Custom Fonts Can Trick AI Assistants Into Approving Phishing Sites
KnowBe4, March 27,2026
Researchers at LayerX warn that custom fonts can fool AI web assistants into thinking phishing pages are benign, while the human user sees something completely different.
'There is a structural disconnect between what an AI assistant analyzes in a page's HTML and what a user sees rendered by the browser,' the researchers explain. 'In certain scenarios, such assistants can give inaccurate and potentially dangerous responses to users, and attackers can exploit this limitation to perform social engineering attacks.