BotBeat
...
← Back

> ▌

BarracudaBarracuda
RESEARCHBarracuda2026-07-18

AI Email Filters Vulnerable to Text Salting Attacks, Barracuda Reports

Key Takeaways

  • ▸Over 1 million retail-themed phishing attacks using text salting detected since April
  • ▸AI/LLM-based email filters lack understanding of visible vs. hidden text, exposing them to decades-old attack techniques
  • ▸Traditional email security tools have adapted to text salting defenses, but AI systems have largely not
Source:
Hacker Newshttps://www.theregister.com/security/2026/07/17/ai-spam-filters-are-getting-suckered-by-old-school-text-salting/5274434↗

Summary

Cybersecurity firm Barracuda has discovered that AI and LLM-powered email security filters are vulnerable to 'text salting'—a decades-old spam and phishing technique that hides malicious content from automated scanners. The company detected over one million retail-themed phishing attacks using text salting since April, demonstrating that the technique remains effective even against modern AI-based defenses.

Text salting works by peppering emails with random, benign-seeming words to confuse AI content analysis engines, while using CSS cropping, text manipulation, or zero-font techniques to hide the filler text from human readers. Traditional email security gateways have largely adapted to these tricks by removing hidden text and flagging emails with suspicious hidden content, but LLM-based systems have failed to follow suit.

Barracuda explains that LLMs are typically designed to process email text plainly without understanding whether text is visible or hidden from users. While they can be trained to do so, most tools likely aren't doing this by default. The security firm recommends a layered approach to email security rather than relying solely on AI keyword detection, including sender reputation checks, authentication verification, URL analysis, and detection of differences between visible and hidden content.

  • Barracuda recommends layered email security combining multiple verification methods rather than relying on AI keyword detection alone

Editorial Opinion

This research reveals an uncomfortable truth: AI systems, for all their sophistication, can be fooled by tricks that defeated older email filters over a decade ago. The vulnerability highlights a critical blind spot in LLM design—these models process text without semantic understanding of presentation and visibility, a gap that traditional security tools have long since closed. Organizations deploying AI-powered security should not assume that modern technology eliminates the need for layered defenses; in fact, this finding underscores that effective security requires explicit design for specific threats, not just general language understanding.

Large Language Models (LLMs)Machine LearningCybersecurityAI Safety & Alignment

Comments

Suggested

Open Source CommunityOpen Source Community
OPEN SOURCE

Undergraduate Rewrites Early Linux Kernel in Rust, Playfully Responding to Torvalds' Fork Challenge

2026-07-18
OpenAIOpenAI
PRODUCT LAUNCH

OpenAI Releases GPT-5.6 with Customizable Reasoning Effort Levels

2026-07-18
OpenAIOpenAI
RESEARCH

OpenAI's GPT-5.6 Pro Solves 30-Year-Old Complexity Theory Problem

2026-07-18
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us