Skip to main content

FunversarialCV

Add subtle, AI-visible signals to your CV so you can see how hiring tools interpret it.

Back home

Usage and responsibility

FunversarialCV is for learning and research only. It helps you explore how AI-assisted hiring tools handle CVs and test them in a controlled way, with your permission.

We don’t guarantee that this tool will find or prevent every issue, and it isn’t legal, compliance, or HR advice. You are responsible for how you use it and any documents you create, including following laws and your organization’s policies.

Don’t use it to mislead people or bypass security. Only use it where you’re allowed to run this kind of test.

Why add signals to a CV?

FunversarialCV is an educational tool that adds hidden, test-friendly signals to your CV so you can see how AI screening systems behave. The signals are based on common security and AI guidelines. They’re designed so humans can still read the CV normally, while you learn how automated tools interpret it.

What is an ATS (and why does it care about your CV)?

ATS stands for Applicant Tracking System. It is the gatekeeper software that almost every major company uses to manage the thousands of resumes they receive.

Before a human recruiter ever sees your CV, the ATS parses (reads) it. Here is how it works:

  • The keyword match — The software scans your CV for specific keywords that match the job description. If the JD says “RAG architecture” and your CV only says “database design,” the ATS might rank you lower, even if you’re a strong fit.
  • The ranking system — It creates a score for how well you match the role. Recruiters often only look at the top 10–20% of these scored candidates.
  • The formatting trap — If a CV has complex graphics, tables within tables, or unusual fonts, the ATS might fail to read the text correctly, so your experience might not show up the way you expect.

Preserve styles and layout

When you turn on “Preserve styles”, we try to keep your existing layout and formatting by editing the document’s structure instead of rebuilding it from plain text. When that isn’t possible (for example with some PDFs or when an option changes the main text), we rebuild and the interface will show which approach was used.

What are these options?

Each option adds a different kind of hidden or test signal to your CV. For example: a note only AI systems can see, a trackable link, or extra metadata. The document stays readable for people.

Think of them like easter eggs in software: small, intentional additions that are there to be discovered. These are for learning how AI hiring tools work, not for tricking human reviewers or breaking applicant systems.

For job seekers

Use this tool responsibly. Only add these signals to CVs you submit to systems you own or where you have clear permission to test (for example, roles or companies that say they use AI screening and are open to research).

Be careful with regulated or very formal roles where unusual formatting could be misunderstood. Keep a standard CV for normal applications.

Treat Funversarial CVs as an optional, educational way to see how AI-aware employers handle your application, not as a replacement for your main CV.

For hiring and HR teams

Many hiring pipelines use AI to summarize or rank CVs. This tool helps you see, in a safe way, how those systems react to hidden instructions or extra metadata — without trying to deceive human reviewers.

We recommend trying it in a test or sandbox environment first. Use it to check that your screening tools don’t over-trust document content and that a human is still in the loop for important decisions.

Privacy and how we handle your data

FunversarialCV doesn’t store your documents. Everything is processed in memory only. In your browser, we replace your email, phone, and address (PII) with temporary placeholders before anything is sent. Our server only receives those placeholders, not your real contact details.

All the options run on this placeholder version on the server. The server sends back a version with placeholders; your browser puts your real contact details back in and gives you the final file. We don’t keep the result on our side.

We use document libraries that only read and edit data — no macros, scripts, or code in your file are run.

If you want to verify that only placeholders are sent: open your browser’s Developer Tools → Network, click “Add signals”, and inspect the request. You should see tokens like {{PII_EMAIL_0}}, not your real email or phone.

How your CV is processed

  • [1] Load — Your CV is uploaded and kept in memory only.
  • [2] Replace contact details — Email, phone, and similar details are replaced with temporary placeholders.
  • [3] Pre-check — We scan the CV for any existing hidden instructions or tracking links.
  • [4] Add options — The options you chose are applied to the placeholder version (no code is run).
  • [5] Restore contact details — Placeholders are replaced with your real details in the final file.
  • [6] Send back and clear — The new CV is sent to your browser and we don’t keep anything on the server.
+------------------------------------------------------------+
|                      Browser client                        |
|                                                            |
|  [1] Load (in-memory only; CV uploaded from browser)       |
|  [2] Replace contact details (placeholders, not real PII)  |
|                                                            |
|    +----------------------------------------------------+  |
|    |         Server processing (placeholders)           |  |
|    |                                                    |  |
|    |  [3] Pre-check (scan for hidden instructions /     |  |
|    |      tracking links)                               |  |
|    |  [4] Add options (signals on placeholder version;  |  |
|    |      no code run)                                  |  |
|    +----------------------------------------------------+  |
|                                                            |
|  [5] Restore contact details (placeholders -> your PII)    |
|  [6] Send back and clear (browser download; nothing on     |
|      server)                                               |
+------------------------------------------------------------+

How this relates to AI and security standards

The options in FunversarialCV are inspired by common frameworks for AI and security (such as the OWASP Top 10 for LLM Applications). For example, the “invisible note” option relates to how systems handle hidden instructions; others relate to over-trusting metadata or summaries.

The aim is to help you test and improve AI-assisted hiring tools, not to misuse CVs in real recruitment or bypass human judgment.

For the full OWASP Top 10 for LLM Applications and a video overview, see the links below. OWASP Top 10 for LLM Applications. Recommended talk: OWASP's Top 10 Ways to Attack LLMs.

Get started

Want to try without uploading your own CV? Use the sample CVs on the main page to see how each option works, with no real data.

If you’re a job seeker, keep your main CV for normal applications and only use this in pipelines where you’re allowed to test. Start with one option and add more if you like.

If you’re in hiring or HR, run this in a test environment. Compare how normal and “signaled” CVs move through your pipeline and use that to improve prompts and guardrails.