Gradient inversion

Given gradient (federated learning setting), reconstruct sample. Zhu et al 2019. Federated learning vulnerable.

Advertisement

Text extraction from LLM

Model's high-probability outputs on partial prefixes correspond to memorized training data. Enumerate.

Advertisement

Attribute inference

Recover attributes of training data even if exact record not recovered. Statistics leak: demographics, medical conditions.

Defenses

Federated: secure aggregation + DP. LLMs: dedup + DP + memorization measurement + selective forgetting.