Skip to content

LLM05: add control character sanitization to output handling guidance#10

Open
ottosulin wants to merge 1 commit intoGenAI-Security-Project:mainfrom
ottosulin:upgrade/llm05controlcharacters
Open

LLM05: add control character sanitization to output handling guidance#10
ottosulin wants to merge 1 commit intoGenAI-Security-Project:mainfrom
ottosulin:upgrade/llm05controlcharacters

Conversation

@ottosulin
Copy link
Copy Markdown

@ottosulin ottosulin commented Apr 26, 2026

Adds prevention coverage for ANSI escape sequence and control character injection into terminal, log, and IDE sinks. Documented threat in Terminal DiLLMa and also as an RCE in OpenAI's Codex CLI.

Adds:

  • The impact condition (sinks that interpret control characters in model output)
  • One common example the vulnerability (ANSI / OSC 52 in terminal, log viewer, IDE pane)
  • Prevention strategy (sanitize ANSI / BEL / OSC / backspace / CR before terminal, log, or IDE sinks; encode visibly when preserved)
  • One reference (Terminal DiLLMa, Embrace The Red)

This was referenced Apr 29, 2026
Open
Merged
@mdilyasahmed mdilyasahmed mentioned this pull request Apr 29, 2026
Open
@RicoKomenda
Copy link
Copy Markdown
Collaborator

RicoKomenda commented Apr 29, 2026

Looks good from us, reviewed in slack channel from @GTKlondike and myself

rocklambros pushed a commit that referenced this pull request May 2, 2026
@azizrebhi @rocklambros
Sprint 1: Expand LLM08 embedding inversion section with 2025 research
dce67dc 
- Added ALGEN (ACL 2025) and ZSInvert (arXiv:2504.00147) findings
- Updated recovery rate statistics (50-92% word recovery)
- Added GDPR/HIPAA compliance framing
- Added encryption and rate limiting mitigations (ref #9, #10)

Signed-off-by: azizrebhi <154744962+azizrebhi@users.noreply.github.com>
@rocklambros rocklambros mentioned this pull request May 2, 2026
Open
@rocklambros
Copy link
Copy Markdown
Collaborator

rocklambros commented May 2, 2026

@ottosulin — thanks for the contribution.

@RicoKomenda @GTKlondike — LLM05 entry leads, please review.

@rocklambros (project owner) would like entry leads to review this content before it merges. Once your review is complete, please tag @rocklambros and let him know it's ready for merge.

@RicoKomenda
Copy link
Copy Markdown
Collaborator

RicoKomenda commented May 3, 2026

@ottosulin I think you need to resolve the conflicts. After that, we can merge this PR. :)

@ottosulin ottosulin force-pushed the upgrade/llm05controlcharacters branch from b2cf442 to 0ea1406 Compare May 3, 2026 13:13
@ottosulin
Copy link
Copy Markdown
Author

ottosulin commented May 3, 2026

@RicoKomenda fixed!

Sahil-Mehta881 added a commit that referenced this pull request May 5, 2026
@Sahil-Mehta881
Updates from 2025 to 2026 based on research and community input
87c780a 
Updates to #10 from 2025 to 2026, includes but is not limited to:
- LLM overconsumption threats due to tool usage
- Risks of overconsumption of multi modal models
- New types of mitigation techniques

Signed-off-by: Sahil Mehta <mehtasahil881@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rossja rossja Awaiting requested review from rossja

@rocklambros rocklambros Awaiting requested review from rocklambros

@virtualsteve-star virtualsteve-star Awaiting requested review from virtualsteve-star

@GTKlondike GTKlondike Awaiting requested review from GTKlondike GTKlondike is a code owner

@RicoKomenda RicoKomenda Awaiting requested review from RicoKomenda RicoKomenda is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ottosulin @RicoKomenda @rocklambros