Detect invisible characters in LLM input and output

[jhrozek]

Similarly to the Minder rule type that detects invisible characters, the purpose of this feature would be to detect invisible unicode characters. In the context of LLMs, these can be used as a venue for prompt injection attacks.

Invisible characters can also be present in the code that the LLM generates, poisoning the generated application.

We should add a pipeline step that detects and blocks these.

[lukehinds]

This one will need a bit more mulling, can there be legitimate uses of invisible characters which might result in false positives as I figure as this is a blocking operating , and can't be quite as loose as secret blocking (which has no impact on the user, if it makes a false positive reaction).,

[jhrozek]

no use-case so far, moving back to backlog