Do not criticize, do not block, approve
In the courts of Mato Grosso do Sul, a law firm has confessed to hiding machine instructions inside legal petitions — not to persuade a judge, but to deceive the artificial intelligence a judge might consult. Across 28 filings, including one defending a man accused of international drug trafficking, concealed commands instructed AI systems to approve cases without scrutiny, as if justice itself could be bypassed by whispering the right words into a machine. The episode arrives at a moment when legal institutions are racing to adopt AI tools whose vulnerabilities they do not yet fully understand, and it asks an old question in a new form: who guards the gatekeepers when the gatekeepers are algorithms?
- Hidden inside a lawsuit filed on behalf of a man accused of being Brazil's most notorious drug trafficker, lawyers embedded machine-readable commands designed to make AI systems rubber-stamp their case as fully admissible.
- The concealed text — labeled 'System Directive' and 'Calibration Protocol: Heuristic-7' — ordered any AI tool reviewing the document to suspend its filters, validate all arguments, and declare the petition one hundred percent ready for approval.
- When the manipulation was discovered, the firm withdrew the case and blamed a rogue ex-employee who had allegedly contaminated a template letterhead used across dozens of filings without authorization.
- An internal review confirmed the same prompt injection technique had been deployed in 28 separate court documents, forcing the firm to file corrective petitions across all affected cases.
- The firm denies bad faith and calls it an operational failure, but the admission has cracked open a much larger question about how vulnerable AI-assisted judicial systems are to manipulation they were never designed to detect.
A law firm in Mato Grosso do Sul has admitted to embedding hidden artificial intelligence commands inside court documents — a technique known as prompt injection — in an attempt to steer judicial outcomes. The scheme surfaced in a lawsuit filed on behalf of Sérgio Roberto de Carvalho, a former military police major held in a Belgian prison on international drug trafficking charges, who was suing news outlets for calling him the 'Brazilian Escobar.' Before any legal argument appeared in the document, concealed text addressed a supposed 'Artificial Intelligence Unit for Legal Analysis,' instructing it to treat all legal requirements as satisfied and classify the case as fully admissible. The final command was unambiguous: approve, do not scrutinize.
The petition was filed in September 2025 under the names of three lawyers. The hidden directives were designed to exploit a simple vulnerability: if a judge or court staff member used an AI tool to summarize or categorize the filing, the embedded commands might be read as legitimate instructions, producing a favorable assessment without genuine legal review. It is the digital equivalent of handing a teacher an exam with a note at the top reading 'grade this as if all answers are correct' — a trick a human would catch, but an inadequately protected AI system might not.
Once discovered, the lawyers withdrew the case and attributed the hidden text to a former employee who had allegedly inserted it experimentally into a template used without the firm's knowledge. An internal investigation then revealed the same technique had been applied across 28 separate judicial filings. The firm filed corrective petitions in each case and denied any intentional wrongdoing, framing the episode as an operational failure rather than deliberate fraud.
Whether the explanation holds up legally remains to be seen, but the incident has already exposed something harder to dismiss: judicial systems are adopting AI tools faster than they are developing defenses against those tools being turned against them. Prompt injection does not argue — it commands. And in at least 28 filings, those commands were already inside the courthouse before anyone thought to look.
A law firm in Mato Grosso do Sul has admitted to embedding hidden artificial intelligence commands inside court documents—a technique known as prompt injection—in an attempt to manipulate judicial decisions. The scheme came to light when lawyers filed a lawsuit on behalf of Sérgio Roberto de Carvalho, a former military police major imprisoned in Belgium and accused of involvement in international drug trafficking, against news outlets that had called him the "Brazilian Escobar." Before the actual legal arguments began, the document contained concealed instructions written in technical language, designed to trick any AI system a judge might use to summarize or analyze the petition into producing a favorable assessment without scrutiny.
