my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #unicode

Your AI Coding Tools Have an Invisible Attack Surface. One Model Falls for It Every Time.

John Z Black Apr 7, 2026

AI Security #mcp #unicode #gpt-5 #claude #supply-chain #ai-security #prompt-injection

Researchers find 63 MCP servers with hidden Unicode characters in tool descriptions, and GPT-5.4 follows the invisible instructions with 100% compliance.

Read More

GlassWorm Is Hiding Malware in Invisible Code and Pushing It Into Your Python Repos

John Z Black Mar 17, 2026

Supply Chain & Software Security #supply-chain #glassworm #github #python #malware #unicode #developer-security

GlassWorm steals GitHub tokens, then injects malicious code written in invisible Unicode characters into repos developers already trust. 151 packages hit in one week.

Read More