Challenge: Model merging is a widespread technology in large language models that integrates multiple task-specific LLMs into a unified one.
Approach: They propose a model merging approach that trains a phishing model capable of stealing privacy using a privacy phish instruction dataset.
Outcome: The proposed model cloaking method mimics a specialized capability to conceal attack intent, luring users into merging the phishing model.

Similar Papers

Merger-as-a-Stealer: Stealing Targeted PII from Aligned LLMs with Model Merging (2025.emnlp-main)

Copied to clipboard

Challenge: Model merging is a promising approach for updating large language models . but unmonitored mergers can introduce significant security vulnerabilities .
Approach: They propose a model merging attack surface where a malicious merger can extract PII from an aligned model with model merg.
Outcome: The proposed framework can extract PII from an aligned model with model merging.
Merge Hijacking: Backdoor Attacks to Model Merging of Large Language Models (2025.acl-long)

Copied to clipboard

Challenge: Existing research on model merging focuses on optimizing model performance and minimizing backdoors.
Approach: They propose a backdoor attack targeting model merging in Large Language Models that creates a unified model for multi-domain tasks.
Outcome: The proposed attack is effective across models, merging algorithms, and tasks while maintaining utility across tasks.
Here’s a Free Lunch: Sanitizing Backdoored Models with Model Merge (2024.findings-acl)

Copied to clipboard

Challenge: democratization of pre-trained language models brings significant security risks, including backdoor attacks.
Approach: They propose to merge a backdoored model with other homogeneous models to remediate backdoor vulnerabilities.
Outcome: The proposed model merging approach outperforms other models on classification tasks without additional resources or specific knowledge.
MergePrint: Merge-Resistant Fingerprints for Robust Black-box Ownership Verification of Large Language Models (2025.acl-long)

Copied to clipboard

Challenge: Model merging introduces a novel risk of unauthorized use of large language models due to the high cost of training.
Approach: They propose a model merging method that embeds robust fingerprints into models . they aim to protect LLMs from misappropriation via model merg and model theft .
Outcome: The proposed method enables black-box ownership verification without accessing model weights or intermediate outputs.
R.R.: Unveiling LLM Training Privacy through Recollection and Ranking (2025.findings-acl)

Copied to clipboard

Challenge: Existing privacy attacks focus on membership inference or data extraction, but reconstructing specific personally identifiable information (PII) in training data remains challenging.
Approach: They propose a two-step privacy stealing attack that enables attackers to reconstruct PII entities from scrubbed training data where the PI I entities have been masked.
Outcome: The proposed attack can reconstruct PII entities from scrubbed training data where the PI I entities have been masked.
LLMs are Privacy Erasable (2025.findings-emnlp)

Copied to clipboard

Challenge: a new study examines the privacy of large language models and their capabilities . the study aims to address the balance between the convenience of LLMs and user privacy concerns .
Approach: They propose a strategy that safeguards user prompt while accessing LLM cloud services . they evaluate the efficacy of their method across prominent LLM benchmarks .
Outcome: The proposed method thwarts reconstruction attacks and improves model performance . it also surpasses the results reported in official model cards .
TrojanStego: Your Language Model Can Secretly Be A Steganographic Privacy Leaking Agent (2025.emnlp-main)

Copied to clipboard

Challenge: Existing work has focused on the (un)intended leakage of sensitive information through LLM outputs.
Approach: They propose a threat model that embeds context information into natural-looking outputs via linguistic steganography without requiring explicit control over inference inputs.
Outcome: The proposed model transmits 32-bit secrets with 87% accuracy on held-out prompts and can reach over 97% accuracy using majority voting across three generations.
Exploiting the Shadows: Unveiling Privacy Leaks through Lower-Ranked Tokens in Large Language Models (2025.acl-long)

Copied to clipboard

Challenge: Large language models face vulnerabilities related to the extraction of sensitive information.
Approach: They propose a method to exploit the model's lower-ranked output tokens to extract private information from retrieved documents or training knowledge.
Outcome: The proposed method is effective in both the agentic application privacy extraction setting and the direct training data extraction.
VortexPIA: Indirect Prompt Injection Attack against LLMs for Efficient Extraction of User Privacy (2026.findings-eacl)

Copied to clipboard

Challenge: Large language models (LLMs) have been widely deployed in Conversational AIs . however, the methods proposed in the study rely on a white-box setting .
Approach: They propose an indirect prompt injection attack that induces privacy extraction in LLMs . they use token-efficient data containing false memories to inject LLM data .
Outcome: The proposed method outperforms baselines and achieves state-of-the-art performance.
Tokens for Learning, Tokens for Unlearning: Mitigating Membership Inference Attacks in Large Language Models via Dual-Purpose Training (2025.findings-acl)

Copied to clipboard

Challenge: Existing defenses for large language models do not account for the sequential nature of text data.
Approach: They propose a lightweight yet effective empirical privacy defense that leverages token-specific characteristics to protect training data of large language models.
Outcome: The proposed approach provides strong protection against membership inference attacks and improves language modeling performance by 10% across different LLM architectures and datasets compared to baselines.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations