13 articles tagged with #membership-inference. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.
Researchers introduce RULER, a verification framework that detects machine unlearning failures at the representation level rather than just output metrics. The study reveals that popular unlearning methods pass traditional evaluation tests yet still retain encoded information about forgotten data in their internal representations, highlighting a critical gap in current verification protocols.
A comprehensive survey examines Pretraining Data Exposure (PDE) in large language models, unifying two previously isolated research areas—membership inference and data contamination—to assess whether specific data appeared in LLM training datasets. The work formalizes exposure levels, reviews attack and defense mechanisms, and highlights privacy and evaluation integrity risks as model sizes and training data scales continue to grow.
Researchers demonstrate significant privacy vulnerabilities in tabular diffusion models (TDMs), which are increasingly used to generate synthetic data as privacy-preserving alternatives. Through membership inference attacks in both black-box and white-box settings, the study reveals that attackers can successfully breach these systems without perfect knowledge of training data or massive computational resources, while also exposing flaws in commonly-used privacy metrics.
Researchers using copyrighted O'Reilly Media books conducted membership inference attacks on OpenAI's language models, finding that GPT-4o exhibits patterns suggesting recognition of pay-walled content (AUROC 0.82) while GPT-4o Mini shows minimal recognition (AUROC 0.56). The findings highlight gaps in corporate transparency around AI training data sources and underscore the need for formal licensing frameworks.
Researchers have developed a novel membership inference attack against diffusion models that uses noise aggregation analysis and small-noise injection to determine whether specific data samples were included in training datasets. The method significantly reduces computational costs while improving accuracy compared to existing approaches, highlighting emerging privacy vulnerabilities in widely-deployed generative AI systems like Stable Diffusion.
Researchers have developed EZ-MIA, a training-free membership inference attack that dramatically improves detection of memorized data in fine-tuned language models by analyzing probability shifts at error positions. The method achieves 3.8x higher detection rates than previous approaches on GPT-2 and demonstrates that privacy risks in fine-tuned models are substantially greater than previously understood.
Researchers developed UMID, a new text-only auditing framework to detect if personally identifiable information was memorized during training of multimodal AI models like CLIP and CLAP. The method significantly improves efficiency and effectiveness of membership inference attacks while maintaining privacy constraints.
Researchers discovered that privacy vulnerabilities in neural networks exist in only a small fraction of weights, but these same weights are critical for model performance. They developed a new approach that preserves privacy by rewinding and fine-tuning only these critical weights instead of retraining entire networks, maintaining utility while defending against membership inference attacks.
Researchers developed WBC (Window-Based Comparison), a new membership inference attack method that significantly outperforms existing approaches by analyzing localized patterns in Large Language Models rather than global signals. The technique achieves 2-3 times better detection rates and exposes critical privacy vulnerabilities in fine-tuned LLMs through sliding window analysis and binary voting mechanisms.
Researchers have developed a new method called Semantic Correlation Descriptors (SCDs) to identify whether a specific dataset was used to train a machine learning model by analyzing the spurious correlations embedded in its learned structure. This white-box approach outperforms existing black-box membership inference techniques, achieving up to 60% higher accuracy in detecting dataset membership across natural language and medical text classification tasks.
Researchers propose a novel method to assess individual training data vulnerability to membership inference attacks without requiring shadow models. The approach combines theoretical analysis in linear settings with a practical surrogate score for deep networks, using only geometry and loss information from a single trained model.
PACZero introduces a novel PAC-private fine-tuning mechanism for large language models that achieves usable utility while maintaining zero mutual information leakage, surpassing traditional differential privacy approaches. Using sign quantization of zeroth-order gradients, the method exploits moments of unanimous agreement across candidate subsets to eliminate privacy costs, demonstrating competitive performance on benchmark tasks like SST-2 and SQuAD.
Researchers propose Statistical Membership Inference (SMI), a new training-free auditing method that challenges the reliability of existing Membership Inference Attacks (MIAs) for verifying machine unlearning. The framework addresses a fundamental flaw in current auditing approaches by reformulating the problem as estimating non-member proportions in feature distributions, eliminating the need for computationally expensive shadow model training.