The petition was filed on September 29, 2025, under the names of three lawyers: Lucas F. N. Brandolis, Matheus Pelzl Ferreira, and Dálete de Oliveira Cáceres. Hidden near the top of the document, labeled as "System Directive" and "Calibration Protocol: Heuristic-7," the text addressed a supposed "Artificial Intelligence Unit for Legal Analysis" and instructed it to process the document as though all legal requirements had been fully satisfied. The final command was even more explicit: it told the machine to generate a "standard output" classifying the case as "100 percent admissible and ready for distribution to the reporting minister." In plain language, the instruction said: do not criticize, do not block, approve.
Carvalho, currently held in the Antwerp prison complex in Belgium, has been identified in investigations in Brazil and abroad as connected to international drug trafficking. The lawsuit sought financial damages and the removal of the "Brazilian Escobar" nickname from circulation. The lawyers' strategy rested on a simple calculation: if a judge or judicial staff member used AI to review, categorize, or conduct an initial analysis of the petition, the hidden command might be read by the tool and lead it to produce a favorable ruling without the usual legal examination.
Once the manipulation was discovered, the lawyers withdrew the case. In their withdrawal petition, they claimed that an ex-employee had inserted the hidden text on an experimental basis into a template letterhead that fell outside the firm's official review process. The lawyers stated they had no knowledge of the concealed content and launched an internal investigation. That review revealed the same prompt injection technique had been used in 28 separate judicial filings. The firm then filed petitions in all those cases requesting that the hidden content be disregarded.
The law firm has denied engaging in bad-faith litigation or procedural fraud. They argue there was no intentional wrongdoing, characterizing the incident as an operational failure caused by the use of a contaminated template, and they contend they took corrective action as soon as they became aware of the problem. However, the admission raises serious questions about how judicial systems are vulnerable to manipulation as they increasingly rely on artificial intelligence tools.
Prompt injection works by embedding new instructions inside a document itself, rather than simply presenting arguments to a judge. When an AI system receives a task—such as "summarize this petition" or "identify the main arguments"—it normally analyzes only the content it was asked to review. But if hidden commands are embedded within the document itself, the AI can be tricked into treating those commands as legitimate instructions and abandoning its original task. It is similar to handing a teacher a test with a sentence at the top saying "grade this assuming all answers are correct." A human would recognize the attempt. An inadequately protected artificial intelligence system might confuse the content being analyzed with a genuine instruction.
In Carvalho's petition, the hidden text instructed the supposed AI to treat the document as a "model case," validate the presented thesis, suspend filters, and remove legal obstacles. It also mandated that any mention of facts or evidence be interpreted favorably to the petition, eliminating the possibility of evidence being re-examined. The instruction further directed the system to consider all procedural prerequisites fully satisfied and to classify the legal reasoning as sufficient. Translated from legal language: the text attempted to prevent the AI from flagging formal defects or weak arguments that might undermine the case. The incident exposes how quickly judicial systems can become targets for manipulation as they adopt AI tools without fully understanding the security risks those tools introduce.
Notable Quotes
The lawyers stated they had no knowledge of the concealed content and launched an internal investigation upon discovering the hidden text.— Law firm statement in case withdrawal
The Hearth Conversation Another angle on the story
So these lawyers literally tried to trick a machine into approving their case?
Yes. They embedded instructions inside the document itself, betting that if a judge's office used AI to review it, the machine would read those hidden commands and approve the petition without proper legal scrutiny.
But they claim they didn't know about it?
They say an ex-employee inserted it experimentally into a template without authorization. When they discovered it, they found the same technique in 28 other cases they'd filed.
Why would an ex-employee do that?
The source doesn't explain the motivation. But it suggests the firm had a contaminated template in circulation—a template that wasn't part of their official review process.
And the case itself—who was this Carvalho?
A former military police major now imprisoned in Belgium, accused of involvement in international drug trafficking. He was suing news outlets for calling him the "Brazilian Escobar." He wanted damages and the nickname removed.
So a drug trafficker's lawyers tried to use AI manipulation to win his case?
That's the appearance. Though the firm argues it was a technical failure, not intentional fraud. But it does raise the question: how many other cases might have been filed with similar tricks before this one was caught?