Practical Magic / AI

Visual phishing detectors fail every single time when a website waits a few seconds to show its logo.

The Takeaway

Automated security tools currently take a quick snapshot of a webpage to look for fraudulent replicas of bank or tech logos. Attackers are now using a simple timing trick to keep the logo hidden until after the AI scanner has finished its check. This trivial modification renders some of the most advanced computer vision defenses completely useless. Security experts assumed that seeing what a human sees was enough to stop phishing. Now, defenses must evolve to monitor page behavior over time rather than relying on static images.

By SeriesFusion Editorial Board · May 4, 2026

Original Paper

I can't recognize (yet): Delayed Rendering to Defeat Visual Phishing Detectors

Ying Yuan, Cristiano Alex Rado, Giovanni Apruzzese, Mauro Conti, Luigi Vincenzo Mancini

arXiv · 2605.00183

From the abstract

Phishing webpages are continuously polluting the Web. Plenty of countermeasures have been proposed and the most advanced techniques leverage machine-learning methods that infer whether a webpage is benign or not by inspecting its visual representation. Yet, despite the demonstrated effectiveness of such detection methods, this class of defenses is, by design, susceptible to a kind of subtle-but-cheap timing-based attacks which -- worryingly, and perhaps surprisingly -- have never been investigat

Read the original paper →

← Back to today's papers