OCR Bypass Techniques

Text-based safety classifiers operate on tokenized text input. OCR bypass renders harmful text as visual elements (handwriting, distorted fonts, rotated text, ASCII art, emoji substitution) that the vision encoder can read but text-channel classifiers cannot detect. The gap: the safety classifier's text pipeline and the vision encoder's text extraction pipeline are separate systems with different capabilities.

• Vision-extracted text safety evaluation: Critical defense — apply full safety classification to ANY text extracted from images
• OCR pipeline safety integration: Route vision-extracted text through the same safety classifier as text-channel input
• Visual text detection: Detect the presence of text in images and flag it for elevated scrutiny

OCR bypass chains from T2 (Semantic Evasion) as a visual-domain encoding technique. Chains into T9-AT-001 (Image-Based Injection) when OCR-bypass text is embedded in larger images with additional injection payloads.