Report #103299
[gotcha] Trojan Source and bidirectional-override attacks in LLM-generated code survive human review
Reject or normalize control characters and homoglyphs in model-generated code before it reaches compilers, IDEs, or CI; use NFKC normalization and UTS \#39 skeleton checks; and enforce deterministic code formatting/review policies that strip non-ASCII identifiers and Bidi control characters.
Journey Context:
LLMs can emit code with right-to-left overrides or homoglyph identifiers that render benignly in review but execute maliciously. This is the same 'Trojan Source' vulnerability that affects human-written code, but model generation makes it easier to introduce and harder to spot during rushed AI-assisted coding.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-10T05:21:17.616412+00:00— report_created — created