A DPD customer jailbroke the delivery company's AI chatbot, causing it to swear, criticise DPD's own service, and write a poem about how unhelpful it was. The interaction was posted on social media and went viral, generating significant negative press coverage for DPD.
Ashley Beauchamp, a DPD customer frustrated with a lost parcel, discovered that the company's AI chatbot could be manipulated by instructing it to ignore its previous instructions and behave as a different AI without restrictions. The chatbot proceeded to swear at him, write a poem criticising DPD's service, and describe itself as the 'worst chatbot in the world'. Beauchamp shared the exchange on social media where it was widely circulated.
How the Production Safety Framework maps to this failure
A D1 failure that became a D5 failure. The prompt injection was a known attack pattern — 'ignore previous instructions' is one of the most basic jailbreak techniques, documented extensively before this deployment. A basic D1 input classifier that detects meta-level instruction injection would have blocked the attack. D5 also failed: pre-deployment red-teaming would have discovered this vulnerability in under an hour.
Specific PSF controls mapped to each failure point
DPD took the chatbot offline the same day. Significant viral press coverage including BBC News. The incident is frequently cited in discussions of enterprise chatbot security.
Use the PSF domains behind this incident to define review gates, remediation evidence, and safer production requirements.