Privacy in Large Language Models: Attacks, Defenses and Future Directions

TL;DR

This paper provides a comprehensive overview of privacy risks in large language models, analyzing attacks, defenses, and future challenges to guide ongoing research in safeguarding these models.

Contribution

It categorizes privacy attacks on LLMs, reviews defense strategies, and highlights future privacy concerns as LLMs continue to evolve.

Findings

Categorized privacy attacks based on adversary capabilities

Reviewed current defense mechanisms against privacy attacks

Identified future privacy challenges with evolving LLMs

Abstract

The advancement of large language models (LLMs) has significantly enhanced the ability to effectively tackle various downstream NLP tasks and unify these tasks into generative pipelines. On the one hand, powerful language models, trained on massive textual data, have brought unparalleled accessibility and usability for both models and users. On the other hand, unrestricted access to these models can also introduce potential malicious and unintentional privacy risks. Despite ongoing efforts to address the safety and privacy concerns associated with LLMs, the problem remains unresolved. In this paper, we provide a comprehensive analysis of the current privacy attacks targeting LLMs and categorize them according to the adversary's assumed capabilities to shed light on the potential vulnerabilities present in LLMs. Then, we present a detailed overview of prominent defense strategies that have been developed to counter these privacy attacks. Beyond existing works, we identify upcoming privacy concerns as LLMs evolve. Lastly, we point out several potential avenues for future exploration.