PromptRiskDBThreat intelligence atlas

Steganography

AI Risk

"Steganography is the practice of hiding coded messages in GenAI model outputs, which may allow malicious actors to communicate covertly.8"

Overview

A source-backed snapshot of this AI risk.

Techniques14Attack methods connected to this risk.
Mitigations13Defenses that may help with related attacks.
Records2Source records unified into this concept.

Risk profile

How the MIT AI Risk Repository categorizes this risk.

Domain2. Privacy & Security; 7. AI System Safety, Failures, & Limitations
Subdomain2.2 > AI system security vulnerabilities and attacks; 7.6 > Multi-agent risks
Entity1 - Human; 2 - AI
Intent1 - Intentional
Timing2 - Post-deployment
CategoryMisuse tactics to compromise GenAI systems (Model integrity); Collusion
SubcategorySteganography

Merged risk records

Source records unified into this canonical risk concept.

2 recordsView all →

MITRISK-Marchal2024-64.04.06 - Steganography

"Steganography is the practice of hiding coded messages in GenAI model outputs, which may allow malicious actors to communicate covertly.8"

Domain2. Privacy & SecuritySubdomain2.2 > AI system security vulnerabilities and attacksSourceGenerative AI Misuse: A Taxonomy of Tactics and Insights from Real-World DataYear2024

MITRISK-Hammond2025-63.03.02 - Steganography

"Steganography. In the near future we will likely see LLMs communicating with each other to jointly accomplish tasks. To try to prevent collusion, we could monitor and constrain their communication (e.g., to be in natural language). However, models might secretly learn to communicate by concealing messages within other, non-secret text. Recent work on steganography using ML has demonstrated that this concern is well-founded (Hu et al., 2018; Mathew et al., 2024; Roger & Greenblatt, 2023; Schroeder de Witt et al., 2023b; Yang et al., 2019, see also Case Study 5). Secret communication could also occur via text compression (OpenAI, 2023c), or via the emergence of communication between agents where the symbols used by agents lack any predefined meanings or usage guidelines or are otherwise uninterpretable to humans (Foerster et al., 2016; Lazaridou & Baroni, 2020; Sukhbaatar et al., 2016)."

Domain7. AI System Safety, Failures, & LimitationsSubdomain7.6 > Multi-agent risksSourceMulti-Agent Risks from Advanced AIYear2025

Mitigations

Defenses that may help with related attacks.

LifecycleBusiness and Data Understanding + 2 moreCategoryTechnical - ML
B&D UnderstandingData Preparation+1 more
LifecycleML Model Evaluation + 1 moreCategoryTechnical - ML
ML Model EvaluationMonitoring

Showing 4 of 10

Source evidence

Research source for this risk, when available.