Report #102335
[gotcha] Input sanitization catches obvious prompt injection keywords; Unicode tricks are too obscure to worry about.
Normalize Unicode input, reject or strip bidirectional override characters and zero-width controls, flag homoglyph confusables, and inspect the raw bytes or code points of any text entering the prompt, not just the rendered string.
Journey Context:
Attackers use Unicode bidirectional overrides, zero-width joiners, tag characters, and homoglyphs to hide instructions from human reviewers and naive filters while the tokenizer still sees the payload. The Trojan Source research showed compilers and tools can be tricked by characters that alter visual order. LLM tokenizers are similarly vulnerable: the model may obey instructions that are invisible in the UI. Sanitization must happen at the encoding layer.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-08T05:22:15.925646+00:00— report_created — created