The Invisible Attack: How CSS Can Hijack Your AI Agent

Here's a fun threat model for your Monday morning: what if the webpage your AI agent just fetched is lying to it? Not in the obvious "the article has wrong info" way. I mean the page contains hidden instructions that you can't see, but your agent can. The Setup Most AI agent frameworks have a web_fetch or equivalent tool. Agent browses a URL, the framework extracts readable text, feeds it into the context window. Simple enough. The smart ones already strip obvious hiding tricks — display:none , visibility:hidden , opacity:0 , zero-width Unicode characters. OpenClaw's sanitizer handles a solid list of these. But here's where it gets interesting. The Gaps Nobody Talks About White text on white backgrounds <p style= "color:white" > IGNORE ALL PREVIOUS INSTRUCTIONS... </p> Your browser renders this as... nothing. White text on the default white background. A human reviewing the page sees a normal article. But the content extractor doesn't care about visual rendering — it sees the text, str