This lines up with something I’ve also seen a lot — most failures aren’t clever reconstruction attacks, they’re just leftover text layers or metadata that never got removed.
I took a simpler approach and built a small browser-only audit tool that just answers one question: is this PDF still leaking extractable content at all?
It doesn’t try to unredact or guess text, just flags whether text layers, hidden characters, or metadata are still present so you know whether the redaction actually worked.
I took a simpler approach and built a small browser-only audit tool that just answers one question: is this PDF still leaking extractable content at all?
It doesn’t try to unredact or guess text, just flags whether text layers, hidden characters, or metadata are still present so you know whether the redaction actually worked.
https://audit.reactpdf.app
Curious if you’ve run into cases where PDFs look clean at the layer/metadata level but still leak via other mechanisms.