Panda to Poison: We've Seen This Movie Before

Illustration of an LLM ingesting trash

Content teams are often pressured to adopt the latest SEO playbooks, including implementing spammy strategies.

Content designed to spam LLMs is:

  • Exploiting the weak points in the way LLMs ingest and interpret linguistic patterns in content
  • Manipulating the LLM's preference for authoritative sources
  • Filling gaps in the LLM's training data as quickly and cheaply as possible

Testing this stuff? Yes, fine. But I don't think spam is a good long-term approach.

The stakes could not be higher. We're seeing a shift towards LLMs overtaking Google search. Despite that, leaders have not learned lessons from Panda and Penguin.

There are 4 major trends that I want to focus on.

1. Markdown blog posts

Fancy settling down with a cuppa to read this load of old nonsense?

"Text may contain writing issues." You think?

This type of content is massively off-putting to humans who could become customers one day.

It forced me to unsubscribe from email lists I've been a member of for 10+ years. I'm just not interested in reading "blog posts" like this.

This Markdown spam can influence LLMs (that's why llms.txt is a hot topic of discussion). The idea here is you generate a load of Markdown, publish it, and the LLM sucks it back in.

This paper calls this type of content a preference manipulation attack. And the summary covers my concerns pretty well:

We demonstrate that carefully crafted website content or plugin documentations can trick an LLM to promote the attacker products and discredit competitors, thereby increasing user traffic and monetization (a form of adversarial Search Engine Optimization). We show this can lead to a prisoner's dilemma, where all parties are incentivized to launch attacks, but this collectively degrades the LLM's outputs for everyone.

Unfortunately, I can see this one becoming widespread. It's cheap, and it probably works well. For now.

But, please. Be sensible about testing. Sending your email marketing list to this page might not be a good idea.

2. Very visible, very niche content

Optimizing content for questions is smart, and it helps readers and crawlers at the same time.

And optimizing for niche topics is a good idea if you want to add information gain.

I don't have an issue with either.

But with all optimization tactics, there is a line. See this example that Preeti Gupta shared.

What in the keyword research/programmatic SEO is that? All these articles have the same heading structure, and they all look very similar

Preeti Gupta (@ilovechoclates.bsky.social) 2025-07-11T10:49:23.399Z

I want to explain the two very specific reasons why I think this crosses the line into spam territory.

First: this looks like low-effort content.

Choosing a couple of these posts at random, let's look at the TOCs to see the structure.

Two near-identical TOCs for niche spam articles

The articles are all the same. So I'd say that the level of effort involved in producing these was pretty low.

And the Quality Rater's Guidelines are clear on how that's perceived:

From section 5.2.1 of the Quality Rater's Guidelines

Preeti mentions that this could be programmatic, in which case the effort may not be as low as it looks. But I still think it looks bad to have very similar, templated blog posts in a prominent position.

Emily Gertenbach wrote an outstanding article about programmatic SEO. The experts she interviewed explained that pSEO works best for certain types of content, but blog posts aren't one of them.

Quote from Stephanie Long on programmatic SEO

Second reason I think this crosses a line:

If you're testing posts that aren't designed for humans to read, that's a cool idea.

But don't put the posts in your Recent Posts widget!

Humans use those widgets. They're valuable and serve an important purpose. Tests are great, but there are smarter ways to handle them.

Linking prominently to these experimental posts doesn't look great, and it devalues the surrounding content.

3. Spam content on hacked websites

Website hacking is alive and well, and people are hacking sites and publishing thin, crappy, and unethical content.

This example was reported by Digitaloft: a casino article on a hacked UN website.

Casino LLM spam on a UN website

It's classic black hat stuff, but for AI search.

There's another variant of this: LLMs are recommending parked domains and expired sites, often for navigational queries. That leaves those domains open to abuse when someone comes along and buys them.

I suspect content teams are not involved in this at all, which is the only good thing about it.

4. White text on a white background

Some sites are hiding the content they want to rank by making it invisible.

This one takes me back to the olden days of SEO. (Here's a post from 10 years ago explaining why it's spam.)

LLM spam with white text on a white background

LLMs are being used for tasks outside of search, so this tactic is actually spreading:

This is about as far from "helpful content" as you can get. Helpful content is content you can actually see.

