©ERC
WHAT IS PRIVACY4FMs ABOUT?
Novel foundation models (FMs) like GPT, LLaMA, and Stable Diffusion are achieving exceptional performance across diverse tasks, generating high-quality text, images, and audio while driving industry innovations. This progress stems from a shift in the machine learning paradigm: instead of training task-specific models on curated datasets, FMs are first pretrained on vast, uncurated data to become strong general-purpose models, then adapted on smaller, domain-specific datasets for specific tasks.
However, FMs leak information from their training data. For example, recent studies reveal that they can re-create individual data points from their pretraining and adaptation datasets. This poses serious privacy risks when private data is involved. Preventing exposure requires developing methods to ensure privacy preservation throughout FMs’ lifecycle, from pretraining to deployment. To achieve this, our project will identify sources of privacy leakage, provide privacy guarantees over both pretraining and adaptation, and audit FMs to detect privacy violations. Therefore, we must overcome three major challenges: the limited understanding of privacy risks in FM pretraining, the lack of formal joint privacy guarantees for pretraining and adaptation, and the ineffectiveness of current privacy auditing methods.
Our proposed solution will establish a novel theoretical framework for privacy guarantees in FMs under the pretrain-adapt paradigm. Our fundamental innovations rely on the insight that, due to complex interdependencies between pretraining and adaptation data, different data points require individual levels of protection to prevent leakage. Advancing methods for identifying, achieving, and accounting for such individual guarantees will enable us to formally bound privacy leakage over both training stages and to detect violations. These innovations will allow society to benefit from technological advancements through FMs without compromising individuals’ privacy.
