Language Model Inversion through End-to-End Differentiation

Despite emerging research on Language Models (LM), few approaches analyse the invertibility of LMs. That is, given a LM and a desirable target output sequence of tokens, determining what input prompts would yield the target output remains an open problem. We formulate this problem as a classical gradient-based optimisation. First, we propose a simple algorithm to achieve end-to-end differentiability of a given (frozen) LM and then find optimised prompts via gradient descent. Our central insight is to view LMs as functions operating on sequences of distributions over tokens (rather than the traditional view as functions on sequences of tokens). Our experiments and ablations demonstrate that our DLM-powered inversion can reliably and efficiently optimise prompts of lengths $10$ and $80$ for targets of length $20$, for several white-box LMs (out-of-the-box).

Key Contributions

• Reformulates LM inversion as gradient-based optimization by treating LMs as functions over token distribution sequences rather than discrete token sequences, achieving end-to-end differentiability
• Proposes the DLM (Differentiable Language Model) algorithm that enables gradient flow through frozen LMs
• Demonstrates reliable inversion of white-box LLMs, recovering prompts of length 10 and 80 that produce target outputs of length 20

🛡️ Threat Analysis

Details

Similar Papers