
The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.
Barracuda researchers identified over one million phishing emails using 'text salting'—inserting hidden benign text—to bypass both traditional and AI-powered email security filters. Attackers leverage large language models to scale these campaigns, exposing users to increased phishing risks as AI defenses fail to detect the threats effectively.[AI generated]
Why's our monitor labelling this an incident or hazard?
The event involves AI systems explicitly, as AI-based email security tools and large language models are targeted and evaded by attackers using text salting, which includes AI-generated benign text to fool detection. The phishing attacks have already occurred, causing harm to users and organizations, fulfilling the criteria for harm to communities and property. The AI system's malfunction or limitation (being deceived) is a contributing factor to the harm. Hence, this is an AI Incident rather than a hazard or complementary information.[AI generated]