Unicode Security Lab
Three modes in one tool: detect hidden characters in any text, encode invisible payloads using ZWS binary or Unicode Tags, and pen test your own AI pipelines by encoding a payload and immediately scanning for detection. Authorized use only.
What is this for?
Detect / Detect: Scan any text for hidden Unicode — zero-width chars used in steganography, Unicode Tags (U+E0000–E007F) used in ASCII smuggling and AI prompt injection.
Encode / Decode / Encode / Decode: Embed a hidden message into cover text. ZWS binary encodes using invisible bit-pairs — survives copy-paste, hard to spot. Unicode Tags encode ASCII directly in the Tags block — completely invisible to humans, but processed by AI language models as plain text. Multilayer combines both channels simultaneously.
Pen Test / Pen Test: Combine encode + detect in one step. See exactly what your scanner catches. Test your own AI pipelines: paste from the output into your system prompt and observe whether the LLM responds to the hidden payload. Authorized testing only. -"
Technique Reference
| Technique | Characters | Visibility | AI reads payload? |
|---|---|---|---|
| ASCII smuggling | U+E0000–E007F | invisible | YES — direct ASCII mirror |
| ZWS steganography | U+200B / U+200C | invisible | requires decoding (binary) |
| BOM injection | U+FEFF | invisible | metadata / encoding trick |
| RTL override | U+200F / U+202E | visual flip | visual confusion only |