Cyrillic look-alike characters can silently bypass AI prompt safety filters
A technique called homoglyph evasion allows attackers to bypass AI content filters by substituting standard Latin characters with visually identical Cyrillic or Greek Unicode equivalents. Because keyword and regex filters match raw bytes, a jailbreak phrase written with look-alike characters passes through undetected even though it appears identical to a human reader. Security researchers recommend normalizing input text into a canonical ASCII form before running detection rules, without altering the original text sent to the model. This normalization process involves stripping zero-width characters, applying NFKC Unicode normalization, and mapping known homoglyphs to their Latin counterparts. An open-source, OpenAI-compatible security gateway implementing this approach alongside roughly 170 other detection rules has been released to help developers address the vulnerability.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in