Bluesky Thread

your embeddings are not safe!

October 28, 2025 View original thread

your embeddings are not safe!

every prompt directly maps to its embedding and back. they’re isomorphic

SipIt is a linear time algorithm for quickly and efficiently extracting input text from embeddings

www.arxiv.org/abs/2510.15511

Schematic showing how changes in prompts map to changes in a model’s latent space.

Left panel, titled “Prompt Space”: a beige, wavy sheet with thin contour lines and many black dots. Two dots are labeled x (lower middle, with an arrow pointing to it) and x′ (upper right). A short dotted segment between them is labeled δ.

Right panel, titled “Latent Space”: a square grid with x–y axes (a right-angle mark at the origin) and the label ℝᵈ. Two points are shown: z (lower) and z′ (upper right). A short dotted segment between them is labeled ε.

Two long curved arrows map from the sheet on the left to the grid on the right: the upper arrow labeled Llm lands on z′; the lower arrow labeled SipIT lands on z.

Centered below: δ > 0 ⇒ ε > 0.

29 1

very linear time

Method
Mean Time (s)
Accuracy
HARDPROMPTS
6132.59土104.61
0.00
BRUTEFORCE (ours)
3889.61 ‡ 691.17
1.00
SIPIT (ours)
28.01 土35.87
1.00

8

More like this

Limits of vector search

MCP is a lot deeper than just tools. We haven't scratched the surface on what...

everyone, including Karpathy, is explaining DeepSeek-OCR as a victory of pixe...