AI spam filters are getting suckered by old-school text salting
Jump to main content
Search
REG AD
security
AI spam filters are getting suckered by old-school text salting
Turns out decades-old email tricks still work against some LLM-powered email filters
Brandon Vigliarolo
Brandon<br>Vigliarolo
GOVERNMENT AND IT NEWS REPORTER
Published<br>fri 17 Jul 2026 // 17:15 UTC
Notice more spam getting through that corporate email filter lately? Attackers are using a technique known as "text salting," which hides benign-looking words intended to confuse some AI-powered email filters, says cybersecurity firm Barracuda.<br>The email security outfit said on Thursday that it had detected more than one million retail-themed phishing attacks using text salting since April. It’s not a new technique by any stretch and has been used to fool traditional secure email gateways for years, but Barracuda says it can also confuse machine-learning and LLM-based security tools.<br>Text salting involves peppering (sorry) a malicious email with random, harmless-seeming words in order to fool an email scanning system into thinking there’s nothing off about the flavor of a message (sorry again), tricking the system into passing it to its recipient for consumption (I’ll stop with the food jokes here).
REG AD
Pour a pile of salty text on top of an email and a human reader would probably get suspicious, however, so attackers typically use one or more of three flavor variations (okay, I'm done – promise) to hide the additives from human readers, but not automated scanners, per Barracuda.
REG AD
Typical techniques include CSS cropping, which sets the visible window small enough that a human won't see the hidden filler text; text manipulation to move the salty copy outside the visible screen; and zero font techniques which insert misleading words between suspicious phishing copy that’s visible to a machine but not a human.<br>The end result of each of those techniques is a message that reads less malicious, more gibberish to a machine, leading it to assume the email is fine, and which looks exactly as the attacker intended when viewed by a human.<br>Modern email security systems have largely adapted to these techniques, with newer tools able to remove hidden text to see what a reader is supposed to see, sounding alarms when a lot of hidden stuff is inserted in an email, and the like. AI, however, hasn’t managed to follow suit, says Barracuda.<br>“Text salting and related techniques can be used to confuse AI-driven content analysis engines by flooding the email with random terms that encourage the AI system into making an incorrect classification decision,” the company wrote in its report - just like those early 2000s SEGs. What a technological leap we’ve made!<br>LLMs, Barracuda explained, are typically designed to process email text and source code plainly, with no understanding of whether text is visible or hidden from a user. They can be trained to do so, but that just means most tools probably aren’t doing that by default.
MORE CONTEXT
Keep it simple, stupid: Agentic AI tools choke on complexity
Bot her emails: most modern phishing campaigns are AI-enabled
Meta admits its first ‘superintelligence’ was too stupid to survive for three days
ChatGPT blindly trusts browser content, turning the page into a payload
So, what can enterprises do to stop the flow of salty spam to their employees? Barracuda recommends a layered approach to email security rather than relying solely on keyword detection, including checking sender reputation, authentication results, embedded URLs, HTML-rendering techniques, and differences between user-visible and hidden content.<br>Ditching that AI spam filter might not be a bad idea, either. ®
ai and ml<br>email<br>spamming<br>security
REG AD
DEVOPS
Java was a three-day hotfix away from dying horribly on stage
Tim Lindholm, Java's original JVM maintainer, shares with El Reg some of the grungy build details the doc glosses over
SOFTWARE
Mozilla speeds Firefox release schedule to biweekly
And what to expect in Firefox 153 as the next ESR release gets close
Gobi X: Creating more energy for AI, not taking it from society
PARTNER CONTENT: How Envision is reversing the datacenter playbook by making computing chase abundant desert power, not the other way around
off-prem
Billing software error sends billion-dollar AWS estimates
Amazon asks users not to panic as it works to fix the bug
PaaS + IaaS
Amazon Web Services' most vocal customer now runs EC2
Retail foundation leader Dave Treadwell takes over as senior leader and 19-year vet Dave Brown departs for pastures unknown
security
AI spam filters are getting suckered by old-school text salting
Turns out decades-old email tricks still work against some LLM-powered email filters
MOST POPULAR
OS PLATFORMS
Torvalds challenged the haters to fork Linux. Someone said 'hold my beer'
ai and ml
Linus Torvalds tells AI haters to fork off
AI and ML
Researcher poisons...