probe: zero width bad char injection

README.md

@@ -220,6 +220,7 @@ For testing. This generator repeats back the prompt it received.
 |----------------------|-------------------------------------------------------------------------------------------------------------------------------|
 | blank                | A simple probe that always sends an empty prompt.                                                                             |
 | atkgen               | Automated Attack Generation. A red-teaming LLM probes the target and reacts to it in an attempt to get toxic output. Prototype, mostly stateless, for now uses a simple GPT-2 [fine-tuned](https://huggingface.co/garak-llm/artgpt2tox) on the subset of hhrlhf attempts that yielded detectable toxicity (the only target currently supported for now). |
+| badchars             | Implements imperceptible Unicode perturbations (invisible characters, homoglyphs, reorderings, deletions) inspired by the [Bad Characters](https://arxiv.org/abs/2106.09898) paper. |
 | av_spam_scanning     | Probes that attempt to make the model output malicious content signatures                                                     |
 | continuation         | Probes that test if the model will continue a probably undesirable word                                                       |
 | dan                  | Various [DAN](https://adguard.com/en/blog/chatgpt-dan-prompt-abuse.html) and DAN-like attacks                                 |

docs/source/garak.probes.badchars.rst

@@ -0,0 +1,9 @@
+garak.probes.badchars
+=====================
+
+.. automodule:: garak.probes.badchars
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+   .. show-asr::

docs/source/probes.rst

@@ -46,4 +46,5 @@ For a detailed oversight into how a probe operates, see :doc:`garak.probes.base`
    garak.probes.topic
    garak.probes.visual_jailbreak
    garak.probes.web_injection
+   garak.probes.badchars
    garak.probes._tier

