sensitive entity
EL-MIA: Quantifying Membership Inference Risks of Sensitive Entities in LLMs
Satvaty, Ali, Verberne, Suzan, Turkmen, Fatih
Membership inference attacks (MIA) aim to infer whether a particular data point is part of the training dataset of a model. In this paper, we propose a new task in the context of LLM privacy: entity-level discovery of membership risk focused on sensitive information (PII, credit card numbers, etc). Existing methods for MIA can detect the presence of entire prompts or documents in the LLM training data, but they fail to capture risks at a finer granularity. We propose the ``EL-MIA'' framework for auditing entity-level membership risks in LLMs. We construct a benchmark dataset for the evaluation of MIA methods on this task. Using this benchmark, we conduct a systematic comparison of existing MIA techniques as well as two newly proposed methods. We provide a comprehensive analysis of the results, trying to explain the relation of the entity level MIA susceptability with the model scale, training epochs, and other surface level factors. Our findings reveal that existing MIA methods are limited when it comes to entity-level membership inference of the sensitive attributes, while this susceptibility can be outlined with relatively straightforward methods, highlighting the need for stronger adversaries to stress test the provided threat model.
CON-QA: Privacy-Preserving QA using cloud LLMs in Contract Domain
Singh, Ajeet Kumar, Surya, Rajsabi, Tripathi, Anurag, Choudhury, Santanu, Bisane, Sudhir
As enterprises increasingly integrate cloud-based large language models (LLMs) such as ChatGPT and Gemini into their legal document workflows, protecting sensitive contractual information - including Personally Identifiable Information (PII) and commercially sensitive clauses - has emerged as a critical challenge. In this work, we propose CON-QA, a hybrid privacy-preserving framework designed specifically for secure question answering over enterprise contracts, effectively combining local and cloud-hosted LLMs. The CON-QA framework operates through three stages: (i) semantic query decomposition and query-aware document chunk retrieval using a locally deployed LLM analysis, (ii) anonymization of detected sensitive entities via a structured one-to-many mapping scheme, ensuring semantic coherence while preventing cross-session entity inference attacks, and (iii) anonymized response generation by a cloud-based LLM, with accurate reconstruction of the original answer locally using a session-consistent many-to-one reverse mapping. To rigorously evaluate CON-QA, we introduce CUAD-QA, a corpus of 85k question-answer pairs generated over 510 real-world CUAD contract documents, encompassing simple, complex, and summarization-style queries. Empirical evaluations, complemented by detailed human assessments, confirm that CON-QA effectively maintains both privacy and utility, preserves answer quality, maintains fidelity to legal clause semantics, and significantly mitigates privacy risks, demonstrating its practical suitability for secure, enterprise-level contract documents.
Improving Group Fairness in Tensor Completion via Imbalance Mitigating Entity Augmentation
Ahn, Dawon, Jang, Jun-Gi, Papalexakis, Evangelos E.
Group fairness is important to consider in tensor decomposition to prevent discrimination based on social grounds such as gender or age. Although few works have studied group fairness in tensor decomposition, they suffer from performance degradation. To address this, we propose STAFF(Sparse Tensor Augmentation For Fairness) to improve group fairness by minimizing the gap in completion errors of different groups while reducing the overall tensor completion error. Our main idea is to augment a tensor with augmented entities including sufficient observed entries to mitigate imbalance and group bias in the sparse tensor. We evaluate \method on tensor completion with various datasets under conventional and deep learning-based tensor models. STAFF consistently shows the best trade-off between completion error and group fairness; at most, it yields 36% lower MSE and 59% lower MADE than the second-best baseline.
LLM Access Shield: Domain-Specific LLM Framework for Privacy Policy Compliance
Wang, Yu, Cai, Cailing, Xiao, Zhihua, Lam, Peifung E.
Large language models (LLMs), such as Microsoft's Copilot, OpenAI's GPT, and Google's Gemini, have substantially advanced a wide range of applications, including text summarization, content generation, and software development. Despite their impressive capabilities, these LLM services pose significant privacy risks. User prompts, which often contain sensitive personal or organizational information, are transmitted to third-party servers, where they may be vulnerable to data breaches, unauthorized access, or inference attacks. Recent work by Chu et al. [1] demonstrated that adversaries could exploit GPT models to extract private information through carefully crafted prompts, emphasizing the critical importance of privacy protection in LLM interactions. Various privacy-preserving techniques have been developed for LLMs, including cryptography-based and perturbation-based methods.
Unlocking the Potential of Large Language Models for Clinical Text Anonymization: A Comparative Study
Pissarra, David, Curioso, Isabel, Alveira, Joรฃo, Pereira, Duarte, Ribeiro, Bruno, Souper, Tomรกs, Gomes, Vasco, Carreiro, Andrรฉ V., Rolla, Vitor
Automated clinical text anonymization has the potential to unlock the widespread sharing of textual health data for secondary usage while assuring patient privacy and safety. Despite the proposal of many complex and theoretically successful anonymization solutions in literature, these techniques remain flawed. As such, clinical institutions are still reluctant to apply them for open access to their data. Recent advances in developing Large Language Models (LLMs) pose a promising opportunity to further the field, given their capability to perform various tasks. This paper proposes six new evaluation metrics tailored to the challenges of generative anonymization with LLMs. Moreover, we present a comparative study of LLM-based methods, testing them against two baseline techniques. Our results establish LLM-based models as a reliable alternative to common approaches, paving the way toward trustworthy anonymization of clinical text.
User-Entity Differential Privacy in Learning Natural Language Models
Lai, Phung, Phan, NhatHai, Sun, Tong, Jain, Rajiv, Dernoncourt, Franck, Gu, Jiuxiang, Barmpalios, Nikolaos
In this paper, we introduce a novel concept of user-entity differential privacy (UeDP) to provide formal privacy protection simultaneously to both sensitive entities in textual data and data owners in learning natural language models (NLMs). To preserve UeDP, we developed a novel algorithm, called UeDP-Alg, optimizing the trade-off between privacy loss and model utility with a tight sensitivity bound derived from seamlessly combining user and sensitive entity sampling processes. An extensive theoretical analysis and evaluation show that our UeDP-Alg outperforms baseline approaches in model utility under the same privacy budget consumption on several NLM tasks, using benchmark datasets.