Go to NeurIPS 2025 Workshop MechInterp homepageDemystifying Cipher-Following in Large Language Models via Activation Analysis
Keywords: Steering, AI Safety, Probing
TL;DR: LLMs’ ability to output in ciphers poses a safety risk, and mechanistic analysis reveals overlaps between cipher encoding and natural language translation.
Abstract: Cipher transformations have been studied historically in cryptography, but little work has explored how large language models (LLMs) represent and process them. We evaluate the ability of three models: Llama 3.1, Gemma 2, and Qwen 3 on performing translation and dictionary tasks across ten cipher systems from a variety of families, and compare it against a commercially available model, GPT-5.
Beyond task performance, we analyze embedding spaces of Llama variants to explore whether ciphers are internalized similarly to languages. Our findings suggest that cipher embeddings cluster together and, in some cases, overlap with lower-resource or less frequently represented languages. Steering-vector experiments further reveal that adjusting cipher-related directions in latent space can shift outputs toward these languages, suggesting shared representational structures. This study provides an initial framework for understanding how LLMs encode ciphers, bridging interpretability, and security. By framing ciphers in a similar way to languages, we highlight new directions for model analysis and for designing defenses against cipher-based jailbreaking attacks.
Submission Number: 195
Loading