AI Models Can Secretly Communicate With Each Other

Added: 2026-05-16

[00:00:01]AI models can secretly communicate with each other.

[00:00:05]I'm Nick Espinosa, your chief security fanatic, and let's dive in.

[00:00:09]Now, this is actually really interesting and a bit concerning, but here's what's going on. Because if you didn't know, researchers are now warning that advanced AI models may be capable of hiding information inside otherwise normal-looking outputs in the way that we humans cannot easily or simply detect. Now, the concern here is not that chatbots are becoming self-aware.

[00:00:31]We're not going Skynet here, people.

[00:00:32]But, the issue is that large language models can learn to encode hidden signals, as well as instructions, or even behavioral traits inside things that look like just plain old ordinary text or code or even data patterns. And one of the most interesting examples is coming from Berkeley. Their researchers are studying a technique called end speak, where an AI model subtly embeds hidden information in outputs, such as the last word of each line, or statistical patterns in generated text.

[00:01:04]So, to us, the the human reader of the AI, the text appears completely normal.

[00:01:09]But, another AI system trained to recognize the hidden pattern can decode the concealed message. Researchers also found something even more unsettling.

[00:01:19]It's that these hidden channels could potentially transfer not only information, but also behavioral tendencies or AI misalignment.

[00:01:28]So, in in experiments uh described by Anthropic and uh collaborators, teacher models were influencing student models through seemingly unrelated training data, creating what those researchers were calling subliminal learning.

[00:01:44]Now, the broader concern and implication here is that AI systems may eventually be able to coordinate, collude, or even exchange hidden instructions in ways that we just really can't monitor or interpret. So, they can communicate and we can't see it.

[00:02:01]So, it's concerning for a few reasons here. And the first one is I was thinking about this is that many AI safeguards rely on humans essentially just reviewing the output for things like dangerous content. You know, if you look at the back end of like an open AI or Anthropic, there's an army of humans that are reviewing those outputs to make sure the outputs are correct, they're properly shaped, it's not overly crazily hallucinating, all of those kinds of things. But, if harmful instructions can be hidden either like statistically or structurally, then these traditional human reviews are not going to catch it.

[00:02:33]They're going to fail, right? And on top of this, if autonomous AI agents are communicating with each other across things like networks or workflows, you know, similar systems, cloud environments, robotic systems possibly, this could be very difficult to detect if they are secretly communicating with each other because we're integrating artificial intelligence into multiple aspects of our lives now. Researchers have already modeled scenarios where AI systems cooperate in hidden ways, including things like price coordination, concealed signaling, or even bypassing the monitoring systems that are supposed to catch these kinds of things. So, a harmful or manipulated model might influence another model indirectly through things like training data or output even when explicit dangerous content has supposedly be filtered out been filtered out.

[00:03:23]Remember, we're the ones double-checking this, but if we can't detect the coded patterns they're using, then we can't detect it.

[00:03:30]You know? So, think about this from the cybersecurity perspective. Look at the future of this, like future malware or phishing systems or botnets or even autonomous cyber agents might communicate covertly inside ordinary traffic. You know, or maybe even within documents or other types of AI-generated content.

[00:03:49]You know, they might be able to maliciously transfer to, let's say, a defending AI the the wrong behavior, right? And so, all of this matters because AI safety systems today are still heavily based on the assumption that we humans can basically really, truly inspect what they are outputting. Right? Hidden communications is basically blowing a hole through that assumption right now.

[00:04:14]And so, that creates a future problem where AI systems may just appear compliant while they are secretly exchanging information that the humans just do not understand, which means they can coordinate and collaborate and collude, right? Now, this also matters because AI systems are increasingly becoming agents, not just the chatbots we log into portals to, right? So, we're integrating them into things like email, cloud infrastructure, financial systems, coding tools. I mean, that's huge in software development, robotics, browsers, you know, not to mention workflows from small to enterprise, cybersecurity is is adopted it very, very heavily. So, it's super, super important as well. But, once autonomous systems begin interacting continuously with each other, then covert coordination becomes a much more important risk category, right? And this is an extension of existing cybersecurity ideas because things like covert communication, steganography, hidden channels, command and control obfuscation, these already exist in traditional cyber operations. And so, attackers have long hidden malware traffic, you know, inside a lot of different things. You know, images like steganography where it looks like an image, but it has code in it that'll execute. Not to mention things like DNS, DNS is always getting hijacked. You know, if it's an encrypted tunnel, it might not be able to be inspected by the firewalls and threat detection systems, not to mention other things, social media posts cuz it's not like Facebook is really looking for these things, you know, and just ordinary plain old traffic that we see on the internet.

[00:05:45]And so, that's the standard right now, but what this now brings to the table, what's new here, is that AI systems may independently discover new encoding strategies. They could also adapt those strategies dynamically and potentially coordinate with other AI systems without the humans basically programming them explicitly for that, right? They might just take it upon themselves. And so, it changes literally the scale of the level of unpredictability that we've got here.

[00:06:16]And again, I'll reiterate as just a final point, this is not Skynet, right?

[00:06:21]This is more like discovering that highly advanced software systems may develop communication shortcuts that we just can't inspect and understand. But the implication for that is not benign.

[00:06:33]The implication for that means that this could be abused by an attacker that creates a malicious artificial intelligence that is now trying to send coding to other AIs to get it to do things that quite frankly we don't want it to do.

[00:06:46]Welcome to the new frontier of cybersecurity defense and identification, I hope. And please like, share, follow me here on Facebook and Twitter at Nick A ESP. And please feel free to subscribe to me YouTube as well. And as always, stay safe, stay online, and please, please, please let me say private, informed, and secure.

[00:07:04]Take care.