Model Inversion Attacks on Llama 3: Extracting PII from Large Language Models

TL;DR

This paper demonstrates that Llama 3.2, a large language model, is vulnerable to model inversion attacks that can extract sensitive personal information, emphasizing the need for improved privacy protections.

Contribution

It provides the first detailed analysis of model inversion attacks on Llama 3.2, revealing privacy risks and proposing potential mitigation strategies.

Findings

PII such as passwords and emails can be extracted from Llama 3.2

Even smaller LLMs are vulnerable to privacy attacks

Differential privacy and data sanitization can help mitigate risks

Abstract

Large language models (LLMs) have transformed natural language processing, but their ability to memorize training data poses significant privacy risks. This paper investigates model inversion attacks on the Llama 3.2 model, a multilingual LLM developed by Meta. By querying the model with carefully crafted prompts, we demonstrate the extraction of personally identifiable information (PII) such as passwords, email addresses, and account numbers. Our findings highlight the vulnerability of even smaller LLMs to privacy attacks and underscore the need for robust defenses. We discuss potential mitigation strategies, including differential privacy and data sanitization, and call for further research into privacy-preserving machine learning techniques.