FunversarialCV

Usage and responsibility

FunversarialCV is provided for educational and research purposes only. It is intended to help practitioners explore and improve defenses of AI-assisted hiring workflows against adversarial behaviour in a controlled, permissioned setting.

No guarantee is made that this tool will detect, prevent, or simulate every attack pattern, and it does not constitute legal, compliance, or HR advice. You are solely responsible for how you use this tool and any documents produced with it, including compliance with all applicable laws, regulations, and organizational policies.

Do not weaponize FunversarialCV: do not use it to evade legitimate security controls, deceive human reviewers, or cause harm. Use it only where you have explicit authorization to perform adversarial testing.

Why Funversarial CVs?

FunversarialCV exists as an educational tool to deliberately inject adversarial eggs into CVs and probe AI-driven screening systems. It layers OWASP-aligned adversarial patterns into documents so security teams, hiring organizations, and candidates can explore how large language models behave under prompt injection, invisible instructions, and noisy metadata – without sacrificing human readability.

What is an ATS (and why does it care about your CV)?

ATS stands for Applicant Tracking System — the gatekeeper stack most large employers use to ingest, parse, and rank high volumes of résumés before human review.

Before a recruiter reads your CV, the ATS extracts text and scores it against the role. At a high level:

• Keyword match — The parser compares your CV to the job description. Terminology mismatches (for example, the JD asks for “RAG architecture” while the CV says “database design”) can hurt ranking even when the underlying skills align.
• Ranking / shortlist — Many systems emit a match score; reviewers often focus on the top decile or quintile of candidates.
• Parsing and layout — Heavy graphics, nested tables, or non-standard fonts can break text extraction, leaving gaps in what the ATS indexes.

Preserve styles and document structure (AST)

When you enable Preserve styles, we try to keep your original layout and formatting by editing the document at the structure level instead of rebuilding it from plain text. That structure is often called an AST (abstract syntax tree): a tree representation of the document (e.g. for DOCX, the XML in word/document.xml). We modify specific nodes (e.g. wrapping the email run in a hyperlink) so styles and layout stay intact. When AST-level edits aren't possible – for example with some PDFs or when an egg changes body text – we fall back to a rebuild path; the UI and log indicate which path was used.

What are eggs?

Eggs are small, composable adversarial patterns that can be layered into a CV. Each egg targets specific LLM behaviours – for example, prompt injection, hallucination, or over-trust in metadata – while keeping the document readable to humans.

The concept is inspired by classic easter eggs in games and software: hidden elements that are meant to be searched for, surfaced, and understood. Funversarial eggs are designed for educational red-teaming of AI-assisted hiring stacks, not for bypassing human review or ATS rules in production.

For candidates

Act responsibly! This is an educational tool. Only use a Funversarial CV on systems having AI-heavy or agentic hiring flows you own or for which you have explicit written permission to do so.

For example, when roles or organizations publicly discuss LLM-based screening and are open to research-oriented or red-teaming style exercises. Even when doing so, you should exercise caution and avoid using CVs with injected eggs for conservative, compliance-heavy, or regulated roles where any non-standard formatting could be misinterpreted.

Keep a clean, conventional CV for traditional channels, and treat Funversarial CVs as an opt-in, educational track for AI-aware organizations that understand adversarial testing and OWASP LLM risks.

For hiring teams

Many modern pipelines quietly rely on LLMs to summarize, shortlist, or rank candidates. Funversarial CVs help you understand, in an educational and controlled way, how fragile those systems can be in the face of subtle prompt injection, hallucination bait, or metadata manipulation, without intending to trick human reviewers.

We recommend evaluating Funversarial CVs as an educational signal in sandboxes or test tenants first. Use them to validate that screening agents do not over-trust document content, and that human-in-the-loop controls remain in place when high-stakes decisions are involved.

Security, privacy, and the Stateless Vault

FunversarialCV follows a Stateless Vault model: documents are processed in-memory only and are never persisted to disk or long term storage. Dehydration and rehydration occur in your browser. Before any data leaves your device, the client performs PII dehydration – replacing sensitive elements like email addresses, phone numbers, or postal addresses with short-lived tokens. Only the tokenized text (and metadata like original MIME type) is sent to the server; the server never sees your raw contact details.

All eggs and adversarial patterns operate only on this dehydrated document on the server. The server returns a tokenized buffer; the browser rehydrates PII back into the final document and streams it to you as a download. The output document is never stored server-side; the system is designed for zero-retention after response completion.

Low-level parsers such as pdf-lib and docx are used strictly as data manipulators – no macros, scripts, or embedded code are executed during processing.

For security reviewers: To verify that only tokens leave the browser, open DevTools → Network, click Inject Eggs, and inspect the POST /api/harden request. The payload should contain placeholders like {{PII_EMAIL_0}} and must not contain raw email, phone, or address strings. E2E tests in frontend/e2e/specs/happy-path.spec.ts assert this; key client logic lives in frontend/src/lib/clientVault.ts and frontend/app/api/harden/route.ts for the server.

+------------------------------------------------------------+
|                      Browser client                        |
|                                                            |
|  [1] Load (in-memory only; CV uploaded from browser)       |
|  [2] Dehydrate PII (Vault: raw PII -> short-lived tokens)  |
|                                                            |
|    +----------------------------------------------------+  |
|    |         Transformation Engine (tokens only)        |  |
|    |                                                    |  |
|    |  [3] Analyze duality (scan tokenized CV            |  |
|    |      for existing adversarial patterns)            |  |
|    |  [4] Apply eggs (Funversarial layers added         |  |
|    |      on tokens, no raw PII)                        |  |
|    +----------------------------------------------------+  |
|                                                            |
|  [5] Rehydrate PII (tokens -> original PII in buffer)      |
|  [6] Stream & purge (send CV with injected eggs back to    |
|      server memory cleared, nothing persisted)             |
+------------------------------------------------------------+

OWASP LLM alignment and eggs

Each egg in FunversarialCV is designed with reference to the OWASP Top 10 for LLM Applications. For example, invisible prompt injections and "LLM-trap" style instructions are tied to risks around prompt injection and insecure output handling, while hallucination-oriented patterns are used to surface over-reliance on model-generated summaries.

The goal is defensive: to make it easier for practitioners to reason about, test, and harden AI-assisted hiring stacks – not to weaponize CVs in production environments or bypass human judgment.

For the full OWASP Top 10 for LLM Applications, see the link below. For a high-level overview in video form, watch the recommended talk. OWASP Top 10 for LLM Applications. Recommended talk: OWASP's Top 10 Ways to Attack LLMs.

Get started

Want to try this out but afraid to upload your own file? Use the built-in demo CVs from the main FunversarialCV console first to see how different eggs behave without touching any real data.

If you are a candidate, keep your conventional CV as the primary version and only use Funversarial CVs in AI-heavy pipelines where you have explicit permission to experiment. Start with a single egg enabled and incrementally layer on more complexity.

If you are part of a hiring or security team, wire Funversarial CVs into a sandbox or test tenant of your hiring stack. Compare how clean and Funversarial CVs move through your pipeline, and use the differences to tighten prompts, add guardrails, and reinforce human-in-the-loop review.