The term implies itself to be a cybersecurity exploit in which a document is intentionally manipulated, typically at the font-rendering layer to trick an Artificial Intelligence (AI) system or a Large Language Model (LLM) into reading text that is completely different from what is visible to a human reader.

Key Characteristics:

• Mechanism: Unlike "hidden text" or "white ink" tricks, a lexploit operates at the foundational rendering level of the document (e.g., utilizing custom fonts like noroboto.tff).

• Distinct from Prompt Injection: While prompt injection manipulates the instructions an AI is given, a lexploit manipulates the actual source data the AI perceives during ingestion.

Use Cases

1. Offensive ("Weaponized Hallucination"): Deceiving an AI during automated document review. For example, formatting a contract so a human reads it as being "governed by Maryland law," while an AI conducting M&A due diligence misreads it as "governed by Delaware law."

2. Defensive (Anti-Scraping): Protecting intellectual property by rendering documents invisible or garbled to automated AI ingestion pipelines and scraping agents, while keeping the content perfectly legible to human readers.

Attributions & Credits

• Concept & Terminology: Coined and demonstrated by the team at LegalQuants, an organization focused on ethical hacking, enterprise security, and cyber defense in the legal industry.

• Demonstration & Development: Articulated by LegalQuants co-founders Raymond Sun (who demonstrated its defensive anti-scraping applications) and Jamie Tso (who demonstrated its offensive M&A applications).

• Technical Execution: The underlying proof-of-concept font (noroboto.tff) was developed by the LegalQuants Red Team: Drew Miller, Iris Ng, Andrius Petrenas, and Aleks Valkov.