Supply-chain attack hides code in invisible Unicode characters

Attackers are hiding executable code inside invisible Unicode characters in the Public Use Areas, code points reserved for private symbols like emojis and flags. When fed to a computer the characters map to letters, but they render as blank space to humans, so code reviewers and static analysis tools see only whitespace while a JavaScript interpreter executes the hidden instructions.

The characters were devised decades ago and largely forgotten until 2024, when hackers began using them to conceal malicious prompts for AI engines. LLMs could read the hidden text even when humans and text scanners could not. Platforms added guardrails to restrict the characters, but those defenses are periodically bypassed, and the technique has since appeared in more traditional malware.

In one package Aikido analyzed, the attackers encoded a malicious payload with invisible characters.

supply-chain attack, invisible unicode, code points, public use, emojis, javascript interpreter, static analysis, llms, guardrails, aikido