garak/data/badchars/intentional.txt

@@ -0,0 +1,164 @@
+# intentional.txt
+# Date: 2025-07-22, 05:49:36 GMT
+# © 2025 Unicode®, Inc.
+# Unicode and the Unicode Logo are registered trademarks of Unicode, Inc. in the U.S. and other countries.
+# For terms of use and license, see https://www.unicode.org/terms_of_use.html
+#
+# Unicode Security Mechanisms for UTS #39
+# Version: 17.0.0
+#
+# For documentation and usage, see https://www.unicode.org/reports/tr39
+#
+0021 ;	01C3	#* ( ! ~ ǃ ) EXCLAMATION MARK ~ LATIN LETTER RETROFLEX CLICK
+
+0041 ;	0391	# ( A ~ Α ) LATIN CAPITAL LETTER A ~ GREEK CAPITAL LETTER ALPHA
+
+0042 ;	0392	# ( B ~ Β ) LATIN CAPITAL LETTER B ~ GREEK CAPITAL LETTER BETA
+
+0043 ;	0421	# ( C ~ С ) LATIN CAPITAL LETTER C ~ CYRILLIC CAPITAL LETTER ES
+
+0045 ;	0395	# ( E ~ Ε ) LATIN CAPITAL LETTER E ~ GREEK CAPITAL LETTER EPSILON
+
+0048 ;	0397	# ( H ~ Η ) LATIN CAPITAL LETTER H ~ GREEK CAPITAL LETTER ETA
+
+0049 ;	0399	# ( I ~ Ι ) LATIN CAPITAL LETTER I ~ GREEK CAPITAL LETTER IOTA
+
+004A ;	0408	# ( J ~ Ј ) LATIN CAPITAL LETTER J ~ CYRILLIC CAPITAL LETTER JE
+
+004B ;	039A	# ( K ~ Κ ) LATIN CAPITAL LETTER K ~ GREEK CAPITAL LETTER KAPPA
+
+004D ;	039C	# ( M ~ Μ ) LATIN CAPITAL LETTER M ~ GREEK CAPITAL LETTER MU
+
+004E ;	039D	# ( N ~ Ν ) LATIN CAPITAL LETTER N ~ GREEK CAPITAL LETTER NU
+
+004F ;	039F	# ( O ~ Ο ) LATIN CAPITAL LETTER O ~ GREEK CAPITAL LETTER OMICRON
+
+0050 ;	03A1	# ( P ~ Ρ ) LATIN CAPITAL LETTER P ~ GREEK CAPITAL LETTER RHO
+
+0053 ;	0405	# ( S ~ Ѕ ) LATIN CAPITAL LETTER S ~ CYRILLIC CAPITAL LETTER DZE
+
+0054 ;	03A4	# ( T ~ Τ ) LATIN CAPITAL LETTER T ~ GREEK CAPITAL LETTER TAU
+
+0058 ;	03A7	# ( X ~ Χ ) LATIN CAPITAL LETTER X ~ GREEK CAPITAL LETTER CHI
+
+0059 ;	03A5	# ( Y ~ Υ ) LATIN CAPITAL LETTER Y ~ GREEK CAPITAL LETTER UPSILON
+
+005A ;	0396	# ( Z ~ Ζ ) LATIN CAPITAL LETTER Z ~ GREEK CAPITAL LETTER ZETA
+
+0061 ;	0430	# ( a ~ а ) LATIN SMALL LETTER A ~ CYRILLIC SMALL LETTER A
+
+0063 ;	0441	# ( c ~ с ) LATIN SMALL LETTER C ~ CYRILLIC SMALL LETTER ES
+
+0064 ;	0501	# ( d ~ ԁ ) LATIN SMALL LETTER D ~ CYRILLIC SMALL LETTER KOMI DE
+
+0065 ;	0435	# ( e ~ е ) LATIN SMALL LETTER E ~ CYRILLIC SMALL LETTER IE
+
+0068 ;	04BB	# ( h ~ һ ) LATIN SMALL LETTER H ~ CYRILLIC SMALL LETTER SHHA
+
+0069 ;	0456	# ( i ~ і ) LATIN SMALL LETTER I ~ CYRILLIC SMALL LETTER BYELORUSSIAN-UKRAINIAN I
+
+006A ;	03F3	# ( j ~ ϳ ) LATIN SMALL LETTER J ~ GREEK LETTER YOT
+
+006F ;	03BF	# ( o ~ ο ) LATIN SMALL LETTER O ~ GREEK SMALL LETTER OMICRON
+
+0070 ;	0440	# ( p ~ р ) LATIN SMALL LETTER P ~ CYRILLIC SMALL LETTER ER
+
+0073 ;	0455	# ( s ~ ѕ ) LATIN SMALL LETTER S ~ CYRILLIC SMALL LETTER DZE
+
+0078 ;	0445	# ( x ~ х ) LATIN SMALL LETTER X ~ CYRILLIC SMALL LETTER HA
+
+0079 ;	0443	# ( y ~ у ) LATIN SMALL LETTER Y ~ CYRILLIC SMALL LETTER U
+
+00C6 ;	04D4	# ( Æ ~ Ӕ ) LATIN CAPITAL LETTER AE ~ CYRILLIC CAPITAL LIGATURE A IE
+
+00D0 ;	0110	# ( Ð ~ Đ ) LATIN CAPITAL LETTER ETH ~ LATIN CAPITAL LETTER D WITH STROKE
+
+00E6 ;	04D5	# ( æ ~ ӕ ) LATIN SMALL LETTER AE ~ CYRILLIC SMALL LIGATURE A IE
+
+0138 ;	043A	# ( ĸ ~ к ) LATIN SMALL LETTER KRA ~ CYRILLIC SMALL LETTER KA
+
+0182 ;	0411	# ( Ƃ ~ Б ) LATIN CAPITAL LETTER B WITH TOPBAR ~ CYRILLIC CAPITAL LETTER BE
+
+018F ;	04D8	# ( Ə ~ Ә ) LATIN CAPITAL LETTER SCHWA ~ CYRILLIC CAPITAL LETTER SCHWA
+
