Show HN: Vibe Check – Client-side invisible Unicode steganography scanner (websationflow.com)

A new tool, Vibe Check, has been introduced to detect and mitigate the risks associated with invisible Unicode steganography in code. This client-side scanner identifies zero-width characters, bidirectional overrides, and tag characters that can be exploited to embed malicious executable payloads, akin to tactics seen in the Glassworm and KOI attacks from 2026. By flagging sequences of three or more invisible characters—the trademark pattern of steganographic code—it helps developers uncover hidden injections that could silently execute harmful code during runtime. The significance of Vibe Check lies in its advanced functionality, powered by deep AI analysis utilizing GPUs, enabling thorough security audits and code quality checks. With a comprehensive database identifying 401 invisible code points used in such attacks, it serves as a crucial tool for enhancing security in software development, especially considering that 92% of AI-generated codebases contain critical vulnerabilities. As supply chain attacks become increasingly sophisticated, Vibe Check not only addresses immediate threats but also ensures that even non-malicious stray invisible characters are cleaned from sensitive code, fortifying defenses against potential breaches across platforms like GitHub and npm packages.