Researchers have uncovered that Large Language Models (LLMs) can generate and manipulate ANSI escape codes, potentially creating new security vulnerabilities in terminal-based applications.
ANSI escape sequences are a standardized set of control characters used by terminal emulators to manipulate the appearance and behavior of text displays.
They enable features such as text color changes, cursor movement, blinking text, and more. Terminal emulators interpret these sequences to provide dynamic functionality, but they’ve also historically been a source of vulnerabilities.
This discovery, initially reported by Leon Derczynski and further investigated by security researchers, raises important concerns about the security of LLM-integrated command-line tools.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
ANSI escape codes, which are special character sequences used to control terminal behavior, can be exploited by LLMs in several concerning ways:
To test these vulnerabilities, a researcher created a Python-based app, dillma.py, that integrates with LLMs.
In one demonstration, a malicious file was fed into the app, which then used ANSI codes to produce flashing, colored text and auditory beeps in the terminal.
Another test showcased how LLM-generated output could add clickable links that potentially leak user data, particularly in environments like Visual Studio Code’s terminal, which supports hyperlink rendering.
Security experts have demonstrated that these vulnerabilities can be exploited through two primary methods: direct prompting of LLMs to generate control characters, and utilizing code interpreter tools.
The implications are particularly serious for LLM-powered CLI applications that don’t properly sanitize their output.
“It’s important for developers and application designers to consider the context in which they insert LLM output, as the output is untrusted and could contain arbitrary data,” notes the research.
This discovery follows previous findings about Unicode Tags enabling hidden communication in web applications, suggesting a pattern of legacy features creating unexpected attack surfaces in AI applications.
To address these security concerns, researchers recommend implementing several protective measures:
This discovery serves as a reminder that as AI technology continues to evolve, security practitioners must remain vigilant about potential vulnerabilities, especially when integrating LLMs with existing systems and protocols.
The research community expects more hidden vulnerabilities to be discovered as investigation into LLM security continues, highlighting the ongoing need for robust security measures in AI-powered applications.
Investigate Real-World Malicious Links,Malware & Phishing Attacks With ANY.RUN - Tree for Free
As cyber threats continue to evolve, Security Operations Centers (SOCs) require robust tools to detect,…
Cybersecurity agencies worldwide have issued a joint advisory warning against the growing threat posed by…
Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking its…
A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server. Due to improper…
A newly identified Android spyware app is elevating its tactics to remain hidden and unremovable…
Malicious PDF files have emerged as a dominant threat vector in email-based cyberattacks, accounting for…