Original Reddit post

Message scanning is quietly becoming the default. Instagram removed its (opt-in) end-to-end encryption from DMs back in May, and the EU just let its voluntary CSAM-scanning rules survive into 2028, with a mandatory client-side-scanning version still being negotiated. The direction of travel is clear: more of what you send gets read by something before it reaches the person you sent it to. So I’ve been playing with LLM steganography , and built a small POC. At each generation step, a language model assigns scores or probabilities to possible next tokens. Instead of sampling normally, an arithmetic coder can use encrypted payload bits to choose among those candidates. A receiver with the same model, tokenizer, configuration, shared secret, and conversation state can reproduce the token distributions and recover the encrypted payload. The goal is to produce text resembling ordinary model-generated prose, with a tradeoff between payload capacity and text quality. This proof of concept has not been shown to be statistically undetectable, and its output must be copied exactly. editing, autocorrection, translation, or paraphrasing can make decoding fail. Conversation Stenography is an open-source local CLI implementing this experiment. It compresses and authenticates messages with AES-SIV, embeds the encrypted data through arithmetic-coded token choices, and reconstructs it using the matching local model and shared phrase. submitted by /u/Nethical69

Originally posted by u/Nethical69 on r/ArtificialInteligence