LLMs Are Injective and Invertible
Source: https://x.com (tweet) Author: unknown (research team) Date: 2025-2026
Summary
Paper showing different prompts always map to different embeddings (injective), and input tokens can be recovered from individual embeddings in latent space. Security and privacy implications: embeddings are not anonymous.
Key Claims
- LLMs are injective: different prompts → different embeddings (mathematically proven)
- Invertible: input tokens can be recovered from individual embeddings
- Method: use embedding properties to recover input from latent space
- Security implications: embedding APIs are not anonymizing
- Privacy risk: if you share embeddings, you may share token-level content
Concepts
- Mechanistic Interpretability — latent space structure and invertibility
- AI Alignment — security implications of embedding APIs