+019F ;	04E8	# ( Ɵ ~ Ө ) LATIN CAPITAL LETTER O WITH MIDDLE TILDE ~ CYRILLIC CAPITAL LETTER BARRED O
+
+01A9 ;	03A3	# ( Ʃ ~ Σ ) LATIN CAPITAL LETTER ESH ~ GREEK CAPITAL LETTER SIGMA
+
+01DD ;	0259	# ( ǝ ~ ə ) LATIN SMALL LETTER TURNED E ~ LATIN SMALL LETTER SCHWA
+
+0245 ;	039B	# ( Ʌ ~ Λ ) LATIN CAPITAL LETTER TURNED V ~ GREEK CAPITAL LETTER LAMDA
+
+0259 ;	04D9	# ( ə ~ ә ) LATIN SMALL LETTER SCHWA ~ CYRILLIC SMALL LETTER SCHWA
+
+025B ;	03B5	# ( ɛ ~ ε ) LATIN SMALL LETTER OPEN E ~ GREEK SMALL LETTER EPSILON
+
+0269 ;	03B9	# ( ɩ ~ ι ) LATIN SMALL LETTER IOTA ~ GREEK SMALL LETTER IOTA
+
+0275 ;	04E9	# ( ɵ ~ ө ) LATIN SMALL LETTER BARRED O ~ CYRILLIC SMALL LETTER BARRED O
+
+0292 ;	04E1	# ( ʒ ~ ӡ ) LATIN SMALL LETTER EZH ~ CYRILLIC SMALL LETTER ABKHASIAN DZE
+
+0299 ;	0432	# ( ʙ ~ в ) LATIN LETTER SMALL CAPITAL B ~ CYRILLIC SMALL LETTER VE
+
+029C ;	043D	# ( ʜ ~ н ) LATIN LETTER SMALL CAPITAL H ~ CYRILLIC SMALL LETTER EN
+
+0393 ;	0413	# ( Γ ~ Г ) GREEK CAPITAL LETTER GAMMA ~ CYRILLIC CAPITAL LETTER GHE
+
+03A0 ;	041F	# ( Π ~ П ) GREEK CAPITAL LETTER PI ~ CYRILLIC CAPITAL LETTER PE
+
+03B1 ;	237A	# ( α ~ ⍺ ) GREEK SMALL LETTER ALPHA ~ APL FUNCTIONAL SYMBOL ALPHA
+
+03B9 ;	2373	# ( ι ~ ⍳ ) GREEK SMALL LETTER IOTA ~ APL FUNCTIONAL SYMBOL IOTA
+
+03C1 ;	2374	# ( ρ ~ ⍴ ) GREEK SMALL LETTER RHO ~ APL FUNCTIONAL SYMBOL RHO
+
+03C9 ;	2375	# ( ω ~ ⍵ ) GREEK SMALL LETTER OMEGA ~ APL FUNCTIONAL SYMBOL OMEGA
+
+0433 ;	1D26	# ( г ~ ᴦ ) CYRILLIC SMALL LETTER GHE ~ GREEK LETTER SMALL CAPITAL GAMMA
+
+043B ;	1D2B	# ( л ~ ᴫ ) CYRILLIC SMALL LETTER EL ~ CYRILLIC LETTER SMALL CAPITAL EL
+
+043F ;	1D28	# ( п ~ ᴨ ) CYRILLIC SMALL LETTER PE ~ GREEK LETTER SMALL CAPITAL PI
+
+101D ;	1040	# ( ဝ ~ ၀ ) MYANMAR LETTER WA ~ MYANMAR DIGIT ZERO
+
+17A2 ;	17A3	# ( អ ~ ឣ ) KHMER LETTER QA ~ KHMER INDEPENDENT VOWEL QAQ
+
+1835 ;	1855	# ( ᠵ ~ ᡕ ) MONGOLIAN LETTER JA ~ MONGOLIAN LETTER TODO YA
+
+199E ;	19D0	# ( ᦞ ~ ᧐ ) NEW TAI LUE LETTER LOW VA ~ NEW TAI LUE DIGIT ZERO
+
+19B1 ;	19D1	# ( ᦱ ~ ᧑ ) NEW TAI LUE VOWEL SIGN AA ~ NEW TAI LUE DIGIT ONE
+
+1A45 ;	1A80	# ( ᩅ ~ ᪀ ) TAI THAM LETTER WA ~ TAI THAM HORA DIGIT ZERO
+1A45 ;	1A90	# ( ᩅ ~ ᪐ ) TAI THAM LETTER WA ~ TAI THAM THAM DIGIT ZERO
+
+1B0D ;	1B52	# ( ᬍ ~ ᭒ ) BALINESE LETTER LA LENGA ~ BALINESE DIGIT TWO
+
+1B11 ;	1B53	# ( ᬑ ~ ᭓ ) BALINESE LETTER OKARA ~ BALINESE DIGIT THREE
+
+1B28 ;	1B58	# ( ᬨ ~ ᭘ ) BALINESE LETTER PA KAPAL ~ BALINESE DIGIT EIGHT
+
+1B50 ;	1B5C	# ( ᭐ ~ ᭜ ) BALINESE DIGIT ZERO ~ BALINESE WINDU
+
+1D0D ;	043C	# ( ᴍ ~ м ) LATIN LETTER SMALL CAPITAL M ~ CYRILLIC SMALL LETTER EM
+
+1D18 ;	1D29	# ( ᴘ ~ ᴩ ) LATIN LETTER SMALL CAPITAL P ~ GREEK LETTER SMALL CAPITAL RHO
+
+1D1B ;	0442	# ( ᴛ ~ т ) LATIN LETTER SMALL CAPITAL T ~ CYRILLIC SMALL LETTER TE
+
+2C67 ;	04A2	# ( Ⱨ ~ Ң ) LATIN CAPITAL LETTER H WITH DESCENDER ~ CYRILLIC CAPITAL LETTER EN WITH DESCENDER
+
+2C69 ;	049A	# ( Ⱪ ~ Қ ) LATIN CAPITAL LETTER K WITH DESCENDER ~ CYRILLIC CAPITAL LETTER KA WITH DESCENDER
+
+A9D0 ;	A9C6	# ( ꧐ ~ ꧆ ) JAVANESE DIGIT ZERO ~ JAVANESE PADA WINDU
+
+10382 ;	103D1	# ( 𐎂 ~ 𐏑 ) UGARITIC LETTER GAMLA ~ OLD PERSIAN NUMBER ONE
+
+10393 ;	103D3	# ( 𐎓 ~ 𐏓 ) UGARITIC LETTER AIN ~ OLD PERSIAN NUMBER TEN
+
+1039A ;	12038	# ( 𐎚 ~ 𒀸 ) UGARITIC LETTER TO ~ CUNEIFORM SIGN ASH
+
+10486 ;	104A0	# ( 𐒆 ~ 𐒠 ) OSMANYA LETTER DEEL ~ OSMANYA DIGIT ZERO
+