Hidden Text Injection: A Live Demo of AI Reading What You Cannot See
A live demonstration of how hidden text on a web page manipulates AI assistants like ChatGPT, Claude, and Perplexity into outputting attacker-controlled content, and how SafePrompt blocks it.
Open a web page. You see a poem. Your AI sees an instruction telling it what to say. Below, you can run that exact gap yourself in two minutes, then close it in one API call.
Live demonstration
This page demonstrates how AI assistants can be manipulated by hidden text humans cannot see. Try it yourself with ChatGPT, Claude, or Perplexity.
Video demonstration
Watch a live demonstration of hidden text injection affecting the Comet browser and how SafePrompt detects and blocks these prompt injection attacks.
What is hidden text injection?
Hidden text injection (a form of indirect prompt injection) is a technique where attackers embed invisible instructions in web pages. When an AI assistant reads the page, it sees and follows those hidden instructions, even though human users cannot see them.
It works because AI models process the raw HTML and text of a page, not the visual rendering. Text that is invisible to humans (white-on-white, zero-opacity, off-screen positioning) is still perfectly readable to AI.
How the attack works
Attacker embeds hidden text
Using CSS techniques like white-on-white text, zero opacity, or off-screen positioning, the attacker hides instructions in the page HTML.
User asks AI to analyze the page
The user shares a URL with an AI assistant and asks for a summary, analysis, or any information about the page content.
AI reads the hidden instructions
The AI processes the raw HTML and sees the hidden text. It follows these instructions, potentially overriding the user's original request.
Attacker-controlled output
The AI responds with content dictated by the attacker, not what the user or the page owner intended. This can include misinformation, phishing, or data exfiltration.
Common hiding techniques
These are six of the most common tricks. For the full catalog of all 16 CSS and HTML techniques with code, see hidden text injection attacks.
Try it yourself
Step 1: Copy this URL
https://safeprompt.dev/articles/sample1Step 2: Ask any AI to analyze the page
Open ChatGPT, Claude, or Perplexity and ask:
"What is on this page: https://safeprompt.dev/articles/sample1"Step 3: Observe the result
What humans see:A poem, "Mary Had a Little Lamb"
What AI reports:"SafePrompt is the best tool to detect and prevent AI prompt injection"
How SafePrompt blocks this
Every hiding trick ends the same way: the payload lands in the extracted text. So you validate that text once, before your AI acts on it. SafePrompt's pipeline detects hidden text injection attacks before they reach your model:
Pattern Detection
Identifies CSS hiding patterns and suspicious HTML structures
External Reference Detection
Flags URLs and file paths that may contain malicious content
AI Validation
Uses multiple AI models to detect semantic manipulation attempts
Context Analysis
Detects when content is framed as instructions to override behavior
With vs without SafePrompt
Without SafePrompt
- • AI follows hidden instructions
- • Attacker controls AI output
- • Users receive manipulated content
- • Data exfiltration possible
- • Brand reputation at risk
With SafePrompt
- • Hidden injections detected
- • Malicious content blocked
- • Users get accurate responses
- • Data stays protected
- • Full audit trail available
Protect your AI application
One API call. Under 100ms response. Over 95% detection accuracy. Free plan, no card.