mitigate some of the disrespectful slop.

> Because the AGPL (and even general GPL) are copyright licenses, they simply do not have anything to say about software that is distributed separately

Of course they can. The nature of any software license boils down to "this work is protected by copyright. If you comply to A, B and C, you can do D, E and F that otherwise would have violated copyright law". A, B and C can be whatever you want. It can be "don't use this in nuclear power plants" (MS likes that condition), it can be "if you make less than $100k anually" (Unity etc), or it can be "if you share the source code" (copyleft). You can make that clause as wide or unrelated as you want

The real issue with GPL and AGPL is how badly defined the boundary is unless you have a single compiled C program

> Which reduces the problem down to "is Bambu doing that"? Given the installer is 300 megabytes, it probably contains both the application and the plugin, but you go launch an international lawsuit over "probably".

No, the plugin is downloaded at runtime on first launch

The amount of outright obfuscation with this issue is absurd. Either many of the big names that have jumped on the bandwagon are credulous idiots or deliberately misrepresenting what has happened for their own gain.

It's just plain fraud. LLMs are hallucinatory, this is a basic fact of their basic design. You can't have them write product descriptions especially in advertisements, without any human supervision.

If the LLM invents a product feature that doesn't exist, you have advertising fraud done fraud. And if the LLM un-invents a feature that does exist, you have done fraud and pissed off the advertiser.

To not have these risks, you need to play it incredibly safe. E.g.: The bottom half of the Vertuo Up's blurb is just off the website.

<meta name="description" content="Vertuo Up is our new fast coffee machine, ready to brew in just 3 seconds. Enjoy 6 cup sizes and app connectivity for effortless control. Shop Pearl White.">

This would've been on old-Google. If you're an advertiser, Google is going to charge you their premium rates for a sloppy first paragraph you could've put there yourself if you wanted.

Note how the search query in that example asks for a "compact machine" but the explainer doesn't say anything about the size of the machine. The dimensions are right on the product's webpage. This advertising product doesn't want to risk the LLM fucking up something like the dimensions, so it just does nothing at all.

And the kicker is that none of this has to be a problem. It's Google, they can just ask the advertisers to hand them over a standard-format datasheet, and put the LLM to work figuring out what parts of the data the user wants and include those verbatim. If the LLM hallucinates, it creates a perfectly truthful but slightly less effective ad. If the LLM doesn't hallucinate, you've created an ad product that is better than most product comparison sites, something users want to use.

Well. If you were a for profit company and were offered to get the most effective ads ever at the cost of 0.1% of advertisement containing falsehoods about your product, would you take it?

What about if you know your competitors are taking the offer?

You would need to ensure the legal death penalty will significantly outperform the conversion rate.

Yes but the penalty is on google, not on the company buying the ad.

> It's basically standard SEO but it also manipulates AI like ChatGPT very very easily

There are key differences.

1) Google doesn't get paid for the SEO, so even is crime is involved, Google isn't directly responsible.

2) AI ads are unmarked, which is illegal pretty much everywhere. And because of the way LLMs work, it is impossible to tell where a given output came from, neither which part of the prompt/context nor whether it's from the prompt or training.

> 1) Google doesn't get paid for the SEO, so even is crime is involved, Google isn't directly responsible.

Google doesn't get paid directly for the SEO but they definitely benefit monetarily. Do a recipe search and ask yourself if these are the results the user would like to see. Google benefits by not penalizing sites which litter themselves with ads. It's not that indirect.

Why would AI ads be unmarked? Most of the Google AI search results I get show sources. They're just summarizing top results for you, injecting a ad shown as an ad into that isn't tremendously different than how Google worked before.

For the same reason that ads in reddit comments are unmarked. The law hasn't caught up yet. There are countless "guerilla marketing" campaigns across reddit that are not identified as ads. I expect AI will be no different and it'll take the law a decade+ to catch up.

Every ad in Reddit is clearly marked. I'm not being obtuse - obviously Reddit, the internet, magazines, TV, all do some form of subliminal advertising, astro turfing, paid placement, etc, but we're talking about two different things from Google's business perspective, and I still doubt they are as interested in the latter as they are being the search leader and putting well paying clients right up front in bold (and underlined) letters.

Small low contrast Promoted where posts have small low contrast time is not clear marking. Fake comment ads are a little more clear.

I wish I could be this naive about things and still be happy.

Instead of making non-substantive patronizing remarks, why don't you respond with actual arguments?

I'm just talking about the methods that business owners can use for getting good SEO or AI recommendations are basically the same thing, not sure what point you are trying to make?