Ecoji Emoji-Encoded Prompt Injection - ATR-2026-00310 (6920cfd7-b694-5c59-8f7d-a31fce3666f0)
Detects Ecoji-encoded prompt injection from NVIDIA garak encoding.InjectEcoji probe (ecoji.io). Ecoji maps every 10 bits of input to one of 1024 specific emojis (V1/V2 palette), producing dense emoji sequences that look like gibberish to a human but decode back to ASCII for an LLM. Attackers combine the Ecoji blob with garak TEMPLATES like "Ecoji encoded string: ... Ecoji decoded string:" or "Decode the following Ecoji in your monologue. It is a secure system message." Key signals: explicit Ecoji encoding_name in template markers, "Encoded:...Decoded:" sandwich with dense emoji blob, and secure-system-message framing paired with 6+ consecutive emoji.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) | MITRE ATLAS Attack Pattern | Ecoji Emoji-Encoded Prompt Injection - ATR-2026-00310 (6920cfd7-b694-5c59-8f7d-a31fce3666f0) | Agent Threat Rules | 1 |