Over one million emails exploit a technique called text salting to bypass AI-powered security filters, according to research tracking active phishing campaigns. The attack works by embedding hidden text within emails that humans cannot see but that confuses large language models used in modern email security systems.
Text salting involves inserting invisible characters, white text on white backgrounds, or content hidden behind images to artificially inflate email length and obscure malicious intent from AI detection engines. While traditional rule-based filters catch obvious phishing markers, LLM-based security systems sometimes interpret the salted text as legitimate context, allowing dangerous emails to reach inboxes.
Attackers target credential harvesting and malware distribution through these obfuscated messages. The technique proves particularly effective because AI models trained on standard email datasets lack adequate exposure to salting patterns. Security vendors relying on transformer-based detection often score these emails as low-risk when the hidden payload structures remain invisible during training.
Organizations running email security built on newer AI systems face immediate risk. Users receive convincing phishing messages that bypass automated checks, increasing compromise rates for sensitive accounts. Attackers have scaled this tactic across multiple verticals, with the million-plus figure representing active detections over recent months.
The security gap exposes a fundamental vulnerability in AI-first security strategies. LLMs excel at contextual understanding but struggle when attackers deliberately introduce noise or obscured content. Current defenses rely on updated threat intelligence and behavioral analysis, but many deployments lag in recognizing emerging evasion techniques.
Organizations should layer multiple detection methods rather than depending solely on AI systems. Email authentication protocols like DMARC, SPF, and DKIM remain effective regardless of text manipulation. User security awareness training specifically addressing phishing remains critical, as even sophisticated attacks fail when users remain vigilant about unexpected requests and suspicious sender behavior.
Security teams should review their email filtering logs for sal