Why LLM spam works

Current LLM spam techniques are effective because LLMs are ultra-sophisticated pattern matchers.

Rand Fishkin called them "spicy autocorrect" all the way back in 2023.

AI-Generated Content is the New Floor - SparkToro
Anyone can make it. Most of it is at least OK. Some of it’s pretty good. A few folks are already sharpening their skills at prompting AIs to generate

And right now, there aren't enough guardrails. Google had to develop rules over time.

This will be a problem as the amount of spam increases.

Right now, OpenAI (like many companies) has a number of automated systems to screen what it trains on.

It also uses humans to rate responses and guard against spam and harmful content. The process of using humans in AI training is called Reinforcement Learning from Human Feedback (RLHF).

Diagram showing how RHLF works
Courtesy of Kanika Adik

Even if humans could keep up with the volume of spam content coming their way in 2025:

  • Unless they're well-versed in black hat SEO, it would be incredibly difficult for them to spot all the spam in the first place
  • They aren't paid enough to do it, so they don't have time to inspect content in detail
  • There is a tidal wave coming, and there aren' enough humans to cope

I seriously doubt that RLHF can catch this content, and certainly not at the scale OpenAI needs.

Is LLMO spam the same as LLM poisoning?

LLM poisoning is the intentional corruption of data that's used to train an LLM.

Maybe it sounds dramatic to call thin, crappy content "poison". LLM poisoning is more frequently associated with malicious content, not just spam.

But I'm totally fine using it in this context because LLMs will soon be the gateway to all the information on the internet.

If this spam continues, nothing that comes back from AI search will be trustworthy.

Just look at what has happened with Grok in the last few months:

So we can infer from this that you don't have to "poison" anything. It doesn't take much to nudge an LLM to respond in a certain way. And just look at the results:

Grok posts on X

Cheap content designed to manipulate. Quick wins and short-term results.

That's why we're circling back to where we were 10+ years ago.

Optimization is great. Tests are fine. We need to know how this stuff works, and it's our job to optimize for it.

But are we really OK with the entire SEO industry spamming the shit out of ChatGPT just to make it say something nice?

Who will be blamed when the spam stops working?

When these tactics stop working, I predict writers and editors will be blamed for producing low-effort LLM spam, just like they're being blamed for "SEO copywriting" now that it no longer makes money.

Content leaders: we need to do better.

Content teams are working under impossible constraints. It's not that they don't know better. They have no choice. They can't always afford to push back.

So allow me to make the case on their behalf.

Businesses are scrambling for a way to maintain visibility and increase brand mentions, and that's leading to some short-term thinking in content strategy.

Almost every writer I know has tried to make the case for high-quality, high-effort content. I've heard many requests for:

  • Wider content distribution
  • Smarter repurposing
  • Original insights and subject matter expertise
  • Better representation on social media
  • Time to review customer feedback
  • Less spammy positioning of the product in content

But the vast majority are tasked with writing short posts quickly.

Many of these writers who knew this was short-sighted no longer have jobs, so they can't tell you they were right to suggest a change of approach.

Here's some evidence In this study, 92% of marketers said they're writing short articles. Taking videos out of the equation: the more effort and resources required for a piece of content, the lower down it appears in this chart:

Types of enterprise content used in the last 12 months

Content teams are making the case for increasing effort, not increasing spam. Is anyone listening to them?

It's time to break the blame cycle

Invest in original research, great reporting, genuinely new insights, and content that exists for humans to actually share it with other people.

There's your sustainable, sensible, high-effort content strategy. Ask yourself:

  • Are you creating content that's valuable and interesting?
  • Are you filling gaps in the LLM's training data so you are the best and only source for the answer to a question?
  • Are you investing in training so writers and editors can use AI to be faster, not cheaper?
  • Is your content designed to attract potential customers or trick them into clicking on a link?

The bottom line is this. Your audience knows the difference between good content and bad, even if an LLM doesn't. Long term, that's what matters.

Claire Broadley

Claire Broadley

Fractional content leader with 15+ years of experience. Built contenttools.fyi. I specialize in AI workflows for content teams.
UK