LLMs Are Injective and Invertible

Source: https://x.com (tweet) Author: unknown (research team) Date: 2025-2026

Summary

Paper showing different prompts always map to different embeddings (injective), and input tokens can be recovered from individual embeddings in latent space. Security and privacy implications: embeddings are not anonymous.

Key Claims

  • LLMs are injective: different prompts → different embeddings (mathematically proven)
  • Invertible: input tokens can be recovered from individual embeddings
  • Method: use embedding properties to recover input from latent space
  • Security implications: embedding APIs are not anonymizing
  • Privacy risk: if you share embeddings, you may share token-level content

Concepts