EmojiPrompt: Generative Prompt Obfuscation for Privacy-Preserving Communication with Cloud-based LLMs (2025.naacl-long)
Copied to clipboard
| Challenge: | Recent advances in Large Language Models (LLMs) have substantially expanded their applicability across diverse fields, such as personalized recommendations, health report analysis, and financial decision-making. |
| Approach: | They propose a generative transformation paradigm that obfuscates user data with linguistic and non-linguistic elements before submitting it to cloud-based LLMs. |
| Outcome: | The proposed paradigm obfuscates user private data while maintaining performance compared to the unobflated version. |
Similar Papers
LLMs are Privacy Erasable (2025.findings-emnlp)
Copied to clipboard
| Challenge: | a new study examines the privacy of large language models and their capabilities . the study aims to address the balance between the convenience of LLMs and user privacy concerns . |
| Approach: | They propose a strategy that safeguards user prompt while accessing LLM cloud services . they evaluate the efficacy of their method across prominent LLM benchmarks . |
| Outcome: | The proposed method thwarts reconstruction attacks and improves model performance . it also surpasses the results reported in official model cards . |
Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs Through a Global Prompt Hacking Competition (2023.emnlp-main)
Copied to clipboard
Sander Schulhoff, Jeremy Pinto, Anaum Khan, Louis-François Bouchard, Chenglei Si, Svetlina Anati, Valen Tagliabue, Anson Kost, Christopher Carnahan, Jordan Boyd-Graber
| Challenge: | Large Language Models are increasingly being deployed in interactive contexts that involve direct user engagement. |
| Approach: | They run a global prompt hacking competition to encourage research on prompt hacks . they elicit 600K+ adversarial prompts against three state-of-the-art LLMs based on a dataset . |
| Outcome: | The results of the competition show that current LLMs can be manipulated via prompt hacking . the competition elicits 600K+ adversarial prompts against three state-of-the-art LLM models . |
Exploiting the Shadows: Unveiling Privacy Leaks through Lower-Ranked Tokens in Large Language Models (2025.acl-long)
Copied to clipboard
| Challenge: | Large language models face vulnerabilities related to the extraction of sensitive information. |
| Approach: | They propose a method to exploit the model's lower-ranked output tokens to extract private information from retrieved documents or training knowledge. |
| Outcome: | The proposed method is effective in both the agentic application privacy extraction setting and the direct training data extraction. |
Multi-step Jailbreaking Privacy Attacks on ChatGPT (2023.findings-emnlp)
Copied to clipboard
| Challenge: | With the rapid evolution of large language models (LLMs), many downstream NLP tasks can be well solved given appropriate prompts. |
| Approach: | They propose to integrate ChatGPT and Bing GPT3 into their applications to create a set of LLMs that can be used to generate NLP tasks with appropriate prompts. |
| Outcome: | The proposed models can be zero-shot or few-shot learners to solve specified tasks and can even be zero or few shot learners. |
SharedRequest: Privacy-Preserving Model-Agnostic Inference for Large Language Models (2026.acl-long)
Copied to clipboard
| Challenge: | Existing privacy-preserving inference methods sacrifice utility or efficiency, authors say . current approaches suffer a trilemma between privacy, utility, and efficiency, they say . |
| Approach: | They propose a model-agnostic framework for privacy-preserving LLM inference that reformulates privacy protection at the batch level rather than the individual-prompt level. |
| Outcome: | The proposed model-agnostic framework achieves 20% higher utility than previous models . it reduces query cost by up to 5 compared to non-batched inference . |
LatticeGen: Hiding Generated Text in a Lattice for Privacy-Aware Large Language Model Generation on Cloud (2024.findings-naacl)
Copied to clipboard
Mengke Zhang, Tianxing He, Tianle Wang, Lu Mi, Niloofar Mireshghallah, Binyi Chen, Hao Wang, Yulia Tsvetkov
| Challenge: | Currently, the server controls the generated text, but users can't keep it private . prompted generation is a common interaction paradigm for large language models on cloud . |
| Approach: | They propose a protocol where the server handles most of the computation while the client controls the sampling operation. |
| Outcome: | The proposed protocol protects both prompt and generation under strong attacks. |
Private prediction for large-scale synthetic text generation (2024.findings-emnlp)
Copied to clipboard
Kareem Amin, Alex Bie, Weiwei Kong, Alexey Kurakin, Natalia Ponomareva, Umar Syed, Andreas Terzis, Sergei Vassilvitskii
| Challenge: | Existing approaches to generate differentially private text using large language models are classified into several categories. |
| Approach: | They propose a private prediction framework that generates differentially private synthetic text using large language models via private prediction. |
| Outcome: | The proposed approach generates high-quality synthetic data points at reasonable privacy levels while protecting the privacy of users who contributed to the dataset. |
Combating Security and Privacy Issues in the Era of Large Language Models (2024.naacl-tutorials)
Copied to clipboard
| Challenge: | a tutorial aims to provide a summary of risks and vulnerabilities in large language models . a number of studies have focused on security, privacy and copyright aspects of LLMs . |
| Approach: | This tutorial seeks to provide a systematic summary of risks and vulnerabilities in large language models . authors will discuss security, privacy and copyright aspects of LLMs . |
| Outcome: | This tutorial aims to provide a systematic summary of risks and vulnerabilities in large language models . it will also outline emerging challenges in security, privacy and reliability of LLMs . |
VortexPIA: Indirect Prompt Injection Attack against LLMs for Efficient Extraction of User Privacy (2026.findings-eacl)
Copied to clipboard
| Challenge: | Large language models (LLMs) have been widely deployed in Conversational AIs . however, the methods proposed in the study rely on a white-box setting . |
| Approach: | They propose an indirect prompt injection attack that induces privacy extraction in LLMs . they use token-efficient data containing false memories to inject LLM data . |
| Outcome: | The proposed method outperforms baselines and achieves state-of-the-art performance. |
Towards Privacy-Preserving Large Language Model: Text-free Inference Through Alignment and Adaptation (2026.acl-long)
Copied to clipboard
| Challenge: | Existing LLMs require users to submit raw text regardless of its sensitivity, resulting in substantial computational overhead and degrade model performance. |
| Approach: | They propose a new training pipeline that allows a client-side encoder to condition on k-pooled prompt embeddings instead of raw text and a server-side projection module to fine-tune the projection module and LLM on private, domain-specific data using noise-injected embeddables. |
| Outcome: | The proposed approach eliminates the need for transmitting raw prompt text while maintaining a favorable balance between privacy preservation and model utility for both clients and service providers. |