Security · 1h ago
Homoglyph attacks bypass LLM keyword filters
Attackers use Cyrillic look-alike characters to evade substring-based prompt filters in LLMs. The second prompt in a pair appears identical but uses non-ASCII code points, bypassing naive detection. Normalizing input before matching can block such jailbreaks without altering the original bytes.
Meridian48 take
The article correctly identifies a cheap evasion technique, but the fix—normalization—is well-known; the real challenge is deploying it at scale without breaking legitimate inputs.
llm-securityprompt-injection