Challenge: Distributed LLMs avoid raw inputs by transmitting intermediate hidden states, a practice widely assumed to preserve privacy.
Approach: They propose a distributed inference framework that transmits intermediate hidden states to avoid sending raw inputs by exposing sensitive user attributes.
Outcome: The proposed approach achieves Top-1 accuracy of 0.997 on CMS, 0.980 on Skytrax, and 0.986 on ECHR.

Similar Papers

Ensemble Privacy Defense for Knowledge-Intensive LLMs against Membership Inference Attacks (2026.findings-eacl)

Copied to clipboard

Challenge: Large language models (LLMs) are the foundation of modern natural language processing, powering applications across diverse domains.
Approach: They propose a model-agnostic defense framework which aggregates and evaluates the outputs of a knowledge-injected LLM, a base LLM and a dedicated judge model to enhance resistance against membership inference attacks.
Outcome: The proposed framework reduces MIA success by up to 27.8% for SFT and 526.3% for RAG compared to inference-time baseline while maintaining answer quality.
How Alignment and Jailbreak Work: Explain LLM Safety through Intermediate Hidden States (2024.findings-emnlp)

Copied to clipboard

Challenge: Large language models (LLMs) rely on safety alignment to avoid malicious user inputs.
Approach: They employ weak classifiers to explain LLM safety through the intermediate hidden states.
Outcome: The proposed model can identify malicious and normal inputs and detect malicious ones without jailbreak.
Transferable Embedding Inversion Attack: Uncovering Privacy Risks in Text Embeddings without Model Queries (2024.acl-long)

Copied to clipboard

Challenge: Recent advances in text embedding models have significantly streamlined the process of generating embeddables.
Approach: They develop a transfer attack method that uses a surrogate model to mimic the victim model's behavior and infers sensitive information from embeddings without direct access.
Outcome: The proposed method outperforms existing methods and reveals potential privacy vulnerabilities in embedding technologies.
Towards Understanding Jailbreak Attacks in LLMs: A Representation Space Analysis (2024.emnlp-main)

Copied to clipboard

Challenge: Large language models (LLMs) are susceptible to a type of attack known as jailbreaking, which misleads LLMs to output harmful contents.
Approach: They propose to leverage hidden representations into existing jailbreak targets to move the attacks along the acceptance direction.
Outcome: The proposed methods are validated using the objective of existing jailbreak attacks.
PrivacyRestore: Privacy-Preserving Inference in Large Language Models via Privacy Removal and Restoration (2025.acl-long)

Copied to clipboard

Challenge: Existing privacy protection methods for large language models suffer from performance degradation or large inference time overhead.
Approach: They propose a plug-and-play method to protect the privacy of user inputs during LLM inference . they use offline restoration vectors to train restoration vector for each privacy span type .
Outcome: The proposed method can prevent the linear growth of the privacy budget.
Extracted BERT Model Leaks More Information than You Think! (2022.emnlp-main)

Copied to clipboard

Challenge: Existing pre-trained language models are vulnerable to model extraction attacks . model extraction can cause severe privacy leakage even when victim models are facilitated with state-of-the-art defensive strategies.
Approach: They propose to launch an attribute-inference attack against an extracted BERT model to prevent privacy leakage.
Outcome: The proposed attack can cause severe privacy leakage even when victim models are facilitated with state-of-the-art defensive strategies.
Your Inference Request Will Become a Black Box: Confidential Inference for Cloud-based Large Language Models (2026.acl-long)

Copied to clipboard

Challenge: Existing approaches fail to ensure privacy, maintain model performance, and preserve computational efficiency simultaneously.
Approach: They propose a confidential inference framework that partitions the LLM pipeline between a client-verified Confidential Virtual Machine (CVM) and the public cloud to protect client data without compromising the cloud’s model intellectual property or inference quality.
Outcome: The proposed framework can defend against state-of-the-art token inference attacks while preserving model privacy, performance, and efficiency.
LLMs are Privacy Erasable (2025.findings-emnlp)

Copied to clipboard

Challenge: a new study examines the privacy of large language models and their capabilities . the study aims to address the balance between the convenience of LLMs and user privacy concerns .
Approach: They propose a strategy that safeguards user prompt while accessing LLM cloud services . they evaluate the efficacy of their method across prominent LLM benchmarks .
Outcome: The proposed method thwarts reconstruction attacks and improves model performance . it also surpasses the results reported in official model cards .
PIG: Privacy Jailbreak Attack on LLMs via Gradient-based Iterative In-Context Optimization (2025.acl-long)

Copied to clipboard

Challenge: Existing methods to evaluate privacy leakage in LLMs use memorized prefixes or simple instructions to extract data, which well-aligned models can easily block.
Approach: They propose a framework targeting Personally Identifiable Information (PII) that uses in-context learning to build a privacy context and iteratively updates it with three gradient-based strategies to elicit target PII.
Outcome: The proposed framework outperforms baseline methods and achieves state-of-the-art (SoTA) results on four white-box and two black-box LLMs.
Combating Security and Privacy Issues in the Era of Large Language Models (2024.naacl-tutorials)

Copied to clipboard

Challenge: a tutorial aims to provide a summary of risks and vulnerabilities in large language models . a number of studies have focused on security, privacy and copyright aspects of LLMs .
Approach: This tutorial seeks to provide a systematic summary of risks and vulnerabilities in large language models . authors will discuss security, privacy and copyright aspects of LLMs .
Outcome: This tutorial aims to provide a systematic summary of risks and vulnerabilities in large language models . it will also outline emerging challenges in security, privacy and reliability of LLMs .

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations