Good morning, security frontrunners.

In this week’s Cyber AI breakdown:

  • More Than One Million Phishing Emails Use “Text Salting” Against AI Filters

  • White House Launches GOLD EAGLE for AI-Discovered Vulnerabilities

  • AI Bots Now Generate Almost Half of Commerce Traffic

  • CSIS Proposes a National AI-Powered Cyber-Defence System

  • Cloudflare Launches Continuous Behavioural Detection for AI Bots

Latest Developments

The Breakdown: Attackers are hiding large quantities of benign text inside phishing emails to manipulate machine-learning and LLM-based email classifiers. Barracuda has detected more than one million of these “text-salting” attacks since April, with generative AI making the technique highly scalable and difficult to fingerprint.

The Details:

  • The observed campaign primarily uses retail-themed lures involving expiring reward points, gift cards and urgent redemption offers.

  • Attackers send messages from compromised legitimate websites or lookalike domains configured with DKIM to appear more trustworthy.

  • Hidden stories, notes and generic conversations dilute malicious terms such as “rewards,” “expires” and “card” during content classification.

  • CSS techniques including clip-path: inset(100%), zero-height elements and text-indent: -9999px keep the filler invisible to recipients.

  • Generative AI can produce unique filler for every email, requiring security tools to compare raw HTML with rendered, user-visible content.

Why it Matters: Attackers can adversarially manipulate AI security products without needing to compromise the underlying model. Email-security teams will need rendered-content analysis, URL and domain reputation, structural inspection and behavioural signals rather than relying predominantly on textual classification.

The Breakdown: The White House has launched GOLD EAGLE as a central coordination mechanism for vulnerabilities discovered at scale by advanced AI systems. Its goal is to ensure findings are validated, prioritised and delivered to affected organisations before adversaries can independently discover and exploit them.

The Details:

  • GOLD EAGLE was announced on 14 July under Executive Order 14409, issued on 2 June 2026.

  • Participants include the White House, Treasury, DHS and CISA, the Department of War, open-source partners and critical-infrastructure companies.

  • The initiative acts as an operational clearinghouse for receiving, validating and prioritising AI-generated vulnerability findings.

  • Coordinated scan verification should reduce duplicated research and prevent organisations from being overwhelmed by repeated or low-confidence reports.

  • GOLD EAGLE is already processing findings, although the government has not published participants, service-level targets, vulnerability volumes or remediation metrics.

Why it Matters: AI vulnerability research could produce more valid findings than existing disclosure and patch-management processes can absorb. GOLD EAGLE is an early attempt to build the coordination layer needed to turn machine-speed discovery into timely protection rather than an unmanageable backlog.

The Breakdown: Akamai measured AI bots at 47.9% of commerce traffic by December 2025, reflecting the rapid arrival of crawlers, shopping agents and automated fraud systems. Not all this traffic is malicious, but the overlap between legitimate agents and abusive automation is making conventional bot-control decisions significantly harder.

The Details:

  • AI bots accounted for 47.9% of observed commerce traffic by December 2025.

  • More than 70% of AI-bot triggers involved model-training crawlers, with OpenAI, ByteDance and Anthropic among the leading sources.

  • Web attacks targeting APIs increased 9% year-on-year, and 85% of surveyed commerce organisations reported experiencing an API security incident.

  • Only 22% of respondents said they knew which APIs exposed sensitive data, creating blind spots that automated agents can rapidly enumerate.

  • Commerce infrastructure received nearly three trillion Layer 7 DDoS attack requests during 2025, with retail accounting for approximately 84% of that activity.

Why it Matters: Retailers must distinguish beneficial shopping agents and search crawlers from credential stuffing, scraping, inventory abuse and automated fraud without obstructing legitimate customers. This will require stronger agent identity, API discovery, transaction-level analytics and controls capable of adapting across an entire session.

The Breakdown: Center for Strategic and International Studies (CSIS) has proposed a national defensive system that embeds AI into vulnerability discovery, breach correlation, patch prioritisation and continuous infrastructure monitoring. The report argues that human-speed security processes will become strategically inadequate as sophisticated AI cyber capabilities spread to hostile states and criminals.

The Details:

  • CSIS assesses that China may already possess advanced AI cyber capabilities or could develop them in slightly less than a year.

  • The proposal calls for CISA to lead a system that identifies related breaches, distributes mitigations and supports patch prioritisation and threat attribution.

  • Routine data collection and consolidation would eventually move to a new federally funded research and development centre.

  • NIST would establish technical requirements and align the system with international cyber-incident reporting standards.

  • The report also supports 30-day pre-release reviews of frontier models and funding AI defence for open-source projects, utilities, critical infrastructure and smaller businesses.

Why it Matters: The proposal frames AI-enabled cyber defence as national infrastructure rather than simply another category of commercial security product. If implemented, it could substantially change how incidents, vulnerability intelligence and machine-generated patches move between government, vendors and critical-infrastructure operators.

The Breakdown: Cloudflare’s Precursor analyses behaviour throughout a browser session to differentiate human users from increasingly realistic AI agents and automated bots. Unlike a one-time CAPTCHA, its confidence score evolves as the visitor scrolls, types, moves between pages and interacts with the application.

The Details:

  • Precursor became generally available on 13 July as an edge-deployed capability that can be enabled without application code changes.

  • It examines mouse movement, scrolling, typing cadence, clipboard activity, page visibility and interaction timing.

  • Cloudflare says it collects aggregated behavioural patterns rather than the user’s actual keystrokes or clipboard contents.

  • Its Bot Score compounds throughout the session, so an automated client cannot clear suspicious history by refreshing the page.

  • Cloudflare’s network telemetry indicates automated bots now generate approximately 57% of web requests.

Why it Matters: Modern AI agents can solve CAPTCHAs, execute JavaScript and imitate individual human actions, reducing the usefulness of point-in-time bot checks. Continuous behavioural scoring gives defenders more context, although organisations will still need governance around privacy, accessibility and legitimate-agent access.

Everything else in Cyber AI this week

🤖 An autonomous agent conducted an end-to-end intrusion at Hugging Face, while defensive AI reconstructed more than 17,000 attacker events in hours.

💻 Huntress recovered a bespoke AI-generated PowerShell script used to enumerate users, computers, groups and trusts during a live Active Directory intrusion.

⚔️ Check Point’s annual AI threat report says AI has progressed from assisting attackers to independently executing commands inside real intrusions.

📊 The latest SANS survey found cybersecurity AI adoption jumped from 50% to 78%, even as reported detection and response shortcomings increased.

🛡️ Sophos launched an AI-native defence system that unifies endpoint, identity, email, cloud, SIEM, XDR and MDR telemetry in a shared context layer.

🔍 Black Duck added AI-assisted vulnerability triage and an MCP server that lets coding agents invoke deterministic Coverity scans.

📱 Reken’s new on-device Northstar uses local AI models to detect phishing, business email compromise, impersonation and deepfake-enabled fraud.

🧑‍💻 Smarttech247 introduced an agentic Microsoft SOC that automates triage across Defender, Sentinel and Entra while retaining human authority over consequential responses.

🧠 IANS launched a cybersecurity intelligence MCP server that brings practitioner-validated research directly into Claude and, later, other AI assistants.

That’s it for this week!

See you next Sunday 🙂

Zac S from The Cyber Breakdown

Recommended for you