Send email Copy Email Address

Privacy4FMS – Privacy Protection and Auditing

for Foundation Models

In this project, funded by the European Research Council with a Starting Grant, CISPA-Faculty Dr. Franziska Boenisch and her team want to develop new methods that prevent foundation models such as GPT or LLaMA from unintentionally disclosing private information - and at the same time create reliable auditing tools that combine technical risks with data protection standards such as the GDPR.

 

© ERC

©ERC

WHAT IS PRIVACY4FMs ABOUT?

Novel foundation models (FMs) like GPT, LLaMA, and Stable Diffusion are achieving exceptional performance across diverse tasks, generating high-quality text, images, and audio while driving industry innovations. This progress stems from a shift in the machine learning paradigm: instead of training task-specific models on curated datasets, FMs are first pretrained on vast, uncurated data to become strong general-purpose models, then adapted on smaller, domain-specific datasets for specific tasks.

However, FMs leak information from their training data. For example, recent studies reveal that they can re-create individual data points from their pretraining and adaptation datasets. This poses serious privacy risks when private data is involved. Preventing exposure requires developing methods to ensure privacy preservation throughout FMs’ lifecycle, from pretraining to deployment. To achieve this, our project will identify sources of privacy leakage, provide privacy guarantees over both pretraining and adaptation, and audit FMs to detect privacy violations. Therefore, we must overcome three major challenges: the limited understanding of privacy risks in FM pretraining, the lack of formal joint privacy guarantees for pretraining and adaptation, and the ineffectiveness of current privacy auditing methods.

Our proposed solution will establish a novel theoretical framework for privacy guarantees in FMs under the pretrain-adapt paradigm. Our fundamental innovations rely on the insight that, due to complex interdependencies between pretraining and adaptation data, different data points require individual levels of protection to prevent leakage. Advancing methods for identifying, achieving, and accounting for such individual guarantees will enable us to formally bound privacy leakage over both training stages and to detect violations. These innovations will allow society to benefit from technological advancements through FMs without compromising individuals’ privacy.

NEWS

Press Release

Protecting Against Data Leaks in Large AI Models: ERC Grant for CISPA Researcher

CISPA-Faculty Dr. Franziska Boenisch has been awarded a Starting Grant from the European Research Council (ERC), receiving about €1.5 million over the next five years for her project Privacy4FMs. In this project, she is developing new methods to better protect sensitive data in large AI models and to detect potential data leaks.