VidLeaks: Membership Inference Attacks Against Text-to-Video Models

TL;DR

This paper introduces VidLeaks, a novel framework for membership inference attacks on text-to-video models, revealing significant privacy vulnerabilities by exploiting spatial and temporal memorization signals.

Contribution

The paper presents the first systematic study of MIAs against T2V models and proposes VidLeaks, a new method capturing sparse spatial and temporal leakage signals.

Findings

VidLeaks achieves high AUC scores, indicating strong attack effectiveness.

T2V models leak substantial membership information through spatial and temporal signals.

The framework works effectively under various black-box access settings.

Abstract

The proliferation of powerful Text-to-Video (T2V) models, trained on massive web-scale datasets, raises urgent concerns about copyright and privacy violations. Membership inference attacks (MIAs) provide a principled tool for auditing such risks, yet existing techniques - designed for static data like images or text - fail to capture the spatio-temporal complexities of video generation. In particular, they overlook the sparsity of memorization signals in keyframes and the instability introduced by stochastic temporal dynamics. In this paper, we conduct the first systematic study of MIAs against T2V models and introduce a novel framework VidLeaks, which probes sparse-temporal memorization through two complementary signals: 1) Spatial Reconstruction Fidelity (SRF), using a Top-K similarity to amplify spatial memorization signals from sparsely memorized keyframes, and 2) Temporal Generative Stability (TGS), which measures semantic consistency across multiple queries to capture temporal leakage. We evaluate VidLeaks under three progressively restrictive black-box settings - supervised, reference-based, and query-only. Experiments on three representative T2V models reveal severe vulnerabilities: VidLeaks achieves AUC of 82.92% on AnimateDiff and 97.01% on InstructVideo even in the strict query-only setting, posing a realistic and exploitable privacy risk. Our work provides the first concrete evidence that T2V models leak substantial membership information through both sparse and temporal memorization, establishing a foundation for auditing video generation systems and motivating the development of new defenses. Code is available at: https://zenodo.org/records/17972831.