Probing Privacy Leaks in LLM-based Code Generation via Test Generation

TL;DR

This paper presents a new test-driven pipeline for detecting privacy leaks in large language models used for code generation, significantly improving detection over existing methods.

Contribution

It introduces an automated, realistic test case generation approach that better simulates real-world privacy leakage scenarios in LLMs for code.

Findings

Detected 2.56 times more privacy leaks than baseline methods.

Applied the pipeline to 5 widely used LLMs with large-scale experiments.

Developed an automatic privacy feature library to replace manual prompt engineering.

Abstract

The widespread availability of large-scale code datasets has fueled the rapid development of large language models (LLMs) for code-related tasks. These datasets may include sensitive personally identifiable information (PII), which can lead to privacy leakage when LLMs memorize and reproduce it. However, existing privacy-leakage detection methods rely on ad-hoc prompt construction (manually or automatically designed). Therefore, they do not adequately approximate the real-world contexts in which PII appears in code corpora, making it difficult to extract realistic privacy leakage. In this paper, we propose a pipeline that simulates practical privacy-related code generation scenarios and adopts a test-driven strategy to elicit the memorized information from the generated test cases. We further introduce an automatically constructed privacy feature library that replaces manual prompt engineering by providing realistic templates and examples to guide test case generation. Large-scale experiments on 5 widely used LLMs show that our pipeline exposes more confirmed privacy leakage, achieving a 2.56 times increase in detected leakage compared to existing baselines.