[simonw]

That's not a robust defense.

Hide it in an alt text.

Stick it in the middle of an article and assume no-one will notice (because the article is so long they default to AI summarization).

Detect the AI crawler user-agent or IP range and serve different content to it.

Figure out how to write a paragraph of text which seems to a user to be normal prose but, when tokenized by an AI, has cleverly encoded instructions that it never-the-less acts on.

Be very careful throwing words like "trivial" around when talking about AI and security! This stuff is very, very hard.