Improbable Bigrams Expose Vulnerabilities of Incomplete Tokens in Byte-Level Tokenizers