Hiding evil code in invisible unicode
Hal Murray
halmurray at sonic.net
Sat Apr 19 08:14:13 UTC 2025
We allow/require UTF-8 rather than simple ASCII. I know we need that to
get the character for micro, as in microseconds. Do we need it for
anything else?
------
I saw a note recently about AI being susceptable to hiding evil code in invisible unicode.
New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize
Code Agents
https://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-
cursor-how-hackers-can-weaponize-code-agents
-----
Is there a package we should be using that checks code for invisible unicode?
--
These are my opinions. I hate spam.
More information about the devel
mailing list