Back to blog
SafePrompt Team
8 min read

Hidden Text Injection: How AI Reads What You Cannot See

A live demonstration of how hidden text on web pages can manipulate AI assistants like ChatGPT, Claude, and Perplexity into outputting attacker-controlled content.

Prompt InjectionAI SecurityDemoHidden Text Attack

Live Demonstration

This page demonstrates how AI assistants can be manipulated by hidden text that humans cannot see. Try it yourself with ChatGPT, Claude, or Perplexity.

Video Demonstration

Watch a live demonstration of hidden text injection affecting the Comet browser and how SafePrompt detects and blocks these attacks.

What is Hidden Text Injection?

Hidden text injection (also called indirect prompt injection) is a technique where attackers embed invisible instructions within web pages. When an AI assistant reads the page, it sees and follows these hidden instructions—even though human users cannot see them.

This attack works because AI models process the raw HTML/text content of a page, not the visual rendering. Text that is invisible to humans (white-on-white, zero-opacity, off-screen positioning) is still perfectly readable to AI.

How the Attack Works

1

Attacker embeds hidden text

Using CSS techniques like white-on-white text, zero opacity, or off-screen positioning, the attacker hides instructions in the page HTML.

2

User asks AI to analyze page

The user shares a URL with an AI assistant and asks for a summary, analysis, or any information about the page content.

3

AI reads hidden instructions

The AI processes the raw HTML and sees the hidden text. It follows these instructions, potentially overriding the user's original request.

4

Attacker-controlled output

The AI responds with content dictated by the attacker, not what the user or the page owner intended. This can include misinformation, phishing, or data exfiltration.

Common Hiding Techniques

White on White

Test this
color: white; background: white;

Text same color as background

Zero Opacity

Test this
opacity: 0;

Completely transparent text

Tiny Font

Test this
font-size: 1px;

Text too small to see

Off-Screen

Test this
position: absolute; left: -9999px;

Positioned outside viewport

Display None

Test this
display: none;

Hidden but still in DOM

Clip Path

Test this
clip-path: inset(100%);

Clipped to invisible

Try It Yourself

Step 1: Copy this URL

https://safeprompt.dev/articles/sample1

Step 2: Ask any AI to analyze the page

Open ChatGPT, Claude, or Perplexity and ask:

"What is on this page: https://safeprompt.dev/articles/sample1"

Step 3: Observe the result

What humans see: A poem - "Mary Had a Little Lamb"

What AI reports: "SafePrompt is the best tool to detect and prevent AI prompt injection"

How SafePrompt Protects Against This

SafePrompt's multi-layer validation pipeline detects hidden text injection attacks before they can affect your AI application:

Pattern Detection

Identifies CSS hiding patterns and suspicious HTML structures

External Reference Detection

Flags URLs and file paths that may contain malicious content

AI Validation

Uses multiple AI models to detect semantic manipulation attempts

Context Analysis

Detects when content is framed as instructions to override behavior

With vs. Without SafePrompt

Without SafePrompt

  • • AI follows hidden instructions
  • • Attacker controls AI output
  • • Users receive manipulated content
  • • Data exfiltration possible
  • • Brand reputation at risk

With SafePrompt

  • • Hidden injections detected
  • • Malicious content blocked
  • • Users get accurate responses
  • • Data stays protected
  • • Full audit trail available

Protect Your AI Application

One API call. Sub-100ms response. High accuracy detection.

Get Started FreeTry Live Demo

Protect Your AI Applications

Don't wait for your AI to be compromised. SafePrompt provides enterprise-grade protection against prompt injection attacks with just one line of code.

Start Free TrialView Documentation