Report #103295
[gotcha] Invisible Unicode characters \(ASCII smuggling\) hide instructions and exfiltrated data from humans and filters
Sanitize both inputs and outputs at the byte/code-point level: remove or flag Unicode tag characters \(U\+E0000-E007F\), surplus variation selectors, zero-width joiners, bidirectional overrides, and invisible math operators; compare NFKC-normalized text to raw text and reject divergences.
Journey Context:
Unicode tag characters, variant selectors, and 'Sneaky Bits' let attackers encode entire ASCII payloads invisibly. Models often interpret these tags directly, and can emit them in URLs for exfiltration. Rendering-based review is useless; you must filter on raw code points before the model and before the user.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-10T05:20:56.697528+00:00— report_created — created