ASCII Smuggling
Type: technique
Description: ASCII Smuggling is a technique that embeds hidden instructions or data within seemingly benign text by leveraging invisible or non-rendering Unicode characters. These instructions are not visible to humans but are processed and interpreted by large language models (LLMs), enabling stealthy prompt injection or data encoding.
Specific methods include:
Unicode Tags: Replaces regular letters and symbols with special tag versions from the Unicode Tags block. The content looks empty or harmless but can be decoded back into readable text.
Variation Selectors: Converts data into a sequence of variation selectors — characters usually used to change how other symbols look. These selectors can be used to encode hidden bytes.
Sneaky Bits: Encodes binary data using pairs of special Unicode characters that represent 0s and 1s. This creates a hidden binary message that can be decoded without affecting the visible text.
Version: 0.1.0
Created At: 2025-06-19 08:13:23 -0400
Last Modified At: 2025-06-19 08:13:23 -0400
External References
- Tweeter thread on the discovery of ASCII Smuggling., Embrace the Red
- ASCII Smuggler Tool: Crafting Invisible Text and Decoding Hidden Codes., Embrace the Red
- Sneaky Bits: Advanced Data Smuggling Techniques (ASCII Smuggler Updates)., Embrace the Red
- Tags (Unicode block), Wikipedia
Related Objects
- --> Defense Evasion (tactic): An adversary can avoid raising user suspicion.
- --> Riley Goodside (entity): Demonstrated by
- <-- Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information (procedure): Stage, to the user invisible, data for exfiltration.