Scammers Use Hidden Text to Bypass AI Email Filters in Phishing Scams

Artificial intelligence has become the backbone of modern email security, with machine‑learning models scanning every inbound message for malicious links, suspicious attachments, and phishing language. The latest research from Sublime Security reveals a subtle twist: indirect prompt injection. By inserting invisible text—zero‑point font or color‑matched strings—attackers flood the AI’s token stream with benign content from high‑reputation sources. This dilutes the malicious signals and tricks the model into classifying the email as harmless, effectively turning the AI’s strength into a weakness.

Real‑world campaigns illustrate the danger. One operation cloned an Adidas newsletter, embedding the authentic copy into a cloud‑storage phishing email, while another used a fictional romance story to mask a fake health‑insurance offer. Although these attacks account for less than one percent of observed traffic, their success demonstrates a proof‑of‑concept that could scale as AI‑driven mail agents become more autonomous. As organizations adopt “agentic mailboxes” that automatically sort, reply, or even forward messages, the cost of a misclassification rises dramatically, potentially exposing sensitive data or facilitating credential theft.

The industry response must evolve beyond keyword and link detection. Security vendors are urged to develop context‑aware models that parse the entire semantic landscape of an email, weighing hidden text against visible intent. Techniques such as multi‑modal analysis, attention‑based filtering, and adversarial training can help distinguish genuine brand content from malicious camouflage. Ultimately, strengthening AI email filters will be critical to maintaining trust in digital communications as cyber‑criminals continue to weaponize the very technologies designed to protect us.