Six hundred and fifteen GitHub stars in 24 hours. That is what happens when an 18-year-old developer named Nethical releases a Go library that lets anyone hide encrypted messages inside what looks like a completely ordinary LLM chat. Conversation Steganography, published on July 17, 2026, is a command-line tool that turns GPT-2's text generation into a covert communication channel. Your secret message gets encrypted, encoded into the token-by-token choices of a locally running AI model, and emerges as a paragraph that reads like a friend talking about their weekend plans. The messaging platform in the middle - WhatsApp, Telegram, Signal, iMessage, even email or Instagram DMs - sees only innocent cover text. The recipient's instance of the tool decodes it back to your original message. It is the most viral privacy tool to hit GitHub this month, and it raises questions that the AI industry has barely started to confront.
What Conversation Steganography Does
The core workflow is deceptively simple. You type a secret message like "meet me at the coffee shop at 3pm" into the tool. Conversation Steganography encrypts it with AES-SIV authenticated encryption, then runs the ciphertext through a locally hosted GPT-2 model that generates natural-sounding cover text encoding those encrypted bytes in its token choices. What your messaging app actually transmits looks like: "I was thinking about trying that new place downtown. Have you been there before? I heard they have great pasta." Your friend copies that cover text into their own instance of the tool, which runs the same GPT-2 model in reverse to recover the encrypted bytes and decrypts them back to your original message. The messaging platform never sees anything suspicious. The whole system runs locally - no API calls, no cloud servers, no telemetry. The AI model, the encryption keys, and the conversation state never leave either participant's machine.
How the Technology Works
Under the hood, the library uses a multi-layered security architecture. Messages are encrypted with AES-SIV, a synthetic initialization vector mode that provides both confidentiality and integrity in a single pass. Each message is chained to the previous one through a conversation chain that authenticates the sender, conversation ID, message index, and a hash of all prior messages - tampering, deletion, or reordering is immediately detectable. The shared secret phrase between participants is stretched using PBKDF2-HMAC-SHA-256 with 600,000 iterations. The actual steganographic encoding happens in how the GPT-2 model selects tokens: the encrypted payload determines which of the model's top-k token choices gets emitted, making the hidden data indistinguishable from natural LLM output variation. The cover text is structurally identical to any chat you would have with a language model. There is no statistical anomaly to flag.
The tool is written entirely in Go and licensed under GPL-3.0. Users can set it up in under a minute: clone the repo, run go build, and complete an interactive setup wizard that downloads the model and creates a configuration file. A built-in simulation mode lets two parties test the system on a single machine before deploying across devices. Environment variables like CONVERSATION_STENOGRAPHY_SECRET support scripted usage for automation, bots, and CI pipelines.
Why It Took Off
The 615-star explosion in a single day points to a real hunger for privacy tools that work within existing communication infrastructure. Scanning private messages is becoming more common across governments and platforms. End-to-end encryption protects message content but the metadata and the mere fact of encrypted communication can itself be suspicious in restrictive environments. Steganography adds a layer of plausible deniability: there is no way to prove a conversation contains a hidden message because the cover text looks like an ordinary AI chat. This is not a theoretical concern - as AI-generated text becomes indistinguishable from human writing, the very properties that make LLMs useful for customer support and content creation also make them useful for covert communication.
For the broader developer ecosystem, Conversation Steganography is a showcase of what is possible when you combine commodity AI capabilities (a 2019 GPT-2 model runs comfortably on a laptop) with solid cryptographic engineering. The README is refreshingly honest about the project's limitations: it is a proof of concept, detection techniques already exist for some steganographic patterns, and the educational-purpose disclaimer is prominently placed. The author explicitly states the idea predates their implementation and that people far more capable have likely been experimenting with these techniques for years.
Implications for AI Platforms and Founders
Conversation Steganography forces a conversation that every AI platform will need to have. If an LLM's text output can carry hidden data, what responsibility does the platform have? The tool runs locally with a downloaded model, so platform providers have no visibility into how their models are being used after deployment. This is a policy blind spot that existing terms of service and acceptable use policies do not address. For founders building on top of LLM APIs, the takeaway is more immediate: LLM-generated text cannot be treated as inherently transparent. Content inspection pipelines, data exfiltration detection systems, and compliance tooling will need to account for the possibility that AI-generated text carries hidden payloads. The same technology that enables legitimate privacy for journalists and whistleblowers also complicates content moderation and security monitoring.
Getting Started
Installing Conversation Steganography takes three commands: clone the repository at github.com/nethical6/conversation-steganography, run go build inside the directory, and execute the binary to start the setup wizard. The wizard walks through model selection with recommendations based on your system, downloads the model automatically, and creates a configuration file. A built-in simulation command lets you test the full encode-transmit-decode round trip on a single machine before coordinating with another person. The project has 29 forks and growing, with active development on the main branch. For developers interested in the intersection of cryptography, LLMs, and privacy engineering, the source code is cleanly organized and well-documented.
Who This Is For
Conversation Steganography is for developers and security researchers exploring AI-powered privacy tools, for individuals in restrictive environments who need communication channels that existing surveillance mechanisms cannot detect, and for AI platform teams who need to understand the steganographic capabilities of the models they deploy. It is also for any founder building on LLM technology who wants to understand the full spectrum of what their tools can do - because understanding the capabilities of the technology you build on is the first step to building responsibly.



