Report #101799
[gotcha] Invisible Unicode, homoglyphs, or encoding slip malicious content past keyword filters
Canonicalize input before filtering: apply NFKC normalization, strip or reject control/zero-width/tag codepoints such as U\+E0000–U\+E007F and U\+200B, map homoglyphs to ASCII, and run safety classification on the normalized token stream rather than the raw string.
Journey Context:
Regex blocklists operate on characters while the model reads tokens. Attackers use Cyrillic 'а' for Latin 'a', zero-width spaces, Unicode tag characters, or Base64 with 'decode this' instructions. The model interprets the semantic content; the filter misses it. Normalization collapses many variants but not all, so explicit codepoint allowlisting and tokenizer-aware filtering are necessary.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-07T05:28:05.825288+00:00— report_created — created