←Back to feed
🧠 AI⚪ NeutralImportance 6/10
Poisoned Identifiers Survive LLM Deobfuscation: A Case Study on Claude Opus 4.6
🤖AI Summary
Research study reveals that when Claude Opus 4.6 deobfuscates JavaScript code, poisoned identifier names from the original string table consistently survive in the reconstructed code, even when the AI demonstrates correct understanding of the code's semantics. Changing the task framing from 'deobfuscate' to 'write fresh implementation' significantly reduced this persistence while maintaining algorithmic accuracy.
Key Takeaways
- →Poisoned identifier names persisted in 100% of baseline deobfuscation runs across two different code types using Claude Opus 4.6.
- →The AI correctly described code operations in comments while simultaneously using wrong variable names, showing semantic understanding despite name persistence.
- →Explicit verification prompts failed to reduce poisoned name propagation across all tested variants.
- →Reframing the task from deobfuscation to fresh implementation reduced name persistence from 100% to 0-20%.
- →The study was limited to Claude Opus 4.6 and two code archetypes, requiring broader research for generalization.
Mentioned in AI
Models
ClaudeAnthropic
HaikuAnthropic
OpusAnthropic
#llm-security#code-analysis#ai-research#claude-opus#deobfuscation#prompt-engineering#ai-safety#code-generation
Read Original →via arXiv – CS AI
Act on this with AI
Stay ahead of the market.
Connect your wallet to an AI agent. It reads balances, proposes swaps and bridges across 15 chains — you keep full control of your keys.
Related Articles