Privacy Risks of Intermediate Representations: Attribute Inference in Distributed LLM Inference (2026.findings-acl)
Copied to clipboard
| Challenge: | Distributed LLMs avoid raw inputs by transmitting intermediate hidden states, a practice widely assumed to preserve privacy. |
| Approach: | They propose a distributed inference framework that transmits intermediate hidden states to avoid sending raw inputs by exposing sensitive user attributes. |
| Outcome: | The proposed approach achieves Top-1 accuracy of 0.997 on CMS, 0.980 on Skytrax, and 0.986 on ECHR. |
Similar Papers
Ensemble Privacy Defense for Knowledge-Intensive LLMs against Membership Inference Attacks (2026.findings-eacl)
Copied to clipboard
| Challenge: | Large language models (LLMs) are the foundation of modern natural language processing, powering applications across diverse domains. |
| Approach: | They propose a model-agnostic defense framework which aggregates and evaluates the outputs of a knowledge-injected LLM, a base LLM and a dedicated judge model to enhance resistance against membership inference attacks. |
| Outcome: | The proposed framework reduces MIA success by up to 27.8% for SFT and 526.3% for RAG compared to inference-time baseline while maintaining answer quality. |
How Alignment and Jailbreak Work: Explain LLM Safety through Intermediate Hidden States (2024.findings-emnlp)
Copied to clipboard
| Challenge: | Large language models (LLMs) rely on safety alignment to avoid malicious user inputs. |
| Approach: | They employ weak classifiers to explain LLM safety through the intermediate hidden states. |
| Outcome: | The proposed model can identify malicious and normal inputs and detect malicious ones without jailbreak. |
Transferable Embedding Inversion Attack: Uncovering Privacy Risks in Text Embeddings without Model Queries (2024.acl-long)
Copied to clipboard
| Challenge: | Recent advances in text embedding models have significantly streamlined the process of generating embeddables. |
| Approach: | They develop a transfer attack method that uses a surrogate model to mimic the victim model's behavior and infers sensitive information from embeddings without direct access. |
| Outcome: | The proposed method outperforms existing methods and reveals potential privacy vulnerabilities in embedding technologies. |
Towards Understanding Jailbreak Attacks in LLMs: A Representation Space Analysis (2024.emnlp-main)
Copied to clipboard
| Challenge: | Large language models (LLMs) are susceptible to a type of attack known as jailbreaking, which misleads LLMs to output harmful contents. |
| Approach: | They propose to leverage hidden representations into existing jailbreak targets to move the attacks along the acceptance direction. |
| Outcome: | The proposed methods are validated using the objective of existing jailbreak attacks. |
PrivacyRestore: Privacy-Preserving Inference in Large Language Models via Privacy Removal and Restoration (2025.acl-long)
Copied to clipboard
| Challenge: | Existing privacy protection methods for large language models suffer from performance degradation or large inference time overhead. |
| Approach: | They propose a plug-and-play method to protect the privacy of user inputs during LLM inference . they use offline restoration vectors to train restoration vector for each privacy span type . |
| Outcome: | The proposed method can prevent the linear growth of the privacy budget. |
Extracted BERT Model Leaks More Information than You Think! (2022.emnlp-main)
Copied to clipboard
| Challenge: | Existing pre-trained language models are vulnerable to model extraction attacks . model extraction can cause severe privacy leakage even when victim models are facilitated with state-of-the-art defensive strategies. |
| Approach: | They propose to launch an attribute-inference attack against an extracted BERT model to prevent privacy leakage. |
| Outcome: | The proposed attack can cause severe privacy leakage even when victim models are facilitated with state-of-the-art defensive strategies. |
Your Inference Request Will Become a Black Box: Confidential Inference for Cloud-based Large Language Models (2026.acl-long)
Copied to clipboard
Chung-ju Huang, Huiqiang Zhao, Yuanpeng He, Lijian Li, Wenpin Jiao, Zhi Jin, Peixuan Chen, Leye Wang
| Challenge: | Existing approaches fail to ensure privacy, maintain model performance, and preserve computational efficiency simultaneously. |
| Approach: | They propose a confidential inference framework that partitions the LLM pipeline between a client-verified Confidential Virtual Machine (CVM) and the public cloud to protect client data without compromising the cloud’s model intellectual property or inference quality. |
| Outcome: | The proposed framework can defend against state-of-the-art token inference attacks while preserving model privacy, performance, and efficiency. |
LLMs are Privacy Erasable (2025.findings-emnlp)
Copied to clipboard
| Challenge: | a new study examines the privacy of large language models and their capabilities . the study aims to address the balance between the convenience of LLMs and user privacy concerns . |
| Approach: | They propose a strategy that safeguards user prompt while accessing LLM cloud services . they evaluate the efficacy of their method across prominent LLM benchmarks . |
| Outcome: | The proposed method thwarts reconstruction attacks and improves model performance . it also surpasses the results reported in official model cards . |
PIG: Privacy Jailbreak Attack on LLMs via Gradient-based Iterative In-Context Optimization (2025.acl-long)
Copied to clipboard
| Challenge: | Existing methods to evaluate privacy leakage in LLMs use memorized prefixes or simple instructions to extract data, which well-aligned models can easily block. |
| Approach: | They propose a framework targeting Personally Identifiable Information (PII) that uses in-context learning to build a privacy context and iteratively updates it with three gradient-based strategies to elicit target PII. |
| Outcome: | The proposed framework outperforms baseline methods and achieves state-of-the-art (SoTA) results on four white-box and two black-box LLMs. |
Combating Security and Privacy Issues in the Era of Large Language Models (2024.naacl-tutorials)
Copied to clipboard
| Challenge: | a tutorial aims to provide a summary of risks and vulnerabilities in large language models . a number of studies have focused on security, privacy and copyright aspects of LLMs . |
| Approach: | This tutorial seeks to provide a systematic summary of risks and vulnerabilities in large language models . authors will discuss security, privacy and copyright aspects of LLMs . |
| Outcome: | This tutorial aims to provide a systematic summary of risks and vulnerabilities in large language models . it will also outline emerging challenges in security, privacy and reliability of LLMs . |