AlienLM: Alienization of Language for API-Boundary Privacy in Black-Box LLMs

TL;DR

AlienLM introduces a privacy-preserving layer for black-box LLMs by translating sensitive text into an alien language, enabling lossless recovery and significantly reducing plaintext exposure during API interactions.

Contribution

The paper proposes AlienLM, a novel method that uses alienization and fine-tuning to protect sensitive prompts in black-box LLMs without sacrificing performance.

Findings

Retains over 81% of plaintext performance on average

Reconstructs fewer than 0.22% of alien tokens under attack

Outperforms baseline bijection methods

Abstract

Modern LLMs are increasingly accessed via black-box APIs, requiring users to transmit sensitive prompts, outputs, and fine-tuning data to external providers, creating a critical privacy risk at the API boundary. We introduce AlienLM, a deployable API-only privacy layer that protects text by translating it into an Alien Language via a vocabulary-scale bijection, enabling lossless recovery on the client side. Using only standard fine-tuning APIs, Alien Adaptation Training (AAT) adapts target models to operate directly on alienized inputs. Across four LLM backbones and seven benchmarks, AlienLM retains over 81\% of plaintext-oracle performance on average, substantially outperforming random-bijection and character-level baselines. Under adversaries with access to model weights, corpus statistics, and learning-based inverse translation, recovery attacks reconstruct fewer than 0.22\% of alienized tokens. Our results demonstrate a practical pathway for privacy-preserving LLM deployment under API-only access, substantially reducing plaintext exposure while maintaining task performance.