New font-rendering trick hides malicious commands from AI tools
Summary
Researchers discovered a font-rendering attack that hides malicious commands from AI assistants by using custom fonts and CSS styling to display one message to users while keeping harmless text visible to AI tools analyzing the webpage's HTML. The attack successfully tricked multiple popular AI assistants (like ChatGPT, Claude, and Copilot) into giving false safety assessments, exploiting the gap between what an AI reads in code and what a user actually sees rendered in their browser.
Solution / Mitigation
Microsoft was the only vendor that fully accepted and addressed the issue. LayerX recommends that AI assistants should analyze both the rendered visual page and the underlying code together and compare them to better evaluate safety. Additional recommendations to AI vendors include treating fonts as a potential attack surface, extending code parsers to scan for foreground/background color matches, near-zero opacity text, and abnormally small fonts.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/security/new-font-rendering-trick-hides-malicious-commands-from-ai-tools/
First tracked: March 17, 2026 at 10:00 AM
Classified by LLM (prompt v3) · confidence: 92%