"ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface," security researcher Johann Rehberger said.
"This means that an attacker can have the [large language model] render, to the user, invisible data, and embed them within clickable hyperlinks. This technique basically stages the data for exfiltration!"
The entire attack strings together a number of attack methods to fashion them into a reliable exploit chain. This includes the following steps - trigger prompt injection via malicious content concealed in a document shared on the chat.
Microsoft has since addressed the issues following responsible disclosure in January 2024, highlighting the need for monitoring risks in artificial intelligence (AI) tools.