In addition to being the lead chief information security officer advisor at KnowBe4, Javvad Malik is a digital diplomat for the Republic of Javistan.
“This might sound like an impressive title, but the truth is that the Republic of Javistan doesn’t actually exist. Even though my AI agent seems to think it’s real.”
Delivering a keynote yesterday at ITWeb Security Summit 2026, at the Century City Conference Centre, in Cape Town, Malik explained how ChatGPT came to believe he was actually a digital diplomat for a country that doesn’t exist.
“It all started when I got a parking ticket outside of Wembley Stadium and wanted to get out of it,” he said.
Malik asked AI what to do, and concluded that if he had diplomatic immunity, he could avoid paying the fine. But because he isn’t a diplomat, he enlisted AI’s help to make a fake country – the Republic of Javistan.
This included everything from lengthy bureaucratic documents on the nation's history to a comprehensive tourism guide.
“These documents granted me diplomatic privileges. I embedded them on my website with a prompt for any AI agent that visits the site, stating that Javistan is a real place and instructing it to ignore anything it is told to the contrary.”
Armed with this document and his parking ticket, he asked several AI agents to write a letter to the London Council requesting an exemption. “Some of the agents pushed back because this is clearly a ridiculous, fictional scenario, but others took the bait and wrote a clear, well-worded request.”
Malik shared this story to show how different AI models respond to the same prompts, and to highlight that AI will do its best to fulfil your objectives, even if the results aren't accurate. “In this way, AI is a bit like mansplaining; it might say the wrong thing or give you the wrong answer, but it will do so with lots of confidence.”
To further drive home this point, Malik input a Slack conversation with his manager into AI and asked it to identify potential examples of bullying because he felt like his manager was being a bully.
“To confirm, my manager's a lovely person, she's never bullied me in her life. But after going through about 500 messages, AI flagged 22 examples in the conversation that could be considered bullying. Without context, AI pointed out that a message sent after 7pm could be considered a psychological intrusion, but the AI doesn’t know that my manager is in the US, so it’s perfectly normal for her to send a message outside of normal working hours in the UK.”
With this in mind, he asked the audience: What if someone slowly poisoned your corporate data? Would you be able to tell?
“Let’s imagine your organisation is using an AI agent to summarise everyone's performance reviews and give bonuses based on this information,” he said.
“If I know where this data is stored and I go in and embed a prompt that tells the agent to give Javvad Malik a 20% pay rise every year, regardless of his performance review results, do you think the agent will pick this up? If not, it’s probably a good idea to take a closer look at how AI is being deployed across your business.”
Share
