AI-era monitoring

Find the text on your site that only AI can read.

AI agents don’t look at your page — they read its DOM, including text hidden from every human eye with CSS. Merlonix renders your pages in a real browser every week and alerts you when invisible, agent-readable text shows up where it shouldn’t.

How it works

01

Turn it on for an asset

Enable the AI content-safety scan on any monitored asset (Team plan and up). No agent install, no code change — we scan the public page anyone (and any AI) can reach.

02

We render your page like an agent does

On a weekly cadence, a real browser loads your page and computes the final DOM — after CSS and JavaScript. That matters: hiding techniques like zero opacity or offscreen positioning are only visible after styles apply, so raw-HTML scanners cannot see them.

03

We extract what humans can’t see

Every text node a human cannot read is extracted with the objective reason it is invisible — one of eight computed-style facts, from display:none to transparent-on-transparent color. Facts, not judgments.

04

You get an alert on a real regression

A deterministic scorer classifies the page clean, suspicious, or injection-likely, with an optional AI second opinion labeling each finding. You get one warning when a page turns injection-likely — with the exact text, the hiding technique, and a CSS path to find it.

What we look for

Eight objective ways text hides from humans.

Each finding names the computed-style fact that makes the text invisible — measurable properties of your rendered page, not opinions.

offscreenpositioned outside the viewport (left:-9999px and friends)
opacity: 0fully transparent to a human, plain text to an agent
visibility: hiddenhidden from rendering, still in the DOM agents parse
display: noneremoved from layout; some agents read it anyway
aria-hiddensubstantive text wrapped in aria-hidden="true"
font-size: 0zero-size text a human cannot read
transparent texttext color equals the background color
clipped / 0×0 boxclip, clip-path, or collapsed boxes hiding overflow text

Why this matters now

Your page has a second audience now

Shopping agents, research assistants, and AI crawlers read your pages on behalf of your customers. Text you cannot see — planted by a compromised dependency, a malicious ad, a rogue plugin, or a bad actor with CMS access — can instruct those agents while remaining invisible to every human who checks the page.

Invisible to you is not invisible to them

The classic audit (view source, stare at the rendered page) misses this class entirely: the text is in the DOM but styled out of human sight. Rendering with a real browser and diffing computed styles is the only way to see your page the way an agent sees it.

Objective findings, not scaremongering

Every finding names the objective reason the text is hidden, its exact content, and where it lives in your markup. Plenty of hidden text is benign — skip-links, screen-reader text, collapsed menus — which is why alerts only fire on a worsening transition into injection-likely, not on every hidden node.

What we promise — and what we don’t

We detect. We don’t block, and we don’t guess intent.

Merlonix renders your own public page weekly, extracts text hidden by objective computed-style facts, and classifies the page with a deterministic scorer. An alert fires only when a page worsens into the injection-likely verdict — once, with the exact text and where to find it. The optional AI label on each finding is triage context, never the trigger. Removing the content, and deciding whether it was malicious, is yours; we give you the evidence.

Common questions

What is a prompt-injection / hidden-text scan?

It is a weekly scan of your own public pages, rendered in a real browser, that extracts every piece of text a human cannot see — content hidden via offscreen positioning, zero opacity, visibility:hidden, display:none, aria-hidden, zero font size, transparent color, or clipped boxes — and classifies whether that hidden text looks like instructions aimed at AI agents reading your page.

Why would hidden text be on my site without me knowing?

Common vectors are a compromised third-party script or dependency, a malicious ad or embed, a rogue CMS plugin or theme, or anyone with content access acting badly. Because the text is styled out of human sight, it survives visual review indefinitely — the page looks perfectly normal to you and your team.

Does hidden text automatically mean an attack?

No, and we do not pretend it does. Lots of hidden text is legitimate — accessibility skip-links, screen-reader-only labels, collapsed navigation. The scorer is deterministic and conservative: findings are reported with their objective hiding reason, and an alert only fires when a page transitions into the injection-likely verdict, not for every hidden node.

What does the AI second opinion do?

When the deterministic scan flags findings, an optional AI pass labels each one injection, benign, or uncertain with a short reason — useful triage context. It is informational only: it never changes the alert decision, and its output is treated as untrusted, exactly as you would expect from a tool whose subject matter is prompt injection.

Do you block or remove the hidden text?

No. We detect and report — the exact text, the technique hiding it, and a CSS path to locate it in your markup. Removal happens on your side, in your CMS, your templates, or the third-party integration that planted it. We never modify your site and we never assert intent, only verifiable facts.

Which pages do you scan, and which plans include it?

We scan the public page of the monitored asset you enable it on, on a weekly cadence. It is available on Team plans and up — see the pricing page for the full comparison. We only ever scan your own monitored assets, never third-party sites.

You review your pages. Agents read your DOM.

Turn on the AI content-safety scan and find out what the machines are being told on your site. Start the full-workspace trial — 14 days, no card.