Go to ICLR 2026 Conference homepageLLMs Can Hide Text in Other Text of the Same Length
Keywords: Large Language Models (LLMs), Generative Steganography, AI Safety, Authorial Intent, Trust in AI, Deniability, Censorship Resistance
TL;DR: We show how LLMs can hide an entire text (e.g., a political critique) inside a completely different, plausible text (e.g., praise) of the exact same length, creating a massive new threat for AI safety and digital trust.
Abstract: A meaningful text can be hidden inside another, completely different yet still coherent and plausible, text of the same length. For example, a tweet containing a harsh political critique could be embedded in a tweet that celebrates the same political leader, or an ordinary product review could conceal a secret manuscript. This uncanny state of affairs is now possible thanks to Large Language Models, and in this paper we present a simple and efficient protocol to achieve it. We show that even modest 8‑billion‑parameter open‑source LLMs are sufficient to obtain high‑quality results, and a message as long as this abstract can be encoded and decoded locally on a laptop in seconds. The existence of such a protocol demonstrates a radical decoupling of text from authorial intent, further eroding trust in written communication, already shaken by the rise of LLM chatbots. We illustrate this with a concrete scenario: a company could covertly deploy an unfiltered LLM by encoding its answers within the compliant responses of a safe model. This possibility raises urgent questions for AI safety and challenges our understanding of what it means for a Large Language Model to know something.
Supplementary Material: zip
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 20472
Loading