This work addresses the privacy risk of sensitive user text leakage or misuse during interactions with cloud-based large language models (e.g., ChatGPT). We propose a generative prompt obfuscation method leveraging emojis, which implicitly maps original text to semantically equivalent, irreversible multimodal (text–image) representations. Our approach introduces the first atomic-level, end-to-end reversible paradigm for joint textual and visual obfuscation. It requires no modification to LLM architectures nor reliance on local models, enabling fully cloud-deployable operation. Evaluated across eight cross-domain datasets, the method achieves <5% success rate against simulation-based reasoning attacks, while maintaining an average task accuracy of 98.3%; notably, it outperforms the original prompts by over 2% on three tasks. Thus, it simultaneously delivers strong privacy protection and high task fidelity.

Cloud-based Large Language Models (LLMs) such as ChatGPT have become increasingly integral to daily operations. Nevertheless, they also introduce privacy concerns: firstly, numerous studies underscore the risks to user privacy posed by jailbreaking cloud-based LLMs; secondly, the LLM service providers have access to all user data, which deters individuals from confidently utilizing such services. To address such concerns, we propose a simple yet effective paradigm, EmojiPrompt, to protect user privacy. At its core, EmojiPrompt performs generative transformation, obfuscating private data within prompts with linguistic and non-linguistic elements before submitting them to cloud-based LLMs. We evaluate EmojiPrompt's performance across 8 datasets from various domains. We also propose simulated inference attacks to assess EmojiPrompt's ability to preserve user privacy. The results demonstrate that EmojiPrompt effectively obfuscates user private data, while largely maintaining, or even enhancing, performances compared to the unobfuscated version. Furthermore, EmojiPrompt's atomic-level obfuscation allows it to function exclusively with cloud-based LLMs. For source code, please refer to: https://github.com/agiresearch/EmojiCrypt.