Over One Million Phishing Emails Evade AI Security via Text Salting

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

Barracuda researchers identified over one million phishing emails using 'text salting'—inserting hidden benign text—to bypass both traditional and AI-powered email security filters. Attackers leverage large language models to scale these campaigns, exposing users to increased phishing risks as AI defenses fail to detect the threats effectively.[AI generated]

Why's our monitor labelling this an incident or hazard?

The event involves AI systems explicitly, as AI-based email security tools and large language models are targeted and evaded by attackers using text salting, which includes AI-generated benign text to fool detection. The phishing attacks have already occurred, causing harm to users and organizations, fulfilling the criteria for harm to communities and property. The AI system's malfunction or limitation (being deceived) is a contributing factor to the harm. Hence, this is an AI Incident rather than a hazard or complementary information.[AI generated]
AI principles
Robustness & digital securitySafety

Industries
Digital security

Affected stakeholders
Consumers

Harm types
Economic/PropertyPsychological

Severity
AI incident

AI system task:
Content generation


Articles about this incident or hazard