Invisible text that AI chatbots understand and humans can’t? Yep, it’s a thing.

A security flaw in Unicode allows hidden characters to serve as a covert channel in AI chatbots. Researchers found some language models can process invisible Unicode "tag" characters, enabling secret data exfiltration and malicious instruction injection. This "ASCII smuggling" was demonstrated against Microsoft's Copilot. While some companies have added mitigations, the issue underscores security challenges as AI evolves. Experts warn this may be one of many ways AI could be exploited using imperceptible data.