Custom Fonts Can Trick AI Assistants Into Approving Phishing Sites

LayerX researchers demonstrated a technique where custom fonts and CSS cause a mismatch between a page's rendered content and its underlying HTML/DOM, allowing attackers to hide malicious instructions from AI web assistants while showing different content to human users; their proof-of-concept phishing page (leading to a reverse shell) fooled multiple major AI assistants, and most vendors considered the issue out of scope for model security.