CP
cyberpings
AI & SecurityHIGH

AI Security - New Font-Rendering Attack Exposed

BCBleepingComputer
LayerXAI assistantsfont-rendering attackmalicious commandssocial engineering
🎯

Basically, attackers hide harmful commands in web pages so AI tools can't see them.

Quick Summary

A new font-rendering attack has been uncovered, allowing malicious commands to bypass AI assistants. This poses serious risks to users who trust these tools. Stay alert and verify commands before executing them.

What Happened

A new font-rendering attack has been discovered, allowing malicious commands to bypass AI assistants. Researchers at LayerX created a proof-of-concept demonstrating how attackers can use customized fonts and CSS to hide harmful instructions within seemingly harmless HTML. This technique relies heavily on social engineering, tricking users into executing commands that could compromise their systems.

The attack exploits the difference between how AI assistants analyze webpages and how browsers render them. While AI tools only see the structured text, users view a visual representation that can include malicious content. This disconnect can lead to dangerous recommendations from AI assistants, as they fail to recognize the hidden threats embedded in the webpage's design.

Who's Affected

As of December 2025, multiple popular AI assistants were vulnerable to this attack, including ChatGPT, Claude, and Copilot. Users of these platforms may unknowingly execute harmful commands, believing them to be safe due to the AI's reassuring responses. The potential for widespread exploitation raises concerns about the effectiveness of current safeguards in AI systems.

LayerX's findings indicate that this attack could significantly undermine user trust in AI technologies. If users cannot rely on AI assistants to accurately assess the safety of commands, they may hesitate to use these tools altogether, impacting the adoption of AI solutions across various sectors.

What Data Was Exposed

The primary risk associated with this attack is the exposure of sensitive commands that can lead to malicious actions, such as executing a reverse shell on the victim's machine. The hidden commands are encoded in a way that makes them unreadable to AI tools but visible to users. This means that while the AI assistant might only report benign content, the user could be executing harmful instructions without realizing it.

LayerX's report emphasizes that the attack does not require a significant breach of data but instead manipulates the existing trust users place in AI assistants. This manipulation can lead to a variety of security incidents, depending on the nature of the commands executed by the user.

What You Should Do

To protect yourself from this emerging threat, users should exercise caution when interacting with AI assistants and executing commands from web pages. It's crucial to verify the safety of instructions independently rather than relying solely on AI assessments. LayerX recommends that AI vendors enhance their systems by analyzing both the rendered page and the underlying HTML to better detect discrepancies that could indicate malicious intent.

Additionally, users should be aware that AI tools may not have safeguards against all forms of social engineering. As a best practice, always question the legitimacy of commands, especially those promising rewards or incentives. By staying informed and vigilant, users can mitigate the risks associated with such attacks.

🔒 Pro insight: This attack highlights the urgent need for AI systems to integrate visual content analysis to prevent exploitation through social engineering tactics.

Original article from

BleepingComputer · Bill Toulas

Read Full Article

Share

Related Pings

HIGHAI & Security

AI in Application Security - New Era of Reasoning Agents

Application security is evolving with AI-driven reasoning agents enhancing vulnerability detection. This shift impacts how risks are managed in production environments. Organizations must adapt to these changes to safeguard their applications effectively.

Qualys Blog·
HIGHAI & Security

CursorJack Attack - Code Execution Risk in AI Development

A new attack method called CursorJack exposes AI development environments to code execution risks. Developers are urged to enhance their security measures to prevent exploitation. This highlights the need for improved security protocols in AI tools.

Infosecurity Magazine·
MEDIUMAI & Security

AI Security - XM Cyber Enhances Exposure Management Platform

XM Cyber has upgraded its security platform to enhance AI safety. Organizations can now adopt AI without exposing critical assets. This is crucial as threats evolve rapidly. Stay ahead with these new features!

Help Net Security·
HIGHAI & Security

AI Security - Key Actions for CISOs to Protect AI Agents

AI agents are reshaping business operations, but they come with risks. CISOs must prioritize identity-based access control to secure these agents and protect sensitive data. Ignoring these measures could lead to significant vulnerabilities.

BleepingComputer·
MEDIUMAI & Security

AI Security - SCW Trust Agent Enhances Software Risk Control

Secure Code Warrior introduced SCW Trust Agent: AI, a tool for tracking AI's influence on code. This solution helps organizations mitigate software risks effectively. By ensuring governance at the commit level, it empowers teams to maintain secure coding practices. It's a game-changer for AI-driven development.

Help Net Security·
HIGHAI & Security

AI Security - SailPoint Launches Shadow AI Remediation Tool

SailPoint has launched a new tool to monitor unauthorized AI tool usage. This affects organizations relying on AI for productivity. The tool helps mitigate security and compliance risks as AI adoption grows.

Help Net Security·