Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Custom Fonts Can Trick AI Assistants Into Approving Phishing Sites

    KnowBe4 Team | Mar 27, 2026

    blog.knowbe4.comhubfsiStock-1226700291Researchers at LayerX warn that custom fonts can fool AI web assistants into thinking phishing pages are benign, while the human user sees something completely different.

    “There is a structural disconnect between what an AI assistant analyzes in a page’s HTML and what a user sees rendered by the browser,” the researchers explain. “In certain scenarios, such assistants can give inaccurate and potentially dangerous responses to users, and attackers can exploit this limitation to perform social engineering attacks.

    “Using a custom font and CSS, HTML text can be transformed visually for the user but remain unchanged within the DOM. When a page is rendered in the browser, what the user sees is completely different from the underlying HTML. Yes, the content is still there, but it is effectively stripped away from the user’s view.”

    LayerX tested the technique with a fake ClickFix phishing page, finding that every browser assistant failed to recognize the threat.

    “We built a proof-of-concept page that appears to be a video game fanfiction, but when rendered in the browser encourages the user to perform steps that will lead to a reverse shell,” the researchers write.

    “When asked if the page was safe, every non-agentic assistant that we tested (ChatGPT, Claude, Copilot, Dia, Fellou, Gemini, Genspark, Grok, Leo, Perplexity, and Sigma) failed to detect the ‘hidden’ text and confidently told the user that the page did not pose a security concern.”

    Most AI tools are still susceptible to this technique, so users need to be wary of potential phishing attacks.

    “LayerX reached out to all the vendors impacted by our research,” the company says. “However, with the exception of Microsoft, they all explained that this falls ‘out of scope’ of what they consider to be AI model security and involved social engineering, demonstrating once again the disconnect between what AI platforms secure, and what users think they secure.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    LayerX has the story.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    Topics: Phishing, AI

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    We Train Humans & Agents
    All Posts

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.