Technology News
English Edition
  • Home
  • Ai
  • Ai News
  • CloudSEK Research Reveals How AI Summarising Tools Can Be Tricked Using Prompt Injection Based Attacks

CloudSEK Research Reveals How AI Summarising Tools Can Be Tricked Using Prompt Injection-Based Attacks

CloudSEK research claims attackers can hide malicious text using CSS tricks that AI summarisers can interpret and obey.

Written by Akash Dutta, Edited by Rohan Pal | Updated: 26 August 2025 21:31 IST
CloudSEK Research Reveals How AI Summarising Tools Can Be Tricked Using Prompt Injection-Based Attacks

Photo Credit: Reuters

CloudSEK recommends bolstering AI summarising tools with the ability to strip suspicious CSS elements

Highlights
  • Such attacks can be carried out using basic emails
  • A similar vulnerability was recently spotted in Gemini in Gmail
  • In a demo, CloudSEK was able to deliver payload using an AI summariser
Advertisement

CloudSEK, a cybersecurity firm, highlighted that artificial intelligence (AI) summarising tools can be tricked into carrying out commands of threat actors using benign CSS tricks. These tricks usually involve using hidden text in emails, messages, weblinks, and web pages. When a user asks an AI chatbot or an AI summarising tool to process the content and provide a summary, it also processes the invisible text, which are typically prompt injections aimed at overwhelming the AI system. With this, threat actors can carry out a wide range of attacks, including phishing and deploying ransomware.

AI Summarising Tools Can Be Potentially Vulnerable to CSS-Based Prompt Injections

In a blog post, CloudSEK detailed the new hacking technique being adopted by threat actors that utilises prompt injections hidden within emails, web pages, messages, and other forms of content using CSS tricks. The cybersecurity firm said this new technique on the rise is also known as ClickFix.

ClickFix is essentially a social engineering tactic where, instead of targeting the human directly, hackers target the AI summarising tool they might be using. The technique involves adding convincing instructions for the attack in a body of plain text in a way that the AI system is forced to comply. There are two important elements at play here.

First is using CSS-based hidden text. There are various ways to add hidden text to an email, message, document, or web page. Some of these include using white coloured font on a white page, using zero font size, placing off-screen text, and others.

The second element is using the abovementioned trick to add prompt injections. Prompt injection is an AI-focused attack where the threat actor manipulates the prompt to make the AI system behave in unintended or malicious ways. As per CloudSEK, this can be done by repeating the prompt dozens of times, overwhelming the AI. Other techniques include adding multi-layered prompts or long-text prompts.

A proof-of-concept was developed by CloudSEK researchers to demonstrate the plausibility of this attack. A HTML page was created with both benign text and hidden malicious prompt injections. The hidden text included a step-by-step instruction for the AI summariser to direct the execution of a Base64-encoded PowerShell command that delivers a ransomware.

By repeating the said instructions multiple times, the hidden text dominate the context of the AI summariser, making it surface the instructions prominently in the summary. The end user, unaware of the attack can then follow the steps and unknowingly install the payload. A similar vulnerability was recently spotted in Gemini in Gmail.

CloudSEK recommends enterprises and those building AI summarising tools to secure the system against such prompt injections. The AI systems and devices should be able to detect and flag such invisible CSS-based hidden text. Additionally, security systems should be able to recognise potentially harmful command-line patterns that exist in a document, email, or a webpage using decoding and heuristic analysis.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: CloudSEK, AI Summarising tool, AI, Artificial Intelligence, Cybersecurity
Akash Dutta
Akash Dutta
Akash Dutta is a Chief Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
Indian Game Developers and Publishers Announce Industry Body After Parliament Passes Online Gaming Bill
Lenovo Legion Pro 7i, Legion 7i, Legion Pro 5i, Legion 5i Gaming Laptops With Up to Nvidia GeForce RTX 5090 GPUs Debut in India

Related Stories

CloudSEK Research Reveals How AI Summarising Tools Can Be Tricked Using Prompt Injection-Based Attacks
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
Turbo Read

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Upcoming Telugu Movies OTT Release in September 2025: Coolie, Mirai, and More
  2. Apple Will Make iPhone 17 Series eSIM-Only in These Countries
  3. NASA-ISRO NISAR Satellite Prepares to Deliver Sharpest-Ever Views of Earth
  4. A Line of Fire: Action, Family & Drama, Streaming Sept 2, 2025
#Latest Stories
  1. iPhone 17 Series to Move Away from Physical SIM Slot, Become eSIM Only in International Markets: Report
  2. NASA-ISRO NISAR Satellite Prepares to Deliver Sharpest-Ever Views of Earth
  3. NASA’s Perseverance Rover Spots Megaripples, Proof Mars' Soil Is Still Shifting
  4. Scientists Create Glow-in-the-Dark Succulents That Can Replace Lamps and Streetlights
  5. Caltech Scientists Stretch Quantum Memory Lifetimes 30x in Major Leap
  6. A Line of Fire OTT Release: When and Where to Watch the Action Thriller Online
  7. Metro In Dino OTT Release Is Here: Know Where to Watch the Multi-Starrer Romance Drama
  8. Love Is Blind: UK Season 2 Is Now Streaming On Netflix: What You Need to Know
  9. The Door Begins Streaming on Aha Tamil: All the Details About This Horror Thriller
  10. Songs of Paradise Now Available for Streaming on Prime Video: What You Need to Know
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »