LayerX Demonstrates Fonts Fool AI Web Assistants
Researchers at LayerX report that custom fonts and CSS can visually alter rendered web pages for users while leaving underlying HTML unchanged, enabling attackers to hide malicious instructions from AI web assistants. In tests using a ClickFix phishing proof-of-concept, every tested assistant (including ChatGPT, Gemini, and Copilot) failed to detect hidden text. The flaw enables social-engineering attacks and highlights gaps in assistant security.
Key Points
- 1Demonstrates: custom fonts/CSS visually change page while DOM text remains unchanged, hiding malicious instructions.
- 2Shows: DOM-based analysis lets AI assistants miss rendered text, enabling confident false safety assessments.
- 3Advises: defenders must validate rendered output or incorporate visual rendering into assistant security checks.
Scoring Rationale
Strong cross-platform proof-of-concept raises urgency, but single-vendor disclosure and lack of peer review limit confidence.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems


