Challenge: Pre-trained language models (PLMs) are prone to leaking personal information due to memorization, but the risk of specific personal information being extracted by attackers is low.
Approach: They analyze whether large pre-trained language models are prone to leaking personal information due to memorization.
Outcome: The proposed model is weak at association, so the risk of specific personal information being extracted by attackers is low.

Similar Papers

Investigating How Pre-training Data Leakage Affects Models’ Reproduction and Detection Capabilities (2025.emnlp-main)

Copied to clipboard

Challenge: Existing studies do not examine how leaked instances in training datasets influence LLMs’ output and detection capabilities.
Approach: They conduct an experimental survey to examine the relationship between data leakage in training datasets and its effects on the generation and detection by Large Language Models (LLMs).
Outcome: The results show that enhancing leakage detection through few-shot learning can help mitigate the impact of the leakage rate in the training data on detection performance.
Combating Security and Privacy Issues in the Era of Large Language Models (2024.naacl-tutorials)

Copied to clipboard

Challenge: a tutorial aims to provide a summary of risks and vulnerabilities in large language models . a number of studies have focused on security, privacy and copyright aspects of LLMs .
Approach: This tutorial seeks to provide a systematic summary of risks and vulnerabilities in large language models . authors will discuss security, privacy and copyright aspects of LLMs .
Outcome: This tutorial aims to provide a systematic summary of risks and vulnerabilities in large language models . it will also outline emerging challenges in security, privacy and reliability of LLMs .
User Inference Attacks on Large Language Models (2024.emnlp-main)

Copied to clipboard

Challenge: a large amount of data written by humans is used to train and fine-tune large language models.
Approach: They propose to infer if a user's data was used to train an LLM by using example-level differential privacy.
Outcome: The proposed attacks are easy to employ and only require black-box access to an LLM and a few samples from the user.
Unintended Memorization of Sensitive Information in Fine-Tuned Language Models (2026.eacl-long)

Copied to clipboard

Challenge: Large Language Models (LLMs) on sensitive datasets carry a substantial risk of unintended memorization and leakage of Personally Identifiable Information (PII) prior studies have analyzed memorizing dynamics in LLMs during pre-training and fine-tuning.
Approach: They investigate the vulnerability of PII that appears only in model inputs, not in training targets.
Outcome: The proposed methods show that post-training methods provide more consistent privacy-utility trade-offs .
Quantifying Association Capabilities of Large Language Models and Its Implications on Privacy Leakage (2024.findings-eacl)

Copied to clipboard

Challenge: a new study examines the association capabilities of large language models . as models scale up, their ability to associate entities/information intensifies . however, there is a performance gap when associating commonsense knowledge versus PII, with the latter showing lower accuracy.
Approach: They examine the association capabilities of large language models and identify factors that influence their proficiency in associating information.
Outcome: The proposed models show a performance gap when associating commonsense knowledge versus PII, with the latter showing lower accuracy.
Personal Information Parroting in Language Models (2026.findings-eacl)

Copied to clipboard

Challenge: Modern language models memorize millions of PI instances, increasing privacy risks.
Approach: They develop a model that parrots 13.6% of PI verbatim on a manually curated set of 483 instances . they recommend that pretraining datasets be aggressively filtered and anonymized to minimize PI parroting.
Outcome: The proposed model outperforms the best regex-based PI detectors on a manually curated set of 483 instances of PI.
Recent Advances in Pre-trained Language Models: Why Do They Work and How Do They Work (2022.aacl-tutorials)

Copied to clipboard

Challenge: Pre-trained language models are language models that are pre-taught on large-scaled corpora in a self-supervised fashion.
Approach: This tutorial provides a broad and comprehensive introduction to pre-trained language models . it focuses on emerging methods that enable PLMs to perform diverse downstream tasks .
Outcome: This tutorial focuses on the benefits of pre-trained language models and how to use them in NLP tasks.
Quantifying Privacy Risks of Masked Language Models Using Membership Inference Attacks (2022.emnlp-main)

Copied to clipboard

Challenge: Prior attempts at measuring leakage of MLMs via membership inference attacks have been inconclusive, implying potential robustness of Mlms to privacy attacks.
Approach: They propose a stronger membership inference attack based on likelihood ratio hypothesis testing that involves an additional MLM to more accurately quantify the privacy risks of memorization in MLMs.
Outcome: The proposed attack improves the AUC of prior membership inference attacks from 0.66 to an alarmingly high 0.90 level on models trained on medical notes.
A Close Look into the Calibration of Pre-trained Language Models (2023.acl-long)

Copied to clipboard

Challenge: Pre-trained language models (PLMs) may fail in giving reliable estimates of their predictive uncertainty.
Approach: They conduct fine-grained control experiments to study the dynamic change in PLMs’ calibration performance in training.
Outcome: The proposed methods significantly reduce PLMs’ confidence in wrong predictions.
Knowledge Unlearning for Mitigating Privacy Risks in Language Models (2023.acl-long)

Copied to clipboard

Challenge: Recent work shows that an adversary can extract training data from Pretrained Language Models including Personally Identifiable Information (PII) such as names, phone numbers, and email addresses.
Approach: They propose to use knowledge unlearning to reduce privacy risks for LMs by performing gradient ascent on target token sequences instead of trying to unlearn all the data at once.
Outcome: The proposed method can give a stronger empirical privacy guarantee in scenarios where the data vulnerable to extraction attacks are known a priori while being much more efficient and robust.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations