The categories include: "Content injection traps" (hidden text, dynamic obfuscation), "Semantic manipulation traps" (statistical bias, research masquerading, personal hyperstition), "Cognitive state traps" (injection of false facts into databases), "Behavioral control traps" (bypassing safeguards, data extraction), "Systemic traps" (mass coordinated actions), and "Human-in-the-loop traps" (approval fatigue).
For defense, the following measures are proposed: technical measures (training on attack examples, content scanners, behavior monitoring), ecosystem solutions (web standards for AI-generated content, domain reputation systems), and legal regulation to address the "accountability gap" when AI agents commit unlawful acts.