AI spam filters are getting suckered by old-school text salting

Bender1 pts0 comments

AI spam filters are getting suckered by old-school text salting

Jump to main content

Search

REG AD

security

AI spam filters are getting suckered by old-school text salting

Turns out decades-old email tricks still work against some LLM-powered email filters

Brandon Vigliarolo

Brandon<br>Vigliarolo

GOVERNMENT AND IT NEWS REPORTER

Published<br>fri 17 Jul 2026 // 17:15 UTC

Notice more spam getting through that corporate email filter lately? Attackers are using a technique known as "text salting," which hides benign-looking words intended to confuse some AI-powered email filters, says cybersecurity firm Barracuda.<br>The email security outfit said on Thursday that it had detected more than one million retail-themed phishing attacks using text salting since April. It’s not a new technique by any stretch and has been used to fool traditional secure email gateways for years, but Barracuda says it can also confuse machine-learning and LLM-based security tools.<br>Text salting involves peppering (sorry) a malicious email with random, harmless-seeming words in order to fool an email scanning system into thinking there’s nothing off about the flavor of a message (sorry again), tricking the system into passing it to its recipient for consumption (I’ll stop with the food jokes here).

REG AD

Pour a pile of salty text on top of an email and a human reader would probably get suspicious, however, so attackers typically use one or more of three flavor variations (okay, I'm done – promise) to hide the additives from human readers, but not automated scanners, per Barracuda.

REG AD

Typical techniques include CSS cropping, which sets the visible window small enough that a human won't see the hidden filler text; text manipulation to move the salty copy outside the visible screen; and zero font techniques which insert misleading words between suspicious phishing copy that’s visible to a machine but not a human.<br>The end result of each of those techniques is a message that reads less malicious, more gibberish to a machine, leading it to assume the email is fine, and which looks exactly as the attacker intended when viewed by a human.<br>Modern email security systems have largely adapted to these techniques, with newer tools able to remove hidden text to see what a reader is supposed to see, sounding alarms when a lot of hidden stuff is inserted in an email, and the like. AI, however, hasn’t managed to follow suit, says Barracuda.<br>“Text salting and related techniques can be used to confuse AI-driven content analysis engines by flooding the email with random terms that encourage the AI system into making an incorrect classification decision,” the company wrote in its report - just like those early 2000s SEGs. What a technological leap we’ve made!<br>LLMs, Barracuda explained, are typically designed to process email text and source code plainly, with no understanding of whether text is visible or hidden from a user. They can be trained to do so, but that just means most tools probably aren’t doing that by default.

MORE CONTEXT

Keep it simple, stupid: Agentic AI tools choke on complexity

Bot her emails: most modern phishing campaigns are AI-enabled

Meta admits its first ‘superintelligence’ was too stupid to survive for three days

ChatGPT blindly trusts browser content, turning the page into a payload

So, what can enterprises do to stop the flow of salty spam to their employees? Barracuda recommends a layered approach to email security rather than relying solely on keyword detection, including checking sender reputation, authentication results, embedded URLs, HTML-rendering techniques, and differences between user-visible and hidden content.<br>Ditching that AI spam filter might not be a bad idea, either. ®

ai and ml<br>email<br>spamming<br>security

REG AD

DEVOPS

Java was a three-day hotfix away from dying horribly on stage

Tim Lindholm, Java's original JVM maintainer, shares with El Reg some of the grungy build details the doc glosses over

SOFTWARE

Mozilla speeds Firefox release schedule to biweekly

And what to expect in Firefox 153 as the next ESR release gets close

Gobi X: Creating more energy for AI, not taking it from society

PARTNER CONTENT: How Envision is reversing the datacenter playbook by making computing chase abundant desert power, not the other way around

off-prem

Billing software error sends billion-dollar AWS estimates

Amazon asks users not to panic as it works to fix the bug

PaaS + IaaS

Amazon Web Services' most vocal customer now runs EC2

Retail foundation leader Dave Treadwell takes over as senior leader and 19-year vet Dave Brown departs for pastures unknown

security

AI spam filters are getting suckered by old-school text salting

Turns out decades-old email tricks still work against some LLM-powered email filters

MOST POPULAR

OS PLATFORMS

Torvalds challenged the haters to fork Linux. Someone said 'hold my beer'

ai and ml

Linus Torvalds tells AI haters to fork off

AI and ML

Researcher poisons...

email text salting spam filters security

Related Articles