[2604.04289] Poisoned Identifiers Survive LLM Deobfuscation: A Case Study on Claude Opus 4.6

Computer Science > Cryptography and Security arXiv:2604.04289 (cs) [Submitted on 5 Apr 2026] Title:Poisoned Identifiers Survive LLM Deobfuscation: A Case Study on Claude Opus 4.6 Authors:Luis Guzmán Lorenzo View a PDF of the paper titled Poisoned Identifiers Survive LLM Deobfuscation: A Case Study on Claude Opus 4.6, by Luis Guzm\'an Lorenzo View PDF HTML (experimental) Abstract:When an LLM deobfuscates JavaScript, can poisoned identifier names in the string table survive into the model's reconstructed code, even when the model demonstrably understands the correct semantics? Using Claude Opus 4.6 across 192 inference runs on two code archetypes (force-directed graph simulation, A* pathfinding; 50 conditions, N=3-6), we found three consistent patterns: (1) Poisoned names persisted in every baseline run on both artifacts (physics: 8/8; pathfinding: 5/5). Matched controls showed this extends to terms with zero semantic fit when the string table does not form a coherent alternative domain. (2) Persistence coexisted with correct semantic commentary: in 15/17 runs the model wrote wrong variable names while correctly describing the actual operation in comments. (3) Task framing changed persistence: explicit verification prompts had no effect (12/12 across 4 variants), but reframing from "deobfuscate this" to "write a fresh implementation" reduced propagation from 100% to 0-20% on physics and to 0% on pathfinding, while preserving the checked algorithmic structure. Matched-control...